dslreports logo
    All Forums Hot Topics Gallery
spc
uniqs
4548

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

Problem with redirects

Hello,

About 4 weeks ago my computer became infected with something telling my hard drive failed and several pop-ups saying disk error, etc. would come up every few minutes. I managed to clean that up with AntiMalwarebytes.

I am now having a problem with IE and firefox loading slowing and the browsers redirect when clicking links on searches and webpages.

I have followed the mandatory steps for posting and am including the logs. The only one I am not including is the MBAM log as nothing was found.

Any help that could be provided would be greatly appreciated.

Thank you,

Steve

LOGS:

OTL:

OTL logfile created on: 11/10/2012 8:42:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 64.41% Memory free
8.10 Gb Paging File | 6.58 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 245.58 Gb Free Space | 54.49% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.79 Gb Free Space | 51.94% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/10 20:41:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\otl.exe
PRC - [2012/10/23 05:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/23 05:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2010/10/29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/07/21 16:07:46 | 000,497,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 21:01:14 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/04 17:55:38 | 000,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/04/11 13:52:30 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/05/11 02:34:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 02:32:52 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 02:32:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/04 17:55:38 | 000,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2012/10/23 05:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/11 15:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV:64bit: - [2010/04/29 12:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/03/24 08:47:48 | 000,161,448 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 07:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/12 06:15:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 19:09:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 10:58:46 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/05/21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/10/23 05:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/23 05:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/23 05:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/23 05:18:31 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/10/23 05:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/23 05:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 10:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010/04/28 10:49:50 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/10 16:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2009/05/25 05:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/20 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/02/23 04:47:04 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/10 14:01:06 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2008/07/21 06:18:30 | 000,026,624 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2008/07/15 07:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2009/06/10 16:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=DLCDF7&PC=MDDC&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/22 08:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/30 18:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/03 13:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/22 08:06:35 | 000,000,000 | ---D | M]

[2012/11/03 13:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/11/03 13:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFE8D77B-75C9-4F82-9750-78E503788F5F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_black.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b4ecea9c-d36b-11e1-8fd2-0021705da4bb}\Shell - "" = AutoRun
O33 - MountPoints2\{b4ecea9c-d36b-11e1-8fd2-0021705da4bb}\Shell\AutoRun\command - "" = F:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/10 20:41:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\otl.exe
[2012/11/10 20:28:38 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2012/11/04 19:57:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/11/03 13:43:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Mozilla
[2012/11/03 13:43:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Mozilla
[2012/11/03 13:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/03 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/03 13:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/30 19:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/30 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/30 19:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/10/30 17:49:23 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 17:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/30 17:49:22 | 000,364,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 17:49:05 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/10/30 17:49:04 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 17:49:03 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 17:49:00 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 17:48:59 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/30 17:47:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:47:58 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/30 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/30 16:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/30 16:06:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/21 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2012/10/21 17:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/21 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/19 06:56:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\McAfee

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/10 20:43:05 | 000,707,520 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/10 20:43:05 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/10 20:43:05 | 000,105,046 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/10 20:41:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\otl.exe
[2012/11/10 20:40:28 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2012/11/10 20:36:10 | 000,002,497 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2012/11/10 20:36:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 20:36:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 20:36:03 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/11/10 20:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/10 20:35:57 | 4258,455,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/10 20:28:04 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2012/11/03 13:43:35 | 000,000,914 | ---- | M] () -- C:\Users\Steve\Desktop\Mozilla Firefox.lnk
[2012/11/03 13:43:35 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/31 18:54:42 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/31 18:54:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/31 18:49:49 | 000,002,341 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/10/30 19:56:19 | 000,007,728 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2012/10/30 19:16:06 | 000,001,123 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/30 19:16:06 | 000,001,099 | ---- | M] () -- C:\Users\Steve\Desktop\Spybot - Search & Destroy.lnk
[2012/10/30 18:03:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/30 17:49:23 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/30 17:40:14 | 000,736,033 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2012/10/30 17:39:37 | 000,161,595 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2012/10/30 17:32:19 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2012/10/30 16:06:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 05:18:31 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/23 05:18:31 | 000,364,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/23 05:18:31 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/23 05:18:31 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/10/23 05:18:30 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/23 05:18:30 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/23 05:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/23 05:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/23 05:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/21 15:46:37 | 000,000,368 | -H-- | M] () -- C:\ProgramData\ZQJa3wHRBzOJpL
[2012/10/21 15:41:32 | 000,000,144 | -H-- | M] () -- C:\ProgramData\-ZQJa3wHRBzOJpLr
[2012/10/21 15:41:32 | 000,000,120 | -H-- | M] () -- C:\ProgramData\-ZQJa3wHRBzOJpL

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/10 20:12:27 | 4258,455,552 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/03 13:43:35 | 000,000,914 | ---- | C] () -- C:\Users\Steve\Desktop\Mozilla Firefox.lnk
[2012/11/03 13:43:35 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/03 13:43:35 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/30 19:16:06 | 000,001,123 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/30 19:16:06 | 000,001,099 | ---- | C] () -- C:\Users\Steve\Desktop\Spybot - Search & Destroy.lnk
[2012/10/30 17:49:23 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/30 17:48:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/30 17:40:14 | 000,736,033 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2012/10/30 17:39:37 | 000,161,595 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2012/10/30 17:32:19 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2012/10/30 16:06:48 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/21 15:41:32 | 000,000,144 | -H-- | C] () -- C:\ProgramData\-ZQJa3wHRBzOJpLr
[2012/10/21 15:41:32 | 000,000,120 | -H-- | C] () -- C:\ProgramData\-ZQJa3wHRBzOJpL
[2012/10/21 15:41:15 | 000,000,368 | -H-- | C] () -- C:\ProgramData\ZQJa3wHRBzOJpL
[2012/07/21 15:57:08 | 000,064,000 | ---- | C] () -- C:\Windows\unleap.exe
[2011/04/13 19:50:05 | 000,000,378 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat
[2010/08/03 19:24:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/25 19:39:50 | 000,020,992 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 20:14:59 | 000,007,728 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/10/21 19:26:43 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$92a7947ee725bfec0f086ef3d83e9601\@
[2012/10/21 19:26:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$92a7947ee725bfec0f086ef3d83e9601\L
[2012/10/30 17:17:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$92a7947ee725bfec0f086ef3d83e9601\U
[2012/10/22 07:10:08 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$92a7947ee725bfec0f086ef3d83e9601\L\00000004.@
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2010/01/18 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Doblon
[2010/01/01 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
[2012/10/22 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IrfanView
[2010/12/05 09:21:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyPublisher
[2010/04/29 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Pantone
[2009/10/17 06:44:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Research In Motion
[2011/04/13 19:50:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Template

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\Steve\Documents\Slideshow.dmsm:Roxio EMC Stream
sirchief

sirchief

Premium Member

More Logs:

EXTRAS:

