dakotawolf04

Help with trojan.small, trojan.sirefef, and rootkit.0access removal

22 posts in this topic

Recently I ran a scan and Malwarebytes found the following trojan.small, trojan.sirefef, and rootkit.0access. I went through the removal procedures as the program required but after rebooting and another scan it was still there. Any help with removing these would be much appreciated.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.26.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19272

Michael&Mary :: MMSCOMP [administrator]

6/26/2012 11:28:01 AM

mbam-log-2012-06-26 (11-28-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205497

Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19272

Run by Michael&Mary at 11:55:10 on 2012-06-26

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uWindow Title = Windows Internet Explorer provided by Yahoo!

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: UserZoomBHO Class: {246e2928-34b8-48d9-be73-38ba37241e5b} - c:\windows\downloaded program

files\UserZoom.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default

manager\DefMgr.exe" -resume

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-

packard\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11

\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b

-a074-469358f075a6/OGAControl.cab

DPF: {15B782AF-55D8-11D1-B477-006097098764} -

hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.commissarycoupons.com/scriptx/smsx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-

9B0E-1719D1177202/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} -

hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab

DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -

hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} -

hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://myspace.oberon-media.com/gameshell/games/channel--

110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab

DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -

hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab

DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF}

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-

i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-

i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-

i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-

i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-

i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-

i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-

i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} -

hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} - hxxps://server.userzoom.com/uz/UserZoom.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab

DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} -

hxxp://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 192.168.2.1

Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design

science\mathplayer\MathMLMimer.dll

Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design

science\mathplayer\MathMLMimer.dll

Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design

science\mathplayer\MathMLMimer.dll

Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design

science\mathplayer\MathMLMimer.dll

Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design

science\mathplayer\MathMLMimer.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32

\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-06-26 16:53:59 54016 ----a-w- c:\windows\system32\drivers\fnwg.sys

2012-06-26 16:27:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-22 12:32:40 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 12:32:14 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 12:32:09 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 12:32:09 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-09 17:07:06 -------- d-----w- c:\program files\Sibelius Software

.

==================== Find3M ====================

.

2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec

2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-05 00:27:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 00:27:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2007-10-28 19:57:08 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 11:55:36.72 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.3)

Adobe Setup

Adobe Shockwave Player 11.5

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AIO_Scan

Amazon Kindle

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Mobile Device Support

Audacity 1.2.6

AutoUpdate

AVG 2012

Bing Bar

Bing Rewards Client Installer

Bonjour

BufferChm

C4200

C4200_doccd

c4200_Help

CCleaner

Citrix Presentation Server Web Client for Win32

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

Creative System Information

Creative ZEN

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DivX

DocProc

DocProcQFolder

e-Sword

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Eye Candy 4000

Feedback Tool

Free Window Registry Repair

Funnix Begin Reading 1-40

GOM Player

Google Desktop Search

Google Toolbar for Internet Explorer

Google Update Helper

Graphmatica

Hardware Diagnostic Tools

honestech Audio Recorder 2.0 Deluxe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Feedback

HP Easy Setup - Core

HP Easy Setup - Frontend

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Picasso Media Center Add-In

HP Smart Web Printing

HP Solution Center 9.0

HP Total Care Advisor

HP Update

HPProductAssistant

HPSSupply

Internet Explorer (Enable DEP)

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 2

Java 6 Update 23

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6

Java SE Runtime Environment 6 Update 1

LightScribe 1.4.124.1

Macromedia Dreamweaver 8

Macromedia Dreamweaver MX

Macromedia Extension Manager

Macromedia Fireworks MX 2004

Macromedia Flash MX

Malwarebytes Anti-Malware version 1.61.0.1400

Master Your CDC 3.0

Math Mechanixs

Math Trek 1, 2, 3

Math Trek 4, 5, 6

MathPlayer

MathType 6

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 3.5 SP1

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office FrontPage 2003

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MobTime Cell Phone Manager V6.6.5

Monopoly Here & Now Edition (remove only)

Motorola Driver Installation 3.2.0

Move Networks Media Player for Internet Explorer

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multiplex 1.0

muvee autoProducer 5.0

MyDefrag v4.2.7

NOOK for PC

NVIDIA Drivers

OcxSetup

OGA Notifier 2.0.0048.0

Oracle JInitiator 1.3.1.17

PDF Settings

PDG Gold 4.0

PDG GOLD NCO - 2011

Phonics

Power Tab Editor 1.7

PRS-500 USB driver

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

PureEdge Viewer 6.5

Python 2.4.3

QuickTime

QuickTime Alternative 1.81

Reader Library by Sony

Reading

Realtek High Definition Audio Driver

Recuva

Revo Uninstaller 1.94

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Sibelius Scorch (ActiveX Only)

SimCity 4 Deluxe

Soft Data Fax Modem with SmartCP

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Status

SUPERAntiSpyware

Toolbox

TrayApp

Trigonometry Solved!