OTL Extras logfile created on: 11/10/2012 8:42:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 64.41% Memory free
8.10 Gb Paging File | 6.58 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 245.58 Gb Free Space | 54.49% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.79 Gb Free Space | 51.94% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 11 8D 18 51 CA 87 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C32BC7-18FC-4F0B-95DB-8743C5A18CBF}" = rport=139 | protocol=6 | dir=out | app=system |
"{157ED84B-BCEB-45DD-935B-23A4D5AA70A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AB76DDD-B3B1-45E1-98B0-BAC977E4474B}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{2B3E8DA0-CAAD-42AA-9F0C-4234E4366CF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E00630D-7374-41E1-9709-E3DAD975929A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{31461DFD-21BA-413E-B946-D346DCEE5E93}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{46D3A353-02DE-43E6-B232-217FDF920FD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5313E91E-6231-4E7F-8DDB-76BD6E8A0AAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{56E3AFFA-9250-4019-ABC4-86C1EA9A8C2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5908A115-B077-416D-88D5-CB3B5E3BC384}" = lport=2869 | protocol=6 | dir=in | app=system |
"{627BF85E-9E66-414B-809D-60AA19106A45}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{772FF94D-F948-49CA-A225-21F73F11F438}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{80B2BF60-16AF-4804-B6EB-DF8BDF5D5108}" = rport=138 | protocol=17 | dir=out | app=system |
"{95C2B92B-6F16-4283-8D01-AADD24603563}" = rport=137 | protocol=17 | dir=out | app=system |
"{B92B3C94-0702-4377-9ACE-72E5C791CAC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{BAF4A8E2-4BC0-4970-8543-B6F88C91A5B5}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{BE8F24FD-083B-43AE-BEE0-B28F7BB0C9E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4199CD8-21CD-48B6-8C88-C1F6F274812E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD6B3E69-447F-4239-A09E-BFC794174A73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3B11C26-7579-4711-B6C2-C9C8EE041704}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC6CB4CA-A5F1-4C32-A187-986AECE839B3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E9D31572-0F27-428E-A86D-AE99EF62C95E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F27BE4D5-A368-42A6-8697-72485A5A8093}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F5D14D63-3B8D-49BF-BB22-A3394F37E1ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E31119-1E88-4D20-A131-576DBE62E973}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{02A7CE99-6F44-4412-A918-FA1F56C69715}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{0A9EBD33-0848-4FA2-85C1-F6AA3B5B1AAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{164346F7-DA72-47C8-8A7B-184873645E2C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1F943C65-6D86-4C8C-8F7C-7FB780D0C4F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{20A57887-6542-40B7-9D24-93D4F8158819}" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"{2323E304-0FBF-49E7-87CB-2B917041220F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{251F1E70-9DF1-4BFC-A4B5-666E49294464}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{258C14DF-04D6-4EFD-9A30-80141F62C702}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{2A7DE0E8-CF00-444F-A450-5B035A1ED3B7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{322CDCF6-FCCB-4E23-808E-7862B5098D5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{33E88FAA-6F1B-481D-8D4B-BF75E78F994E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34E21271-9622-4917-89B1-6498E3A7DB29}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{3AF70531-EF63-4082-A207-E6C329D536DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3E3C6ABB-41C0-4965-96B4-4179DBDDD30E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4C4FF86B-15EA-404C-94AC-81877B00FD54}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{5009D325-4A55-4FD4-A407-799132A2EDEA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{50295DF2-17C1-49D7-9155-7220CBF5FD8D}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{5107F5F0-148D-41C7-8701-92F193E7B190}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{522D2052-244A-434B-BFDD-FC96004C7FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{62CF9E9A-2F9A-4CDD-9700-BD8304F5A6D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{669D4AB1-D9BA-4DB5-97FB-9B1F293C6439}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{74EFE35B-029F-481F-A87B-FE6D8B073331}" = protocol=17 | dir=in | app=c:\users\steve\appdata\local\temp\7zs5dd8.tmp\easyinst64.exe |
"{89FA366A-276E-4EB2-9A44-B7F4359F7E2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8EFB3095-3D4D-4E6D-A2B5-950608448687}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9150B0F2-1530-49FF-B9BA-CE2851E30929}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{958AD924-6348-4545-8104-6C18D6A0B67E}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{96990188-4BC2-45A0-868B-51036521C95E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{9E094719-DD80-419C-A229-842C825188FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A522A276-7CD6-4A54-9B86-957871F2B086}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AD2104E7-88DD-4D8A-9E61-E3A1AB7EB57B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE018A5C-025A-4140-B2FC-2AFB851FAE48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{2012d762-5dca-455a-b5fe-edf79bc93e18}\setup\hpznui40.exe |
"{BC28E47A-3734-4B26-AEE0-A89442E300DE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C23560D2-38AC-491C-AF09-A06C1123EE0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C416EC0D-4B67-4221-A136-6EE3EF17505B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{C6271043-A254-41E8-8835-38E623861F0A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C82A344A-496F-4293-BA3A-AC205725EF4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{D13FB354-7A6A-4982-B4BC-2A09D44ADC30}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{D3657FDC-2420-4D30-BF73-7E7B3BC9D74B}" = protocol=6 | dir=in | app=c:\users\steve\appdata\local\temp\7zs5dd8.tmp\easyinst64.exe |
"{E939B72A-4185-4EC7-8864-BAD1567782A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EBBBCC74-FC43-4909-86C2-5430A9ACF3DB}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{EC4C76A6-D746-4363-8CB2-561EFF515CFB}" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"{F319131C-925F-4331-9387-99D3229ED067}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{F3C76EE3-CEC5-4385-AA75-FDD6CC00753B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FBD0860C-06CB-44F7-B3B8-DEF92F649CD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"TCP Query User{03769DE1-E0B0-4338-9F8A-8EC579F6BD20}C:\program files (x86)\leapftp\leapftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leapftp\leapftp.exe |
"TCP Query User{29FC28DF-C09F-4213-B825-EC28067928CC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{296E3E20-9B82-406D-929F-3726FCBDB52E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7BEDADAF-598D-411B-B7F5-96D0F2E96872}C:\program files (x86)\leapftp\leapftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leapftp\leapftp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{0DAD4F5C-AE4F-4FE4-AFCA-2C1C557E7BCF}" = HP Unified IO
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E65099C4-9110-4C31-BD03-5C17EFB5FE92}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}" = HP ePrint
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4F844B00-B138-4E42-89D1-037AD19D8830}_is1" = SMC Karaoke Manager
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{628EE6C0-EA3F-4F36-B465-8F9D998B3E5C}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8830 smartphone
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850B123B-4237-4E62-A96F-D6FD4DDFCCFA}" = BlackBerry Desktop Software 5.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E97ABDC-69CF-4F5C-A721-5B1C685782C3}" = HP Unified IO
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F012B439-D7B3-41D6-9902-8650E2191F4A}" = E210
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"avast" = avast! Free Antivirus
"BlackBerry_{850B123B-4237-4E62-A96F-D6FD4DDFCCFA}" = BlackBerry Desktop Software 5.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 1.99.1
"huey_is1" = hueyPRO 1.5.1
"IrfanView" = IrfanView (remove only)
"LeapFTP" = LeapFTP
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/29/2012 6:03:56 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1419

Error - 10/29/2012 6:04:00 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2012 6:04:00 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6411

Error - 10/29/2012 6:04:00 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6411

Error - 10/29/2012 6:04:01 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2012 6:04:01 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7410

Error - 10/29/2012 6:04:01 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7410

Error - 10/29/2012 6:04:07 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2012 6:04:07 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12495

Error - 10/29/2012 6:04:07 PM | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12495

[ System Events ]
Error - 11/10/2012 9:21:31 PM | Computer Name = Steve-PC | Source = netbt | ID = 4321
Description = The name "STEVEINSPIRON :0" could not be registered on the interface
with IP address 192.168.1.65. The computer with the IP address 192.168.1.81 did
not allow the name to be claimed by this computer.

Error - 11/10/2012 9:24:07 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/10/2012 9:29:20 PM | Computer Name = Steve-PC | Source = netbt | ID = 4321
Description = The name "DELL6000 :0" could not be registered on the interface
with IP address 192.168.1.65. The computer with the IP address 192.168.1.68 did
not allow the name to be claimed by this computer.

Error - 11/10/2012 9:30:53 PM | Computer Name = Steve-PC | Source = netbt | ID = 4321
Description = The name "STEVEINSPIRON :0" could not be registered on the interface
with IP address 192.168.1.65. The computer with the IP address 192.168.1.81 did
not allow the name to be claimed by this computer.

Error - 11/10/2012 9:31:49 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/10/2012 9:33:44 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/10/2012 9:37:53 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/10/2012 9:37:53 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/10/2012 9:41:56 PM | Computer Name = Steve-PC | Source = netbt | ID = 4321
Description = The name "DELL6000 :0" could not be registered on the interface
with IP address 192.168.1.65. The computer with the IP address 192.168.1.68 did
not allow the name to be claimed by this computer.

Error - 11/10/2012 9:43:33 PM | Computer Name = Steve-PC | Source = netbt | ID = 4321
Description = The name "STEVEINSPIRON :0" could not be registered on the interface
with IP address 192.168.1.65. The computer with the IP address 192.168.1.81 did
not allow the name to be claimed by this computer.

317:

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
[color=red]Out of date HijackThis installed![/color]
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 1.99.1
Java(TM) 6 Update 24
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.4.402.287
Adobe Reader 9 [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox (16.0.2)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
AVAST Software Avast AvastUI.exe
AVAST Software Avast AvastSvc.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0 %
[u]````````````````````End of Log``````````````````````[/u]

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99ca9c6643fd8d4cb07f5d3334cd8066
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-11 03:45:11
# local_time=2012-11-10 10:45:11 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 56 0 189199203 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=218523
# found=0
# cleaned=0
# scan_time=5014

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to sirchief

MVM

to sirchief
First:
Please post the MBAM log as well...

Second:
Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

Hello, Thank you for the reply.

Here is the MBAM log. I couldn't get TDSSKILLER to run even after renaming the file to a different name with a .com extension, per the instructions.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.11.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

11/11/2012 9:46:05 AM
mbam-log-2012-11-11 (09-46-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404610
Time elapsed: 1 hour(s), 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to sirchief

MVM

to sirchief
Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

ComboFix log, thank you:

ComboFix 12-11-10.03 - Steve 11/11/2012 20:16:46.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2613 [GMT -5:00]
Running from: c:\users\Steve\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ZQJa3wHRBzOJpL
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 01:51 . 2012-11-12 01:51 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-11-12 01:51 . 2012-11-12 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 14:18 . 2012-11-11 21:42 -------- d-----r- c:\users\Steve\Dropbox
2012-11-11 14:14 . 2012-11-11 14:14 -------- d-----w- c:\program files (x86)\Dropbox
2012-11-11 14:13 . 2012-11-11 21:43 -------- d-----w- c:\users\Steve\AppData\Roaming\Dropbox
2012-11-11 02:18 . 2012-11-11 02:18 -------- d-----w- c:\program files (x86)\ESET
2012-11-05 00:57 . 2012-11-05 00:57 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-11-03 18:43 . 2012-11-03 18:43 -------- d-----w- c:\users\Steve\AppData\Local\Mozilla
2012-11-03 18:43 . 2012-11-03 18:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-31 00:16 . 2012-10-31 08:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-31 00:16 . 2012-10-31 00:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-30 22:49 . 2012-10-23 10:18 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:49 . 2012-10-23 10:18 364096 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:49 . 2012-10-23 10:18 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:49 . 2012-10-23 10:18 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:49 . 2012-10-23 10:18 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:49 . 2012-10-23 10:18 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:48 . 2012-10-23 10:17 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 22:47 . 2012-10-23 10:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:47 . 2012-10-23 10:17 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:47 . 2012-10-30 22:47 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:47 . 2012-10-30 22:47 -------- d-----w- c:\program files\AVAST Software
2012-10-30 21:06 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 06:10 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62D910DF-57E3-4F17-9B87-C6B1D7BECF00}\mpengine.dll
2012-10-21 22:20 . 2012-10-21 22:20 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-10-21 22:20 . 2012-10-21 22:20 -------- d-----w- c:\programdata\Malwarebytes
2012-10-21 22:20 . 2012-10-30 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-19 11:56 . 2012-10-19 11:56 -------- d--h--w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 23:54 . 2012-04-08 18:56 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-31 23:54 . 2011-05-21 11:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 08:28 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-09-13 13:45 . 2012-10-10 03:56 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 03:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-29 11:40 . 2012-10-10 03:55 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:07 . 2012-10-10 03:56 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:53 . 2012-10-10 03:56 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-21 17:01 . 2012-09-16 14:26 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2009-09-29 00:53 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2009-09-29 00:53 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-14 623888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-04 548864]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
Dropbox.lnk - c:\users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-5 26619512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-9-22 53248]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-13 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
hueyPROTray.lnk - c:\program files (x86)\Pantone\hueyPRO\hueyPROTray.exe [2010-4-29 1081344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2009-09-22 11:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\oyw7jngb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2012-10-22 09:06; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2012-10-22 09:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-10-30 19:03; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2012-10-22 09:06; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run- - (no file)
HKLM-Run-Skytel - Skytel.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-11 21:13:45
ComboFix-quarantined-files.txt 2012-11-12 02:13
.
Pre-Run: 257,754,193,920 bytes free
Post-Run: 257,653,407,744 bytes free
.
- - End Of File - - 1D61A4C7BDA95D579AC40AD88DD762A3

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to sirchief

MVM

to sirchief
First:
Are you still being redirected on search links?