TweakNow PowerPack 2010

TweakNow RegCleaner

UMS 9.9 equation

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebEx Support Manager for Internet Explorer

WebReg

Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

WinRAR archiver

Yahoo! BrowserPlus 2.8.1

Yahoo! Install Manager

Yahoo! Messenger

Yahoo! Software Update

ZENcast Organizer

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello dakotawolf04 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Share this post


Link to post
Share on other sites

Thank you very much Maniac for helping me with this. I ran the tools and the logs follow. The system says my post is too long. I will post the other logs in another post.

13:13:32.0579 4940 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

13:13:34.0592 4940 ============================================================

13:13:34.0592 4940 Current date / time: 2012/06/26 13:13:34.0592

13:13:34.0592 4940 SystemInfo:

13:13:34.0592 4940

13:13:34.0592 4940 OS Version: 6.0.6002 ServicePack: 2.0

13:13:34.0592 4940 Product type: Workstation

13:13:34.0592 4940 ComputerName: MMSCOMP

13:13:34.0592 4940 UserName: Michael&Mary

13:13:34.0592 4940 Windows directory: C:\Windows

13:13:34.0592 4940 System windows directory: C:\Windows

13:13:34.0592 4940 Processor architecture: Intel x86

13:13:34.0592 4940 Number of processors: 2

13:13:34.0592 4940 Page size: 0x1000

13:13:34.0592 4940 Boot type: Normal boot

13:13:34.0592 4940 ============================================================

13:13:35.0044 4940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

13:13:35.0091 4940 ============================================================

13:13:35.0091 4940 \Device\Harddisk0\DR0:

13:13:35.0091 4940 MBR partitions:

13:13:35.0091 4940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x247A9091

13:13:35.0091 4940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x247A90D0, BlocksNum 0xC84240

13:13:35.0091 4940 ============================================================

13:13:35.0200 4940 C: <-> \Device\Harddisk0\DR0\Partition0

13:13:35.0387 4940 D: <-> \Device\Harddisk0\DR0\Partition1

13:13:35.0387 4940 ============================================================

13:13:35.0387 4940 Initialize success

13:13:35.0387 4940 ============================================================

13:13:41.0378 4656 ============================================================

13:13:41.0378 4656 Scan started

13:13:41.0378 4656 Mode: Manual; SigCheck; TDLFS;

13:13:41.0378 4656 ============================================================

13:13:42.0017 4656 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

13:13:42.0111 4656 !SASCORE - ok

13:13:42.0345 4656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:13:42.0376 4656 ACPI - ok

13:13:42.0517 4656 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:13:42.0532 4656 AdobeARMservice - ok

13:13:42.0641 4656 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:13:42.0657 4656 AdobeFlashPlayerUpdateSvc - ok

13:13:42.0735 4656 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

13:13:42.0797 4656 adp94xx - ok

13:13:42.0829 4656 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

13:13:42.0860 4656 adpahci - ok

13:13:42.0891 4656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

13:13:42.0907 4656 adpu160m - ok

13:13:42.0938 4656 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

13:13:42.0953 4656 adpu320 - ok

13:13:43.0000 4656 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:13:43.0094 4656 AeLookupSvc - ok

13:13:43.0172 4656 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:13:43.0281 4656 AFD - ok

13:13:43.0343 4656 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

13:13:43.0359 4656 agp440 - ok

13:13:43.0421 4656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:13:43.0437 4656 aic78xx - ok

13:13:43.0468 4656 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

13:13:43.0640 4656 ALG - ok

13:13:43.0671 4656 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

13:13:43.0687 4656 aliide - ok

13:13:43.0733 4656 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

13:13:43.0749 4656 amdagp - ok

13:13:43.0780 4656 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

13:13:43.0796 4656 amdide - ok

13:13:43.0843 4656 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

13:13:44.0061 4656 AmdK7 - ok

13:13:44.0108 4656 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

13:13:44.0170 4656 AmdK8 - ok

13:13:44.0217 4656 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

13:13:44.0295 4656 Appinfo - ok

13:13:44.0404 4656 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:13:44.0420 4656 Apple Mobile Device - ok

13:13:44.0482 4656 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

13:13:44.0513 4656 arc - ok

13:13:44.0576 4656 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

13:13:44.0607 4656 arcsas - ok

13:13:44.0716 4656 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:13:44.0747 4656 aspnet_state - ok