Second:
Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


C:\Windows\unleap.exe


Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

1 edit

sirchief

Premium Member

Hello,

Thank you for the continued support. The computer doesn't seem to be redirecting any longer, however, after clicking a link to go to it seems to take a little longer than normal to connect.

I scanned the file you asked to scan. The URL is here:

»www.virustotal.com/file/ ··· nalysis/

If I didn't do that properly, please let me know.

Thank you again,

Steve

EDIT: YES, the computer is still redirecting.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to sirchief

MVM

to sirchief
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member


Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 11/13/2012 at 17:05:24 PM
User "Steve" on computer "STEVE-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\JusticeSystem;en=OrangeNewHavenConnecticut;at=JusticeSystem;at=CrimeLawandJustice;at=Lawyers;at=Judges;at=OrangeNewHavenConnecticut;u=sz%7C728x90!;ord=67631944[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\=728x90;tile=1;ca=MedicalResearch;en=Stress;at=MedicalResearch;at=HealthandSafetyatSchool;at=Family;at=Stress;at=BehavioralConditions;u=sz_728x90!;ord=60304306[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\80%5ED70010%5ED70024%5ED70094%5ED70112%5ED70116%5ED70195%5ED70513%5ED70675%5ED70758%5ED72008%5ED70688%5ED71585%5ED71622%5ED71628%5ED72297%5ED72665;ord=63825988[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Info: Starting disk scan of D: (NTFS).
Stopped logging on 11/13/2012 at 18:09:02 PM

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 11/13/2012 at 18:18:52 PM
User "Steve" on computer "STEVE-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\JusticeSystem;en=OrangeNewHavenConnecticut;at=JusticeSystem;at=CrimeLawandJustice;at=Lawyers;at=Judges;at=OrangeNewHavenConnecticut;u=sz%7C728x90!;ord=67631944[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\=728x90;tile=1;ca=MedicalResearch;en=Stress;at=MedicalResearch;at=HealthandSafetyatSchool;at=Family;at=Stress;at=BehavioralConditions;u=sz_728x90!;ord=60304306[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\errorPageStrings[1]
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\80%5ED70010%5ED70024%5ED70094%5ED70112%5ED70116%5ED70195%5ED70513%5ED70675%5ED70758%5ED72008%5ED70688%5ED71585%5ED71622%5ED71628%5ED72297%5ED72665;ord=63825988[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\ErrorPageTemplate[1]
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\errorPageStrings[2]
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\httpErrorPagesScripts[1]
Info: Starting disk scan of D: (NTFS).
Stopped logging on 11/13/2012 at 19:22:58 PM

I couldn't select the "Running processes" at the beginning of the scan as it was greyed out.

Thank you again.
sirchief

sirchief

Premium Member

Another log after another scan:

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 11/13/2012 at 17:05:24 PM
User "Steve" on computer "STEVE-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\JusticeSystem;en=OrangeNewHavenConnecticut;at=JusticeSystem;at=CrimeLawandJustice;at=Lawyers;at=Judges;at=OrangeNewHavenConnecticut;u=sz%7C728x90!;ord=67631944[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\=728x90;tile=1;ca=MedicalResearch;en=Stress;at=MedicalResearch;at=HealthandSafetyatSchool;at=Family;at=Stress;at=BehavioralConditions;u=sz_728x90!;ord=60304306[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\80%5ED70010%5ED70024%5ED70094%5ED70112%5ED70116%5ED70195%5ED70513%5ED70675%5ED70758%5ED72008%5ED70688%5ED71585%5ED71622%5ED71628%5ED72297%5ED72665;ord=63825988[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Info: Starting disk scan of D: (NTFS).
Stopped logging on 11/13/2012 at 18:09:02 PM

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 11/13/2012 at 18:18:52 PM
User "Steve" on computer "STEVE-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\JusticeSystem;en=OrangeNewHavenConnecticut;at=JusticeSystem;at=CrimeLawandJustice;at=Lawyers;at=Judges;at=OrangeNewHavenConnecticut;u=sz%7C728x90!;ord=67631944[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\=728x90;tile=1;ca=MedicalResearch;en=Stress;at=MedicalResearch;at=HealthandSafetyatSchool;at=Family;at=Stress;at=BehavioralConditions;u=sz_728x90!;ord=60304306[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\errorPageStrings[1]
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\80%5ED70010%5ED70024%5ED70094%5ED70112%5ED70116%5ED70195%5ED70513%5ED70675%5ED70758%5ED72008%5ED70688%5ED71585%5ED71622%5ED71628%5ED72297%5ED72665;ord=63825988[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=43689542;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=18514894;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\der=coed;age=14u;skill=other;siteid=3061940;org=littleleaguebaseballandsoftball;fldr=cromwelllittleleague;stemp=rugbymatch;scat=league;stype=plus;ord=57183217;[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\ErrorPageTemplate[1]
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\errorPageStrings[2]
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\httpErrorPagesScripts[1]
Info: Starting disk scan of D: (NTFS).
Stopped logging on 11/13/2012 at 19:22:58 PM

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 11/13/2012 at 20:56:48 PM
User "Steve" on computer "STEVE-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\aturette%252F%253Futm_source%253Dad_114403_23951_23951%2526utm_medium%253Dcpc%2526utm_campaign%253DAONdlUS_567665_279361%2526req%253D50a2f59e3b86101eb4c66e8b.1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\aturette%252F%253Futm_source%253Dad_114403_23951_23951%2526utm_medium%253Dcpc%2526utm_campaign%253DAONdlUS_567665_279361%2526req%253D50a2f59e3b86101eb4c66e8b.1[1].js
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\O3APR9U8.txt
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\ADTECH;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=7261ee7b78b34f69bad309fb84260781;rdclick=;kvuniqimp=7261ee7b78b34f69bad309fb84260781;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5O0656Y\ADTECH;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=47dcdc56353b4f98bcafcd9bc1720420;rdclick=;kvuniqimp=47dcdc56353b4f98bcafcd9bc1720420;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\ADTECH;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=1b28e40c59aa4438b50086263b459f62;rdclick=;kvuniqimp=1b28e40c59aa4438b50086263b459f62;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\ADTECH;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=00b2188448bf44ef8737968d016340f7;rdclick=;kvuniqimp=00b2188448bf44ef8737968d016340f7;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\dref=http%253A%252F%252Fwww.chinaontv.com%252Fcityfocus_videoplayer.php%253Fvid%253D6422%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\AAAAQAAAAAAVVNEAKAAWAJSXAAAAAAAAgIAAQUAAIQABBLXnwAAAAA.%2526vpid%253D252%2526referrer%253Dhttp%25253A%25252F%25252Fwww.chinaontv.com%25252Fads%25252Far_160_600[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\alm%2526beacon%253D1%2526guid%253D1352857681248b4a3a328b64d%2526ref%253Dhttp%25253A%25252F%25252Fapr.lijit.com%25252F%25252F%25252Fwww%25252Fdelivery%25252Ffpi[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5O0656Y\alm%2526beacon%253D1%2526guid%253D1352857681232b4e1412c8a82%2526ref%253Dhttp%25253A%25252F%25252Fapr.lijit.com%25252F%25252F%25252Fwww%25252Fdelivery%25252Ffpi[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\dref=http%253A%252F%252Fwww.chinaontv.com%252Fcityfocus_videoplayer.php%253Fvid%253D6422%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[2].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\dref=http%253A%252F%252Fwww.chinaflix.com%252Fvideoplayer_cuisine.php%253Fpid%253D4884%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\dref=http%253A%252F%252Fwww.chinaflix.com%252Fvideoplayer_cuisine.php%253Fpid%253D4884%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[2].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\QUAAIQADhPnAAAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fmenshealthbase.com%25252Fwp-content%25252Fthemes%25252Fmenshealthbase%25252Fffiad[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\tm_source%253D65687978%2526utm_medium%253Dcpc%2526utm_campaign%253D65687978_574778_277603_%257B113643%257D_142300_none%2526click%253D50a2fab22ab6101eb4cdd2d1.1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1AA653\dref=http%253A%252F%252Fwww.chinaflix.com%252Fvideoplayer_cuisine.php%253Fpid%253D4884%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\d_wAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fmenshealthbase.com%25252Fwp-content%25252Fthemes%25252Fmenshealthbase%25252Flib%25252Fffiad[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\878QGNFY\QUAAIQADhJKlQAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fmenshealthbase.com%25252Fwp-content%25252Fthemes%25252Fmenshealthbase%25252Fffiad[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\gCWgAkSAAAAAAAAgIAAQUAAIQAWhLboQAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fapr.lijit.com%25252F%25252F%25252Fwww%25252Fdelivery%25252Ffpi[1].js
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\N715JPFT.txt
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\like[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLGWZX96\![1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5O0656Y\like[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5O0656Y\like[2].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\like[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\like[2].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\like[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\like[2].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\like[3].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\like[2].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\de[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MPQHGZE\like[4].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\fpi[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\beacon[2].htm
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\5ZTIQM4U.txt
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5O0656Y\ddc[1].htm
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\8BZJ86H9.txt
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\![1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\ddc[1].htm
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\DY97OW69.txt
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\37ARWVRO.txt
Hidden: file C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\HMAV4BQ8.txt
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\likebox[1].htm
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\52854036;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=cb904f4a67da471c9fb79f99a0fddbe1;rdclick=;kvuniqimp=cb904f4a67da471c9fb79f99a0fddbe1;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\52854037;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=f60f92a8917c48f18fb86c55de53c4c2;rdclick=;kvuniqimp=f60f92a8917c48f18fb86c55de53c4c2;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\ADTECH;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=6295390025f04972b7e9566399426f9e;rdclick=;kvuniqimp=6295390025f04972b7e9566399426f9e;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\ADTECH;loc=100;cookie=info;target=_blank;key=;grp=[group];misc=d2a8c5aeff2d4b9fbed9aef55f51f8a5;rdclick=;kvuniqimp=d2a8c5aeff2d4b9fbed9aef55f51f8a5;kvafseq=1[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\dref=http%253A%252F%252Fwww.chinaflix.com%252Fvideoplayer_cuisine.php%253Fpid%253D4884%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\dref=http%253A%252F%252Fwww.chinaflix.com%252Fvideoplayer_cuisine.php%253Fpid%253D4884%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWB55JST\krwAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fmenshealthbase.com%25252Fwp-content%25252Fthemes%25252Fmenshealthbase%25252Flib%25252Fffiad[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2X4NI84\IMQAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fmenshealthbase.com%25252Fwp-content%25252Fthemes%25252Fmenshealthbase%25252Flib%25252Fffiad[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\ttp%25253A%25252F%25252Fwww.filmannex.com%25252Fchannels%2526width%253D300%2526height%253D250%2526informer%253D7395367%2526uri%253Dhttp%253A%252F%252Fwww.lijit[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LW3CKR9\_kQAAAAA.%2526vpid%253D45%2526referrer%253Dhttp%25253A%25252F%25252Fmenshealthbase.com%25252Fwp-content%25252Fthemes%25252Fmenshealthbase%25252Flib%25252Fffiad[1].js
Hidden: file C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5O0656Y\dref=http%253A%252F%252Fwww.chinaontv.com%252Fcityfocus_videoplayer.php%253Fvid%253D6422%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[1].js
Info: Starting disk scan of D: (NTFS).
Stopped logging on 11/13/2012 at 22:09:24 PM

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to sirchief

MVM

to sirchief
Strange, the logs are negative. It is possible the redirects are coming from installed software/addons. I'll get to that later. Right now I want to scan one more time for rootkits with a new program from the makers of MalwareBytes


First:

Please download and run MalwareByhtes AntiRootKit program.

You'll find it here:
»www.malwarebytes.org/pro ··· ts/mbar/

There is a tutorial on using MBAR here:
»www.bleepingcomputer.com ··· rootkit/

Second:
Run TFC again. (This is the tmep file cleaner listed in the Mandatory Steps. There will be no log for this.

Third:
Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

Thanks again for the reply. I will get to this tonight when I am home, at the computer in question. I agree that the redirects/browsing slowness is coming from somewhere. I noticed in IE9 when I download a file I get a yellow bar on the bottom of the screen asking what I want to do with the file.

I should also mention that the computer takes an awful long time to be useable after a reboot.

One other thing, I tried to do a windows update to see if maybe there was an update to IE that was causing some of my problems. I can not do windows updates. I get to where I can scan for updates and error comes up telling me to try again. Error code 80070005 is the error I get.

I've also tried Firefox and that produces the same symptoms as IE.

Thank you again,

Steve
sirchief

sirchief to LoPhatPhuud

Premium Member

to LoPhatPhuud
MBAR has been running for approximately 1 hour and seems to be stuck scanning "forged physical sector"

It's not saying "not responding", it just doesn't seem to be scanning. I will let it run.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud

MVM

If it gets over 2 hours, go ahead and abort.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

Did you need the MBAR log? It's rather larger, around 5MB.

Here is the OTL Log:

OTL logfile created on: 11/15/2012 5:26:23 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.29% Memory free
8.10 Gb Paging File | 6.65 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 233.42 Gb Free Space | 51.79% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.79 Gb Free Space | 51.94% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/10 20:41:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\otl.exe
PRC - [2012/11/05 18:14:44 | 026,619,512 | ---- | M] (Dropbox, Inc.) -- C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2009/07/21 16:07:46 | 000,497,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 21:01:14 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/04 17:55:38 | 000,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/04/11 13:52:30 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/05/11 02:34:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 02:32:52 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 02:32:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/04 17:55:38 | 000,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2010/05/11 15:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV:64bit: - [2010/04/29 12:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/03/24 08:47:48 | 000,161,448 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 07:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/12 06:15:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 19:09:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 10:58:46 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/05/21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\5A8F.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 10:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010/04/28 10:49:50 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/10 16:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2009/05/25 05:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/20 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/02/23 04:47:04 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/10 14:01:06 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2008/07/21 06:18:30 | 000,026,624 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2008/07/15 07:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2009/06/10 16:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=DLCDF7&PC=MDDC&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/22 08:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/03 13:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/22 08:06:35 | 000,000,000 | ---D | M]

[2012/11/03 13:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/11/03 13:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/11 20:52:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFE8D77B-75C9-4F82-9750-78E503788F5F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_black.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/14 20:20:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/14 18:37:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mbar-1.01.0.1009
[2012/11/14 05:56:45 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\FixitCenter_Run.exe
[2012/11/14 05:49:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\WindowsUpdate
[2012/11/13 17:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/11/13 17:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/11/12 21:26:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/11 21:14:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\temp
[2012/11/11 20:08:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/11 20:08:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/11 20:08:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/11 20:07:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/11 20:06:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/11 20:05:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/11 16:47:42 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\abc.exe
[2012/11/11 09:18:06 | 000,000,000 | R--D | C] -- C:\Users\Steve\Dropbox
[2012/11/11 09:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012/11/11 09:14:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/11/11 09:13:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Dropbox
[2012/11/10 21:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/10 21:17:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe
[2012/11/10 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\redirect
[2012/11/10 20:41:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\otl.exe
[2012/11/10 20:28:38 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2012/11/04 19:57:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/11/03 13:43:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Mozilla
[2012/11/03 13:43:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Mozilla
[2012/11/03 13:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/03 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/03 13:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/30 19:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/30 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/30 19:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/10/30 17:48:59 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/30 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/30 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/30 16:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/30 16:06:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/21 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2012/10/21 17:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/21 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/19 06:56:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\McAfee
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/15 05:25:44 | 000,707,520 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 05:25:44 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 05:25:44 | 000,105,046 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/15 05:17:38 | 000,002,497 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2012/11/15 05:17:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 05:17:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 05:17:30 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/11/15 05:17:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 05:17:17 | 4258,455,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/14 19:05:22 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2012/11/14 18:37:19 | 012,961,620 | ---- | M] () -- C:\Users\Steve\Desktop\mbar-1.01.0.1009.zip
[2012/11/14 07:09:33 | 000,000,732 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps64.dat
[2012/11/14 05:56:05 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\FixitCenter_Run.exe
[2012/11/13 17:04:03 | 001,410,192 | ---- | M] () -- C:\Users\Steve\Desktop\sar_15_sfx.exe
[2012/11/11 21:21:01 | 000,109,796 | ---- | M] () -- C:\Users\Steve\Desktop\IE_waitingrespone.jpg
[2012/11/11 20:52:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/11 16:35:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\abc.exe
[2012/11/11 15:49:46 | 000,431,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/11 09:18:07 | 000,000,943 | ---- | M] () -- C:\Users\Steve\Desktop\Dropbox.lnk
[2012/11/11 09:14:56 | 000,000,953 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/11/10 21:17:26 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe
[2012/11/10 20:41:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\otl.exe
[2012/11/10 20:28:04 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2012/11/03 13:43:35 | 000,000,914 | ---- | M] () -- C:\Users\Steve\Desktop\Mozilla Firefox.lnk
[2012/11/03 13:43:35 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/31 18:54:42 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/31 18:54:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/31 18:49:49 | 000,002,341 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/10/30 19:56:19 | 000,007,728 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2012/10/30 19:16:06 | 000,001,123 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/30 19:16:06 | 000,001,099 | ---- | M] () -- C:\Users\Steve\Desktop\Spybot - Search & Destroy.lnk
[2012/10/30 18:03:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/30 17:40:14 | 000,736,033 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2012/10/30 17:39:37 | 000,161,595 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2012/10/30 17:32:19 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2012/10/30 16:06:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 05:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/21 15:41:32 | 000,000,144 | -H-- | M] () -- C:\ProgramData\-ZQJa3wHRBzOJpLr
[2012/10/21 15:41:32 | 000,000,120 | -H-- | M] () -- C:\ProgramData\-ZQJa3wHRBzOJpL
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/14 20:27:53 | 4258,455,552 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/14 18:37:32 | 012,961,620 | ---- | C] () -- C:\Users\Steve\Desktop\mbar-1.01.0.1009.zip
[2012/11/14 06:05:09 | 000,000,732 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps64.dat
[2012/11/13 17:04:32 | 001,410,192 | ---- | C] () -- C:\Users\Steve\Desktop\sar_15_sfx.exe
[2012/11/11 21:21:01 | 000,109,796 | ---- | C] () -- C:\Users\Steve\Desktop\IE_waitingrespone.jpg
[2012/11/11 20:08:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/11 20:08:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/11 20:08:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/11 20:08:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/11 20:08:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/11 09:18:07 | 000,000,943 | ---- | C] () -- C:\Users\Steve\Desktop\Dropbox.lnk
[2012/11/11 09:14:56 | 000,000,953 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/11/03 13:43:35 | 000,000,914 | ---- | C] () -- C:\Users\Steve\Desktop\Mozilla Firefox.lnk
[2012/11/03 13:43:35 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/03 13:43:35 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/30 19:16:06 | 000,001,123 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/30 19:16:06 | 000,001,099 | ---- | C] () -- C:\Users\Steve\Desktop\Spybot - Search & Destroy.lnk
[2012/10/30 17:48:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/30 17:40:14 | 000,736,033 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2012/10/30 17:39:37 | 000,161,595 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2012/10/30 17:32:19 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2012/10/30 16:06:48 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/21 15:41:32 | 000,000,144 | -H-- | C] () -- C:\ProgramData\-ZQJa3wHRBzOJpLr
[2012/10/21 15:41:32 | 000,000,120 | -H-- | C] () -- C:\ProgramData\-ZQJa3wHRBzOJpL
[2012/07/21 15:57:08 | 000,064,000 | ---- | C] () -- C:\Windows\unleap.exe
[2011/04/13 19:50:05 | 000,000,378 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat
[2010/08/03 19:24:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/25 19:39:50 | 000,020,992 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 20:14:59 | 000,007,728 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/01/18 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Doblon
[2012/11/15 05:18:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dropbox
[2010/01/01 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
[2012/10/22 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IrfanView
[2010/12/05 09:21:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyPublisher
[2010/04/29 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Pantone
[2009/10/17 06:44:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Research In Motion
[2011/04/13 19:50:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Template

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\Steve\Documents\Slideshow.dmsm:Roxio EMC Stream

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to sirchief

MVM

to sirchief
Yes, re the MBAR log. Please attach it to your next post in this thread.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

OK, I will try to attach it as a zip file later today. I'm not at the computer in question until later today.