13:13:44.0810 4656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:13:44.0872 4656 AsyncMac - ok

13:13:44.0950 4656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:13:44.0966 4656 atapi - ok

13:13:45.0059 4656 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:13:45.0106 4656 AudioEndpointBuilder - ok

13:13:45.0122 4656 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:13:45.0184 4656 Audiosrv - ok

13:13:45.0590 4656 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

13:13:45.0793 4656 AVGIDSAgent - ok

13:13:45.0933 4656 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

13:13:45.0964 4656 AVGIDSDriver - ok

13:13:46.0011 4656 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

13:13:46.0011 4656 AVGIDSEH - ok

13:13:46.0058 4656 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

13:13:46.0073 4656 AVGIDSFilter - ok

13:13:46.0120 4656 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

13:13:46.0120 4656 AVGIDSShim - ok

13:13:46.0167 4656 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys

13:13:46.0183 4656 Avgldx86 - ok

13:13:46.0214 4656 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

13:13:46.0229 4656 Avgmfx86 - ok

13:13:46.0245 4656 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

13:13:46.0261 4656 Avgrkx86 - ok

13:13:46.0339 4656 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

13:13:46.0354 4656 Avgtdix - ok

13:13:46.0448 4656 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

13:13:46.0463 4656 avgwd - ok

13:13:46.0541 4656 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

13:13:46.0573 4656 BBSvc - ok

13:13:46.0604 4656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:13:46.0666 4656 Beep - ok

13:13:46.0744 4656 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

13:13:46.0807 4656 BITS - ok

13:13:46.0807 4656 blbdrive - ok

13:13:46.0900 4656 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

13:13:46.0916 4656 Bonjour Service - ok

13:13:46.0978 4656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:13:47.0041 4656 bowser - ok

13:13:47.0087 4656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:13:47.0134 4656 BrFiltLo - ok

13:13:47.0165 4656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:13:47.0228 4656 BrFiltUp - ok

13:13:47.0275 4656 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

13:13:47.0337 4656 Browser - ok

13:13:47.0368 4656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:13:47.0431 4656 Brserid - ok

13:13:47.0462 4656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:13:47.0524 4656 BrSerWdm - ok

13:13:47.0555 4656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:13:47.0602 4656 BrUsbMdm - ok

13:13:47.0649 4656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:13:47.0711 4656 BrUsbSer - ok

13:13:47.0758 4656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:13:47.0821 4656 BTHMODEM - ok

13:13:47.0867 4656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:13:47.0914 4656 cdfs - ok

13:13:47.0961 4656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:13:48.0008 4656 cdrom - ok

13:13:48.0039 4656 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:13:48.0070 4656 CertPropSvc - ok

13:13:48.0086 4656 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

13:13:48.0133 4656 circlass - ok

13:13:48.0179 4656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:13:48.0211 4656 CLFS - ok

13:13:48.0304 4656 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:13:48.0320 4656 clr_optimization_v2.0.50727_32 - ok

13:13:48.0351 4656 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

13:13:48.0367 4656 cmdide - ok

13:13:48.0382 4656 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

13:13:48.0398 4656 Compbatt - ok

13:13:48.0398 4656 COMSysApp - ok

13:13:48.0413 4656 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

13:13:48.0429 4656 crcdisk - ok

13:13:48.0445 4656 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

13:13:48.0507 4656 Crusoe - ok

13:13:48.0538 4656 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

13:13:48.0585 4656 CryptSvc - ok

13:13:48.0663 4656 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:13:48.0725 4656 DcomLaunch - ok

13:13:48.0788 4656 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:13:48.0819 4656 DfsC - ok

13:13:49.0006 4656 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

13:13:49.0225 4656 DFSR - ok

13:13:49.0412 4656 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

13:13:49.0459 4656 Dhcp - ok

13:13:49.0521 4656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:13:49.0537 4656 disk - ok

13:13:49.0583 4656 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

13:13:49.0646 4656 Dnscache - ok

13:13:49.0693 4656 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

13:13:49.0739 4656 dot3svc - ok

13:13:49.0786 4656 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

13:13:49.0833 4656 Dot4 - ok

13:13:49.0880 4656 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:13:49.0911 4656 Dot4Print - ok

13:13:49.0927 4656 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

13:13:49.0973 4656 dot4usb - ok

13:13:50.0051 4656 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

13:13:50.0129 4656 DPS - ok

13:13:50.0176 4656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:13:50.0207 4656 drmkaud - ok

13:13:50.0270 4656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:13:50.0332 4656 DXGKrnl - ok