Thanks again.
sirchief

sirchief to LoPhatPhuud

Premium Member

to LoPhatPhuud
system-log.zip
167,819 bytes
MBAR log attached.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to sirchief

MVM

to sirchief
Thanks for the log. No adverse software was found, but I am checking out the Forged Physical Sector Notation.

It may take a day or two to chase it down. I want to find out if it's a result of hte infection and the implication going forward.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

OK. Thank you. Browsing/searching seems back to normal using IE9 and Firefox.

Should we not use the computer until we find out if there's something still lingering in the computer?

Can you recommend a software that will prevent future infections?

Thanks again for all of your help. I appreciate it.

Thank you,

Steve

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 edit

LoPhatPhuud to sirchief

MVM

to sirchief
In checking the MBAR log again, I find I missed an entry re the Aleurion Exploit.

We need to check that out.

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
LoPhatPhuud

4 edits

LoPhatPhuud to sirchief

MVM

to sirchief
Note: If TDSS Killer still fails to run, post and let me know, then download and run Microsoft Malware Removal Tool from here:
»www.microsoft.com/securi ··· val.aspx

(This is the tool run every month on Patch Tuesday)

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

Here is the TDSS log, Should I run the Microsoft tool as well?:

17:00:58.0194 4108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:00:58.0616 4108 ============================================================
17:00:58.0616 4108 Current date / time: 2012/11/16 17:00:58.0616
17:00:58.0616 4108 SystemInfo:
17:00:58.0616 4108
17:00:58.0616 4108 OS Version: 6.0.6002 ServicePack: 2.0
17:00:58.0616 4108 Product type: Workstation
17:00:58.0616 4108 ComputerName: STEVE-PC
17:00:58.0616 4108 UserName: Steve
17:00:58.0616 4108 Windows directory: C:\Windows
17:00:58.0616 4108 System windows directory: C:\Windows
17:00:58.0616 4108 Running under WOW64
17:00:58.0616 4108 Processor architecture: Intel x64
17:00:58.0616 4108 Number of processors: 2
17:00:58.0616 4108 Page size: 0x1000
17:00:58.0616 4108 Boot type: Normal boot
17:00:58.0616 4108 ============================================================
17:01:00.0004 4108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:01:00.0020 4108 ============================================================
17:01:00.0020 4108 \Device\Harddisk0\DR0:
17:01:00.0020 4108 MBR partitions:
17:01:00.0020 4108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
17:01:00.0020 4108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x3856A000
17:01:00.0020 4108 ============================================================
17:01:00.0051 4108 C: \Device\Harddisk0\DR0\Partition2
17:01:00.0066 4108 D: \Device\Harddisk0\DR0\Partition1
17:01:00.0066 4108 ============================================================
17:01:00.0066 4108 Initialize success
17:01:00.0066 4108 ============================================================
17:01:15.0510 4512 ============================================================
17:01:15.0510 4512 Scan started
17:01:15.0510 4512 Mode: Manual;
17:01:15.0510 4512 ============================================================
17:01:16.0368 4512 ================ Scan system memory ========================
17:01:16.0368 4512 System memory - ok
17:01:16.0368 4512 ================ Scan services =============================
17:01:16.0540 4512 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:01:16.0540 4512 ACPI - ok
17:01:16.0618 4512 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:01:16.0618 4512 AdobeActiveFileMonitor6.0 - ok
17:01:16.0696 4512 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:01:16.0712 4512 adp94xx - ok
17:01:16.0727 4512 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:01:16.0743 4512 adpahci - ok
17:01:16.0758 4512 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:01:16.0758 4512 adpu160m - ok
17:01:16.0790 4512 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:01:16.0790 4512 adpu320 - ok
17:01:16.0836 4512 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:01:16.0836 4512 AeLookupSvc - ok
17:01:16.0883 4512 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe
17:01:16.0883 4512 AERTFilters - ok
17:01:16.0946 4512 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:01:16.0961 4512 AFD - ok
17:01:17.0008 4512 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:01:17.0008 4512 agp440 - ok
17:01:17.0024 4512 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:01:17.0024 4512 aic78xx - ok
17:01:17.0039 4512 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:01:17.0055 4512 ALG - ok
17:01:17.0070 4512 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
17:01:17.0070 4512 aliide - ok
17:01:17.0086 4512 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:01:17.0086 4512 amdide - ok
17:01:17.0102 4512 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:01:17.0102 4512 AmdK8 - ok
17:01:17.0148 4512 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:01:17.0148 4512 Appinfo - ok
17:01:17.0211 4512 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:17.0211 4512 Apple Mobile Device - ok
17:01:17.0258 4512 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:01:17.0258 4512 arc - ok
17:01:17.0273 4512 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:01:17.0273 4512 arcsas - ok
17:01:17.0289 4512 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:17.0289 4512 AsyncMac - ok
17:01:17.0336 4512 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:01:17.0336 4512 atapi - ok
17:01:17.0382 4512 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:01:17.0398 4512 AudioEndpointBuilder - ok
17:01:17.0398 4512 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:01:17.0398 4512 AudioSrv - ok
17:01:17.0460 4512 Beep - ok
17:01:17.0538 4512 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:01:17.0538 4512 BFE - ok
17:01:17.0616 4512 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
17:01:17.0632 4512 BITS - ok
17:01:17.0663 4512 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:01:17.0663 4512 blbdrive - ok
17:01:17.0882 4512 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:01:17.0975 4512 Bonjour Service - ok
17:01:18.0053 4512 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:01:18.0084 4512 bowser - ok
17:01:18.0116 4512 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:01:18.0131 4512 BrFiltLo - ok
17:01:18.0147 4512 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:01:18.0147 4512 BrFiltUp - ok
17:01:18.0209 4512 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:01:18.0209 4512 Browser - ok
17:01:18.0225 4512 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:01:18.0225 4512 Brserid - ok
17:01:18.0272 4512 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:01:18.0272 4512 BrSerWdm - ok
17:01:18.0287 4512 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:01:18.0287 4512 BrUsbMdm - ok
17:01:18.0303 4512 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:01:18.0303 4512 BrUsbSer - ok
17:01:18.0334 4512 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:01:18.0334 4512 BTHMODEM - ok
17:01:18.0396 4512 catchme - ok
17:01:18.0412 4512 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:01:18.0412 4512 cdfs - ok
17:01:18.0459 4512 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:01:18.0459 4512 cdrom - ok
17:01:18.0506 4512 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:01:18.0506 4512 CertPropSvc - ok
17:01:18.0521 4512 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
17:01:18.0521 4512 circlass - ok
17:01:18.0568 4512 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:01:18.0568 4512 CLFS - ok
17:01:18.0662 4512 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:18.0662 4512 clr_optimization_v2.0.50727_32 - ok
17:01:18.0724 4512 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:01:18.0724 4512 clr_optimization_v2.0.50727_64 - ok
17:01:18.0818 4512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:18.0818 4512 clr_optimization_v4.0.30319_32 - ok
17:01:18.0864 4512 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:01:18.0864 4512 clr_optimization_v4.0.30319_64 - ok
17:01:18.0880 4512 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:01:18.0911 4512 cmdide - ok
17:01:18.0942 4512 [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:01:18.0942 4512 Compbatt - ok
17:01:18.0958 4512 COMSysApp - ok
17:01:18.0958 4512 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:01:18.0958 4512 crcdisk - ok
17:01:19.0036 4512 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:01:19.0036 4512 CryptSvc - ok
17:01:19.0130 4512 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:01:19.0208 4512 DcomLaunch - ok
17:01:19.0286 4512 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:01:19.0317 4512 DfsC - ok
17:01:19.0644 4512 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:01:19.0941 4512 DFSR - ok
17:01:19.0956 4512 DgiVecp - ok
17:01:20.0144 4512 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:01:20.0175 4512 Dhcp - ok
17:01:20.0253 4512 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:01:20.0253 4512 disk - ok
17:01:20.0346 4512 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:01:20.0393 4512 Dnscache - ok
17:01:20.0534 4512 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:01:20.0534 4512 DockLoginService - ok
17:01:20.0596 4512 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:01:20.0627 4512 dot3svc - ok
17:01:20.0721 4512 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:01:20.0752 4512 Dot4 - ok
17:01:20.0799 4512 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:01:20.0799 4512 Dot4Print - ok
17:01:20.0846 4512 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:01:20.0846 4512 dot4usb - ok
17:01:20.0908 4512 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:01:20.0908 4512 DPS - ok
17:01:20.0955 4512 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:01:20.0955 4512 drmkaud - ok
17:01:21.0017 4512 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:01:21.0033 4512 DXGKrnl - ok
17:01:21.0095 4512 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
17:01:21.0111 4512 e1express - ok
17:01:21.0142 4512 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:01:21.0142 4512 E1G60 - ok
17:01:21.0220 4512 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:01:21.0220 4512 EapHost - ok
17:01:21.0267 4512 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:01:21.0267 4512 Ecache - ok
17:01:21.0314 4512 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:01:21.0314 4512 ehRecvr - ok
17:01:21.0329 4512 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:01:21.0345 4512 ehSched - ok
17:01:21.0345 4512 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:01:21.0345 4512 ehstart - ok
17:01:21.0392 4512 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:01:21.0392 4512 elxstor - ok
17:01:21.0438 4512 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:01:21.0438 4512 EMDMgmt - ok
17:01:21.0438 4512 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:01:21.0454 4512 ErrDev - ok
17:01:21.0501 4512 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:01:21.0516 4512 EventSystem - ok
17:01:21.0548 4512 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:01:21.0548 4512 exfat - ok
17:01:21.0594 4512 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:01:21.0594 4512 fastfat - ok
17:01:21.0626 4512 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:01:21.0626 4512 fdc - ok
17:01:21.0641 4512 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:01:21.0641 4512 fdPHost - ok
17:01:21.0657 4512 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:01:21.0657 4512 FDResPub - ok
17:01:21.0672 4512 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:01:21.0672 4512 FileInfo - ok
17:01:21.0688 4512 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:01:21.0688 4512 Filetrace - ok
17:01:21.0828 4512 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:01:21.0844 4512 FLEXnet Licensing Service - ok
17:01:21.0860 4512 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:21.0860 4512 flpydisk - ok
17:01:21.0891 4512 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:01:21.0891 4512 FltMgr - ok
17:01:21.0984 4512 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:01:22.0016 4512 FontCache - ok
17:01:22.0062 4512 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:01:22.0062 4512 FontCache3.0.0.0 - ok
17:01:22.0109 4512 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:01:22.0140 4512 Fs_Rec - ok
17:01:22.0187 4512 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:01:22.0187 4512 gagp30kx - ok
17:01:22.0234 4512 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:01:22.0234 4512 GEARAspiWDM - ok
17:01:22.0312 4512 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:01:22.0328 4512 GoToAssist - ok
17:01:22.0468 4512 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:01:22.0484 4512 gpsvc - ok
17:01:22.0562 4512 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:22.0577 4512 HDAudBus - ok
17:01:22.0593 4512 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:01:22.0593 4512 HidBth - ok
17:01:22.0624 4512 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:01:22.0624 4512 HidIr - ok
17:01:22.0671 4512 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
17:01:22.0671 4512 hidserv - ok
17:01:22.0718 4512 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:01:22.0718 4512 HidUsb - ok
17:01:22.0749 4512 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:01:22.0749 4512 hkmsvc - ok
17:01:22.0874 4512 [ 583431A6989FD8B901D1883C0299C471 ] hnmsvc c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
17:01:22.0874 4512 hnmsvc - ok
17:01:22.0936 4512 [ 0570A17A2E5001B97E20C15B4FC516AE ] HP1210FAX C:\Windows\system32\Drivers\HPM1210FAX.sys
17:01:22.0936 4512 HP1210FAX - ok
17:01:22.0998 4512 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:01:22.0998 4512 HpCISSs - ok
17:01:23.0108 4512 [ F8F686D62121549377D9E1CDF6BC3441 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
17:01:23.0108 4512 HPM1210RcvFaxSrvc - ok
17:01:23.0248 4512 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:01:23.0248 4512 hpqcxs08 - ok
17:01:23.0264 4512 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:01:23.0279 4512 hpqddsvc - ok
17:01:23.0326 4512 [ 4E9CAE3200A46135DE01CE22BAF832BE ] HPSIService C:\Windows\system32\HPSIsvc.exe
17:01:23.0342 4512 HPSIService - ok
17:01:23.0435 4512 [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:01:23.0435 4512 HPSLPSVC - ok
17:01:23.0482 4512 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:01:23.0482 4512 HTTP - ok
17:01:23.0513 4512 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:01:23.0513 4512 i2omp - ok
17:01:23.0544 4512 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:23.0560 4512 i8042prt - ok
17:01:23.0622 4512 [ 07FB761600EFF44AF02C35B8B57E5863 ] iaStor C:\Windows\system32\drivers\iastor.sys
17:01:23.0622 4512 iaStor - ok
17:01:23.0654 4512 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:01:23.0654 4512 iaStorV - ok
17:01:23.0794 4512 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:01:23.0794 4512 IDriverT - ok
17:01:23.0934 4512 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:01:24.0106 4512 idsvc - ok
17:01:24.0340 4512 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:01:24.0496 4512 igfx - ok
17:01:24.0527 4512 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:01:24.0527 4512 iirsp - ok
17:01:24.0574 4512 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:01:24.0574 4512 IKEEXT - ok
17:01:24.0621 4512 [ 0DD17D4B59D0EC40E3C86A505BB0B6DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:01:24.0636 4512 IntcAzAudAddService - ok
17:01:24.0652 4512 [ BE1CB000C655396C9DEF09AEE3EA2D67 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
17:01:24.0668 4512 IntcHdmiAddService - ok
17:01:24.0714 4512 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:01:24.0714 4512 intelide - ok
17:01:24.0730 4512 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:01:24.0730 4512 intelppm - ok
17:01:24.0761 4512 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:01:24.0761 4512 IPBusEnum - ok
17:01:24.0792 4512 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:24.0792 4512 IpFilterDriver - ok
17:01:24.0839 4512 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:01:24.0855 4512 iphlpsvc - ok
17:01:24.0855 4512 IpInIp - ok
17:01:24.0870 4512 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:01:24.0886 4512 IPMIDRV - ok
17:01:24.0902 4512 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:01:24.0902 4512 IPNAT - ok
17:01:25.0089 4512 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:01:25.0089 4512 iPod Service - ok
17:01:25.0120 4512 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:01:25.0120 4512 IRENUM - ok
17:01:25.0167 4512 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:01:25.0198 4512 isapnp - ok
17:01:25.0245 4512 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:25.0245 4512 iScsiPrt - ok
17:01:25.0276 4512 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:01:25.0276 4512 iteatapi - ok
17:01:25.0292 4512 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:01:25.0292 4512 iteraid - ok
17:01:25.0323 4512 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:25.0323 4512 kbdclass - ok
17:01:25.0370 4512 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:25.0370 4512 kbdhid - ok
17:01:25.0416 4512 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:01:25.0416 4512 KeyIso - ok
17:01:25.0479 4512 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:01:25.0479 4512 KSecDD - ok
17:01:25.0494 4512 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:01:25.0494 4512 ksthunk - ok
17:01:25.0557 4512 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:01:25.0557 4512 KtmRm - ok
17:01:25.0619 4512 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:01:25.0619 4512 LanmanServer - ok
17:01:25.0666 4512 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:25.0666 4512 LanmanWorkstation - ok
17:01:25.0682 4512 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:01:25.0682 4512 lltdio - ok
17:01:25.0713 4512 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:01:25.0713 4512 lltdsvc - ok
17:01:25.0744 4512 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:01:25.0744 4512 lmhosts - ok
17:01:25.0760 4512 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:01:25.0760 4512 LSI_FC - ok
17:01:25.0791 4512 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:01:25.0791 4512 LSI_SAS - ok
17:01:25.0806 4512 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:01:25.0806 4512 LSI_SCSI - ok
17:01:25.0838 4512 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:01:25.0838 4512 luafv - ok
17:01:25.0853 4512 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:01:25.0853 4512 Mcx2Svc - ok
17:01:25.0962 4512 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:01:25.0962 4512 MDM - ok
17:01:26.0072 4512 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:01:26.0072 4512 megasas - ok
17:01:26.0087 4512 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:01:26.0103 4512 MegaSR - ok
17:01:26.0165 4512 [ F9CE67E9E0226079B59107B649851F96 ] MEMSWEEP2 C:\Windows\system32\5A8F.tmp
17:01:26.0165 4512 MEMSWEEP2 - ok
17:01:26.0196 4512 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:01:26.0196 4512 MMCSS - ok
17:01:26.0212 4512 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:01:26.0212 4512 Modem - ok
17:01:26.0228 4512 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:01:26.0228 4512 monitor - ok
17:01:26.0243 4512 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:01:26.0243 4512 mouclass - ok
17:01:26.0259 4512 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:01:26.0259 4512 mouhid - ok
17:01:26.0274 4512 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:01:26.0274 4512 MountMgr - ok
17:01:26.0337 4512 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:01:26.0337 4512 MozillaMaintenance - ok
17:01:26.0368 4512 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:01:26.0384 4512 mpio - ok
17:01:26.0399 4512 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:01:26.0399 4512 mpsdrv - ok
17:01:26.0446 4512 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:01:26.0462 4512 MpsSvc - ok
17:01:26.0477 4512 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:01:26.0477 4512 Mraid35x - ok
17:01:26.0493 4512 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:01:26.0493 4512 MRxDAV - ok
17:01:26.0555 4512 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:26.0555 4512 mrxsmb - ok
17:01:26.0618 4512 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:26.0618 4512 mrxsmb10 - ok
17:01:26.0618 4512 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:26.0618 4512 mrxsmb20 - ok
17:01:26.0633 4512 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
17:01:26.0633 4512 msahci - ok
17:01:26.0664 4512 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:01:26.0664 4512 msdsm - ok
17:01:26.0696 4512 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:01:26.0696 4512 MSDTC - ok
17:01:26.0742 4512 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:01:26.0742 4512 Msfs - ok
17:01:26.0789 4512 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:01:26.0789 4512 msisadrv - ok
17:01:26.0820 4512 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:01:26.0820 4512 MSiSCSI - ok
17:01:26.0836 4512 msiserver - ok
17:01:26.0883 4512 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:01:26.0883 4512 MSKSSRV - ok
17:01:26.0898 4512 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:26.0898 4512 MSPCLOCK - ok
17:01:26.0898 4512 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:01:26.0898 4512 MSPQM - ok
17:01:26.0945 4512 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:01:26.0945 4512 MsRPC - ok
17:01:26.0961 4512 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:26.0961 4512 mssmbios - ok
17:01:26.0961 4512 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:01:26.0961 4512 MSTEE - ok
17:01:26.0976 4512 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:01:26.0976 4512 Mup - ok
17:01:27.0039 4512 [ 09818558C2579B45D78AB18A759B0CA8 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
17:01:27.0039 4512 mvusbews - ok
17:01:27.0101 4512 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:01:27.0101 4512 napagent - ok
17:01:27.0148 4512 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:01:27.0164 4512 NativeWifiP - ok
17:01:27.0210 4512 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:01:27.0226 4512 NDIS - ok
17:01:27.0257 4512 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:27.0257 4512 NdisTapi - ok
17:01:27.0257 4512 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:27.0257 4512 Ndisuio - ok
17:01:27.0320 4512 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:27.0320 4512 NdisWan - ok
17:01:27.0335 4512 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:01:27.0335 4512 NDProxy - ok
17:01:27.0398 4512 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:01:27.0398 4512 Net Driver HPZ12 - ok
17:01:27.0413 4512 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:01:27.0413 4512 NetBIOS - ok
17:01:27.0460 4512 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:01:27.0460 4512 netbt - ok
17:01:27.0476 4512 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:01:27.0476 4512 Netlogon - ok
17:01:27.0507 4512 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:01:27.0554 4512 Netman - ok
17:01:27.0585 4512 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:01:27.0585 4512 netprofm - ok
17:01:27.0616 4512 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:27.0616 4512 NetTcpPortSharing - ok
17:01:27.0647 4512 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:01:27.0647 4512 nfrd960 - ok
17:01:27.0647 4512 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:01:27.0663 4512 NlaSvc - ok
17:01:27.0694 4512 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:01:27.0710 4512 Npfs - ok
17:01:27.0710 4512 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:01:27.0710 4512 nsi - ok
17:01:27.0725 4512 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:01:27.0725 4512 nsiproxy - ok
17:01:27.0788 4512 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:01:27.0819 4512 Ntfs - ok
17:01:27.0819 4512 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:01:27.0819 4512 Null - ok
17:01:27.0850 4512 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:01:27.0850 4512 nvraid - ok
17:01:27.0866 4512 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:01:27.0866 4512 nvstor - ok
17:01:27.0897 4512 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:01:27.0897 4512 nv_agp - ok
17:01:27.0897 4512 NwlnkFlt - ok
17:01:27.0897 4512 NwlnkFwd - ok
17:01:27.0959 4512 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:27.0959 4512 ohci1394 - ok
17:01:28.0006 4512 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:01:28.0006 4512 ose - ok
17:01:28.0053 4512 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:01:28.0053 4512 p2pimsvc - ok
17:01:28.0068 4512 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:01:28.0084 4512 p2psvc - ok
17:01:28.0115 4512 [ 99E6AA0AE2D05389BA7F7DFF6866B569 ] Packet C:\Windows\system32\DRIVERS\packet.sys
17:01:28.0131 4512 Packet - ok
17:01:28.0178 4512 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:01:28.0178 4512 Parport - ok
17:01:28.0209 4512 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:01:28.0209 4512 partmgr - ok
17:01:28.0240 4512 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:01:28.0240 4512 PcaSvc - ok
17:01:28.0287 4512 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:01:28.0287 4512 pci - ok
17:01:28.0302 4512 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
17:01:28.0302 4512 pciide - ok
17:01:28.0318 4512 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:01:28.0318 4512 pcmcia - ok
17:01:28.0334 4512 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:01:28.0349 4512 PEAUTH - ok
17:01:28.0396 4512 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:01:28.0396 4512 PerfHost - ok
17:01:28.0443 4512 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:01:28.0474 4512 pla - ok
17:01:28.0505 4512 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:01:28.0521 4512 PlugPlay - ok
17:01:28.0599 4512 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:01:28.0599 4512 Pml Driver HPZ12 - ok
17:01:28.0614 4512 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:01:28.0630 4512 PNRPAutoReg - ok
17:01:28.0646 4512 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:01:28.0646 4512 PNRPsvc - ok
17:01:28.0708 4512 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:01:28.0708 4512 PolicyAgent - ok
17:01:28.0770 4512 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:01:28.0770 4512 PptpMiniport - ok
17:01:28.0802 4512 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:01:28.0802 4512 Processor - ok
17:01:28.0864 4512 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:01:28.0864 4512 ProfSvc - ok
17:01:28.0880 4512 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:28.0880 4512 ProtectedStorage - ok
17:01:28.0926 4512 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:01:28.0926 4512 PSched - ok
17:01:28.0989 4512 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:01:28.0989 4512 PxHlpa64 - ok
17:01:29.0051 4512 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:01:29.0145 4512 ql2300 - ok
17:01:29.0160 4512 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:01:29.0160 4512 ql40xx - ok
17:01:29.0192 4512 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:01:29.0207 4512 QWAVE - ok
17:01:29.0207 4512 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:01:29.0207 4512 QWAVEdrv - ok
17:01:29.0270 4512 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:01:29.0301 4512 R300 - ok
17:01:29.0316 4512 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:01:29.0316 4512 RasAcd - ok
17:01:29.0363 4512 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:01:29.0379 4512 RasAuto - ok
17:01:29.0426 4512 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:29.0441 4512 Rasl2tp - ok
17:01:29.0441 4512 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:01:29.0457 4512 RasMan - ok
17:01:29.0504 4512 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:29.0504 4512 RasPppoe - ok
17:01:29.0550 4512 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:01:29.0550 4512 RasSstp - ok
17:01:29.0613 4512 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:01:29.0613 4512 rdbss - ok
17:01:29.0628 4512 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:29.0628 4512 RDPCDD - ok
17:01:29.0644 4512 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:01:29.0660 4512 rdpdr - ok
17:01:29.0660 4512 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:01:29.0660 4512 RDPENCDD - ok
17:01:29.0706 4512 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:01:29.0706 4512 RDPWD - ok
17:01:29.0738 4512 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:01:29.0753 4512 RemoteAccess - ok
17:01:29.0816 4512 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:01:29.0847 4512 RemoteRegistry - ok
17:01:29.0878 4512 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:01:29.0878 4512 RimUsb - ok
17:01:29.0940 4512 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:01:29.0940 4512 RimVSerPort - ok
17:01:29.0956 4512 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:01:29.0956 4512 ROOTMODEM - ok
17:01:30.0050 4512 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
17:01:30.0065 4512 Roxio UPnP Renderer 9 - ok
17:01:30.0081 4512 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
17:01:30.0096 4512 Roxio Upnp Server 9 - ok
17:01:30.0190 4512 [ E0BEF062C8950B698E3D79DF432AD250 ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
17:01:30.0206 4512 RoxLiveShare10 - ok
17:01:30.0268 4512 [ E06224CF971D33A680E852DFA212A8AB ] RoxLiveShare9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
17:01:30.0284 4512 RoxLiveShare9 - ok