13:13:50.0363 4656 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:13:50.0426 4656 E1G60 - ok

13:13:50.0488 4656 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

13:13:50.0504 4656 EapHost - ok

13:13:50.0566 4656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:13:50.0582 4656 Ecache - ok

13:13:50.0675 4656 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

13:13:50.0738 4656 ehRecvr - ok

13:13:50.0785 4656 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

13:13:50.0816 4656 ehSched - ok

13:13:50.0847 4656 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

13:13:50.0878 4656 ehstart - ok

13:13:50.0909 4656 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

13:13:50.0941 4656 elxstor - ok

13:13:51.0003 4656 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

13:13:51.0081 4656 EMDMgmt - ok

13:13:51.0143 4656 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

13:13:51.0175 4656 EventSystem - ok

13:13:51.0221 4656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:13:51.0268 4656 exfat - ok

13:13:51.0299 4656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:13:51.0346 4656 fastfat - ok

13:13:51.0393 4656 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

13:13:51.0455 4656 fdc - ok

13:13:51.0518 4656 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

13:13:51.0549 4656 fdPHost - ok

13:13:51.0596 4656 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:13:51.0643 4656 FDResPub - ok

13:13:51.0674 4656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:13:51.0689 4656 FileInfo - ok

13:13:51.0721 4656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:13:51.0767 4656 Filetrace - ok

13:13:51.0908 4656 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:13:52.0001 4656 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

13:13:52.0001 4656 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

13:13:52.0064 4656 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

13:13:52.0173 4656 flpydisk - ok

13:13:52.0220 4656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:13:52.0235 4656 FltMgr - ok

13:13:52.0345 4656 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll

13:13:52.0438 4656 FontCache - ok

13:13:52.0516 4656 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:13:52.0532 4656 FontCache3.0.0.0 - ok

13:13:52.0579 4656 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

13:13:52.0625 4656 Fs_Rec - ok

13:13:52.0672 4656 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

13:13:52.0688 4656 gagp30kx - ok

13:13:52.0735 4656 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

13:13:52.0859 4656 gpsvc - ok

13:13:53.0047 4656 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

13:13:53.0078 4656 gupdate - ok

13:13:53.0109 4656 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

13:13:53.0140 4656 gupdatem - ok

13:13:53.0187 4656 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:13:53.0218 4656 gusvc - ok

13:13:53.0281 4656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

13:13:53.0374 4656 HdAudAddService - ok

13:13:53.0437 4656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:13:53.0530 4656 HDAudBus - ok

13:13:53.0561 4656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:13:53.0624 4656 HidBth - ok

13:13:53.0655 4656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:13:53.0733 4656 HidIr - ok

13:13:53.0780 4656 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

13:13:53.0827 4656 hidserv - ok

13:13:53.0858 4656 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

13:13:53.0905 4656 HidUsb - ok

13:13:53.0951 4656 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

13:13:53.0983 4656 hkmsvc - ok

13:13:54.0014 4656 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

13:13:54.0029 4656 HpCISSs - ok

13:13:54.0154 4656 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll

13:13:54.0201 4656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

13:13:54.0201 4656 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

13:13:54.0232 4656 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll

13:13:54.0248 4656 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

13:13:54.0248 4656 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

13:13:54.0341 4656 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys

13:13:54.0451 4656 HSF_DP - ok

13:13:54.0497 4656 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

13:13:54.0529 4656 HSXHWBS2 - ok

13:13:54.0591 4656 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:13:54.0716 4656 HTTP - ok

13:13:54.0747 4656 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

13:13:54.0763 4656 i2omp - ok

13:13:54.0841 4656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:13:54.0856 4656 i8042prt - ok

13:13:54.0887 4656 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

13:13:54.0934 4656 iaStorV - ok

13:13:55.0043 4656 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:13:55.0137 4656 idsvc - ok

13:13:55.0199 4656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:13:55.0231 4656 iirsp - ok

13:13:55.0309 4656 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

13:13:55.0418 4656 IKEEXT - ok

13:13:55.0605 4656 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys

13:13:55.0855 4656 IntcAzAudAddService - ok

13:13:56.0026 4656 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

13:13:56.0042 4656 intelide - ok

13:13:56.0089 4656 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

13:13:56.0245 4656 intelppm - ok

13:13:56.0291 4656 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

13:13:56.0354 4656 IPBusEnum - ok

13:13:56.0401 4656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:13:56.0432 4656 IpFilterDriver - ok

13:13:56.0432 4656 IpInIp - ok

13:13:56.0463 4656 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

13:13:56.0510 4656 IPMIDRV - ok

13:13:56.0557 4656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:13:56.0603 4656 IPNAT - ok