17:01:30.0330 4512 [ 8475CEF8C9C7DE0918C61235ED06606A ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
17:01:30.0362 4512 RoxMediaDB10 - ok
17:01:30.0393 4512 [ FB68FD9505AB89416D70A0E8A5C49E45 ] RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
17:01:30.0408 4512 RoxMediaDB9 - ok
17:01:30.0455 4512 [ 5AB029B4CF15E5FD7BBA73694856C477 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
17:01:30.0455 4512 RoxWatch10 - ok
17:01:30.0471 4512 [ D6BDB50D2A28FF70CE60B4D995F0143A ] RoxWatch9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
17:01:30.0471 4512 RoxWatch9 - ok
17:01:30.0502 4512 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:01:30.0502 4512 RpcLocator - ok
17:01:30.0549 4512 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
17:01:30.0564 4512 RpcSs - ok
17:01:30.0564 4512 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:01:30.0580 4512 rspndr - ok
17:01:30.0689 4512 [ DFADCAE64AEBE2C67DA9CD2AE74CCDE5 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:01:30.0689 4512 RTL8169 - ok
17:01:30.0798 4512 [ 5532C4BF15173270757A75B46BAEB960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
17:01:30.0830 4512 RtNdPt60 - ok
17:01:30.0845 4512 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:01:30.0845 4512 SamSs - ok
17:01:30.0892 4512 [ C259A8B9BCD38988BD71F8F9C9927CDB ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
17:01:30.0923 4512 Samsung UPD Service - ok
17:01:31.0001 4512 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:01:31.0048 4512 sbp2port - ok
17:01:31.0110 4512 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:01:31.0110 4512 SCardSvr - ok
17:01:31.0157 4512 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:01:31.0173 4512 Schedule - ok
17:01:31.0220 4512 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:01:31.0220 4512 SCPolicySvc - ok
17:01:31.0282 4512 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:01:31.0282 4512 SDRSVC - ok
17:01:31.0407 4512 [ 58DC20EB15F071804C56FCCC796417A2 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:01:31.0407 4512 SeaPort - ok
17:01:31.0454 4512 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:01:31.0454 4512 secdrv - ok
17:01:31.0485 4512 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:01:31.0485 4512 seclogon - ok
17:01:31.0500 4512 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
17:01:31.0500 4512 SENS - ok
17:01:31.0532 4512 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:01:31.0532 4512 Serenum - ok
17:01:31.0563 4512 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:01:31.0563 4512 Serial - ok
17:01:31.0610 4512 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:01:31.0610 4512 sermouse - ok
17:01:31.0641 4512 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:01:31.0641 4512 SessionEnv - ok
17:01:31.0672 4512 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:01:31.0672 4512 sffdisk - ok
17:01:31.0672 4512 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:01:31.0672 4512 sffp_mmc - ok
17:01:31.0672 4512 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:01:31.0688 4512 sffp_sd - ok
17:01:31.0688 4512 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:01:31.0703 4512 sfloppy - ok
17:01:31.0750 4512 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:01:31.0750 4512 SharedAccess - ok
17:01:31.0812 4512 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:31.0812 4512 ShellHWDetection - ok
17:01:31.0828 4512 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:01:31.0828 4512 SiSRaid2 - ok
17:01:31.0844 4512 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:01:31.0844 4512 SiSRaid4 - ok
17:01:31.0937 4512 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:01:31.0968 4512 slsvc - ok
17:01:32.0015 4512 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:01:32.0015 4512 SLUINotify - ok
17:01:32.0062 4512 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:01:32.0062 4512 Smb - ok
17:01:32.0124 4512 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:01:32.0124 4512 SNMPTRAP - ok
17:01:32.0171 4512 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:01:32.0171 4512 spldr - ok
17:01:32.0218 4512 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:01:32.0234 4512 Spooler - ok
17:01:32.0327 4512 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
17:01:32.0327 4512 sprtsvc_DellSupportCenter - ok
17:01:32.0390 4512 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:01:32.0390 4512 srv - ok
17:01:32.0436 4512 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:01:32.0436 4512 srv2 - ok
17:01:32.0452 4512 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:01:32.0452 4512 srvnet - ok
17:01:32.0483 4512 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:01:32.0499 4512 SSDPSRV - ok
17:01:32.0546 4512 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
17:01:32.0546 4512 SSPORT - ok
17:01:32.0592 4512 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:01:32.0592 4512 SstpSvc - ok
17:01:32.0655 4512 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:01:32.0655 4512 StillCam - ok
17:01:32.0717 4512 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:01:32.0717 4512 stisvc - ok
17:01:32.0795 4512 [ 5889618EEBD7D2FF13C30D73FCFF8CD0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:01:32.0795 4512 stllssvr - ok
17:01:32.0826 4512 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:01:32.0826 4512 swenum - ok
17:01:32.0889 4512 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:01:32.0904 4512 swprv - ok
17:01:32.0920 4512 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:01:32.0920 4512 Symc8xx - ok
17:01:32.0967 4512 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:01:32.0967 4512 Sym_hi - ok
17:01:32.0982 4512 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:01:32.0982 4512 Sym_u3 - ok
17:01:33.0045 4512 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:01:33.0045 4512 SysMain - ok
17:01:33.0076 4512 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:33.0076 4512 TabletInputService - ok
17:01:33.0138 4512 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:01:33.0138 4512 TapiSrv - ok
17:01:33.0154 4512 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:01:33.0154 4512 TBS - ok
17:01:33.0216 4512 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:01:33.0248 4512 Tcpip - ok
17:01:33.0310 4512 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:01:33.0326 4512 Tcpip6 - ok
17:01:33.0372 4512 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:01:33.0372 4512 tcpipreg - ok
17:01:33.0404 4512 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:01:33.0404 4512 TDPIPE - ok
17:01:33.0435 4512 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:01:33.0435 4512 TDTCP - ok
17:01:33.0466 4512 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:01:33.0466 4512 tdx - ok
17:01:33.0513 4512 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:01:33.0513 4512 TermDD - ok
17:01:33.0575 4512 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:01:33.0575 4512 TermService - ok
17:01:33.0591 4512 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:01:33.0606 4512 Themes - ok
17:01:33.0622 4512 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:01:33.0622 4512 THREADORDER - ok
17:01:33.0653 4512 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:01:33.0653 4512 TrkWks - ok
17:01:33.0716 4512 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:33.0716 4512 TrustedInstaller - ok
17:01:33.0762 4512 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:33.0762 4512 tssecsrv - ok
17:01:33.0794 4512 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:01:33.0794 4512 tunmp - ok
17:01:33.0856 4512 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:01:33.0856 4512 tunnel - ok
17:01:33.0887 4512 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:01:33.0887 4512 uagp35 - ok
17:01:33.0934 4512 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:01:33.0934 4512 udfs - ok
17:01:33.0965 4512 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:01:33.0965 4512 UI0Detect - ok
17:01:33.0981 4512 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:01:33.0981 4512 uliagpkx - ok
17:01:34.0012 4512 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:01:34.0012 4512 uliahci - ok
17:01:34.0043 4512 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:01:34.0043 4512 UlSata - ok
17:01:34.0059 4512 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:01:34.0059 4512 ulsata2 - ok
17:01:34.0090 4512 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:01:34.0090 4512 umbus - ok
17:01:34.0168 4512 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:01:34.0184 4512 upnphost - ok
17:01:34.0215 4512 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:01:34.0215 4512 USBAAPL64 - ok
17:01:34.0277 4512 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:34.0277 4512 usbccgp - ok
17:01:34.0308 4512 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:01:34.0324 4512 usbcir - ok
17:01:34.0402 4512 [ B1C7EDB07F61BDEE587831B440FC7656 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:01:34.0402 4512 usbehci - ok
17:01:34.0449 4512 [ 697C45D6CEA9AD978F90636BE7C93229 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:01:34.0449 4512 usbhub - ok
17:01:34.0464 4512 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:01:34.0480 4512 usbohci - ok
17:01:34.0527 4512 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:01:34.0527 4512 usbprint - ok
17:01:34.0589 4512 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:01:34.0605 4512 usbscan - ok
17:01:34.0667 4512 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:34.0667 4512 USBSTOR - ok
17:01:34.0683 4512 [ C8D88A2A3587A8424B4B17A6F7EB67FA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:34.0683 4512 usbuhci - ok
17:01:34.0730 4512 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:01:34.0730 4512 UxSms - ok
17:01:34.0761 4512 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:01:34.0761 4512 vds - ok
17:01:34.0776 4512 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:34.0776 4512 vga - ok
17:01:34.0776 4512 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:01:34.0776 4512 VgaSave - ok
17:01:34.0792 4512 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:01:34.0792 4512 viaide - ok
17:01:34.0792 4512 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:01:34.0808 4512 volmgr - ok
17:01:34.0839 4512 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:01:34.0854 4512 volmgrx - ok
17:01:34.0901 4512 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:01:34.0917 4512 volsnap - ok
17:01:34.0932 4512 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:01:34.0932 4512 vsmraid - ok
17:01:34.0964 4512 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:01:34.0995 4512 VSS - ok
17:01:35.0010 4512 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:01:35.0026 4512 W32Time - ok
17:01:35.0042 4512 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:01:35.0042 4512 WacomPen - ok
17:01:35.0088 4512 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:01:35.0104 4512 Wanarp - ok
17:01:35.0104 4512 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:01:35.0104 4512 Wanarpv6 - ok
17:01:35.0151 4512 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:01:35.0151 4512 wcncsvc - ok
17:01:35.0166 4512 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:35.0182 4512 WcsPlugInService - ok
17:01:35.0182 4512 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:01:35.0182 4512 Wd - ok
17:01:35.0213 4512 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:01:35.0229 4512 Wdf01000 - ok
17:01:35.0229 4512 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:01:35.0244 4512 WdiServiceHost - ok
17:01:35.0260 4512 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:01:35.0260 4512 WdiSystemHost - ok
17:01:35.0276 4512 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:01:35.0307 4512 WebClient - ok
17:01:35.0400 4512 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:01:35.0400 4512 Wecsvc - ok
17:01:35.0400 4512 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:01:35.0416 4512 wercplsupport - ok
17:01:35.0416 4512 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:01:35.0432 4512 WerSvc - ok
17:01:35.0447 4512 WinDefend - ok
17:01:35.0447 4512 WinHttpAutoProxySvc - ok
17:01:35.0510 4512 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:01:35.0510 4512 Winmgmt - ok
17:01:35.0588 4512 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:01:35.0619 4512 WinRM - ok
17:01:35.0650 4512 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:01:35.0666 4512 Wlansvc - ok
17:01:35.0681 4512 [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:01:35.0681 4512 WmiAcpi - ok
17:01:35.0712 4512 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:01:35.0712 4512 wmiApSrv - ok
17:01:35.0728 4512 WMPNetworkSvc - ok
17:01:35.0759 4512 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:01:35.0759 4512 WPCSvc - ok
17:01:35.0806 4512 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:01:35.0806 4512 WPDBusEnum - ok
17:01:35.0884 4512 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:01:35.0884 4512 WpdUsb - ok
17:01:36.0071 4512 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:01:36.0071 4512 WPFFontCache_v0400 - ok
17:01:36.0102 4512 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:01:36.0118 4512 ws2ifsl - ok
17:01:36.0149 4512 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
17:01:36.0196 4512 wscsvc - ok
17:01:36.0212 4512 WSearch - ok
17:01:36.0321 4512 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:01:36.0352 4512 wuauserv - ok
17:01:36.0383 4512 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:36.0383 4512 WUDFRd - ok
17:01:36.0430 4512 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:01:36.0430 4512 wudfsvc - ok
17:01:36.0446 4512 ================ Scan global ===============================
17:01:36.0461 4512 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:01:36.0524 4512 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:01:36.0539 4512 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:01:36.0602 4512 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:01:36.0602 4512 [Global] - ok
17:01:36.0602 4512 ================ Scan MBR ==================================
17:01:36.0617 4512 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:01:37.0007 4512 \Device\Harddisk0\DR0 - ok
17:01:37.0007 4512 ================ Scan VBR ==================================
17:01:37.0023 4512 [ B5B761EF199C43960FE4C09638D2924F ] \Device\Harddisk0\DR0\Partition1
17:01:37.0023 4512 \Device\Harddisk0\DR0\Partition1 - ok
17:01:37.0038 4512 [ BB0223FB076F1863EEC2BB0C713907C0 ] \Device\Harddisk0\DR0\Partition2
17:01:37.0038 4512 \Device\Harddisk0\DR0\Partition2 - ok
17:01:37.0038 4512 ============================================================
17:01:37.0038 4512 Scan finished
17:01:37.0038 4512 ============================================================
17:01:37.0054 4116 Detected object count: 0
17:01:37.0054 4116 Actual detected object count: 0
17:03:08.0487 1764 Deinitialize success

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to sirchief

MVM

to sirchief
Yes go ahead and run MSRT as a safety measure.

Post back here when it's finished.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

MSRT found nothing malicious.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to sirchief

MVM

to sirchief
OK, let's cleanup and we'll be done.

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

Thank you! I will do the cleanup tonight.

I really appreciate all of the help and support you provided. You saved me!

Could you recommend a good preventative software to install?

Thanks again,

Steve

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to sirchief

MVM

to sirchief
Recommending products is difficult, at best, for today's cyber world. You have the choice of complete packages (antivirus, antimalware, firewall) or separate programs.

For most consumers, I believe tghat the package approach is the easiest to install and maintain. Most of the major providers offer one.

A standalone alone antimalware program is also advisable. In tghat category, I would use Malwarebyes (either in full mode or on demand mode).

sirchief
Premium Member
join:2001-12-14
Cromwell, CT

sirchief

Premium Member

I have completed the clean-up.

Thank you for the suggestions. I have installed AVG as a trial for now. I will see how that goes.

One thing I noticed is that I still can not access Windows Update. I get an error with a 80070005 error code in it. I've searched and have found several articles on how to fix it, but I can't seem to get it work work.

Should I post this in another forum on this site? I figure it has something to do with the virus/malware the computer had before being cleaned.

-Steve