13:13:56.0635 4656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:13:56.0666 4656 IRENUM - ok

13:13:56.0681 4656 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

13:13:56.0697 4656 isapnp - ok

13:13:56.0744 4656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:13:56.0759 4656 iScsiPrt - ok

13:13:56.0791 4656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:13:56.0791 4656 iteatapi - ok

13:13:56.0822 4656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:13:56.0837 4656 iteraid - ok

13:13:56.0853 4656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:13:56.0869 4656 kbdclass - ok

13:13:56.0900 4656 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

13:13:56.0962 4656 kbdhid - ok

13:13:57.0009 4656 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:13:57.0056 4656 KeyIso - ok

13:13:57.0103 4656 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:13:57.0196 4656 KSecDD - ok

13:13:57.0290 4656 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

13:13:57.0337 4656 KtmRm - ok

13:13:57.0399 4656 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

13:13:57.0493 4656 LanmanServer - ok

13:13:57.0539 4656 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

13:13:57.0586 4656 LanmanWorkstation - ok

13:13:57.0695 4656 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) c:\Program Files\Common Files\LightScribe\LSSrvc.exe

13:13:57.0727 4656 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

13:13:57.0727 4656 LightScribeService - detected UnsignedFile.Multi.Generic (1)

13:13:57.0758 4656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:13:57.0820 4656 lltdio - ok

13:13:57.0883 4656 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

13:13:57.0961 4656 lltdsvc - ok

13:13:58.0007 4656 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:13:58.0117 4656 lmhosts - ok

13:13:58.0179 4656 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

13:13:58.0210 4656 LSI_FC - ok

13:13:58.0226 4656 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

13:13:58.0257 4656 LSI_SAS - ok

13:13:58.0288 4656 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

13:13:58.0319 4656 LSI_SCSI - ok

13:13:58.0351 4656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:13:58.0366 4656 luafv - ok

13:13:58.0444 4656 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

13:13:58.0460 4656 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning

13:13:58.0460 4656 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)

13:13:58.0491 4656 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

13:13:58.0507 4656 Mcx2Svc - ok

13:13:58.0616 4656 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:13:58.0631 4656 MDM - ok

13:13:58.0663 4656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:13:58.0694 4656 mdmxsdk - ok

13:13:58.0741 4656 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

13:13:58.0756 4656 megasas - ok

13:13:58.0787 4656 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:13:58.0834 4656 MMCSS - ok

13:13:58.0865 4656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:13:58.0912 4656 Modem - ok

13:13:58.0959 4656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:13:59.0006 4656 monitor - ok

13:13:59.0068 4656 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

13:13:59.0099 4656 motmodem - ok

13:13:59.0162 4656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:13:59.0177 4656 mouclass - ok

13:13:59.0209 4656 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

13:13:59.0255 4656 mouhid - ok

13:13:59.0302 4656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:13:59.0318 4656 MountMgr - ok

13:13:59.0349 4656 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

13:13:59.0365 4656 mpio - ok

13:13:59.0411 4656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:13:59.0443 4656 mpsdrv - ok

13:13:59.0489 4656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:13:59.0505 4656 Mraid35x - ok

13:13:59.0536 4656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:13:59.0552 4656 MRxDAV - ok

13:13:59.0599 4656 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:13:59.0630 4656 mrxsmb - ok

13:13:59.0661 4656 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:13:59.0770 4656 mrxsmb10 - ok

13:13:59.0786 4656 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:13:59.0848 4656 mrxsmb20 - ok

13:13:59.0879 4656 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

13:13:59.0895 4656 msahci - ok

13:13:59.0926 4656 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

13:13:59.0942 4656 msdsm - ok

13:13:59.0973 4656 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

13:14:00.0004 4656 MSDTC - ok

13:14:00.0051 4656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:14:00.0098 4656 Msfs - ok

13:14:00.0160 4656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:14:00.0176 4656 msisadrv - ok

13:14:00.0238 4656 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

13:14:00.0332 4656 MSiSCSI - ok

13:14:00.0332 4656 msiserver - ok

13:14:00.0441 4656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:14:00.0472 4656 MSKSSRV - ok

13:14:00.0503 4656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:14:00.0519 4656 MSPCLOCK - ok

13:14:00.0535 4656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:14:00.0581 4656 MSPQM - ok

13:14:00.0613 4656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:14:00.0644 4656 MsRPC - ok

13:14:00.0659 4656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:14:00.0675 4656 mssmbios - ok

13:14:00.0706 4656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:14:00.0737 4656 MSTEE - ok

13:14:00.0769 4656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:14:00.0784 4656 Mup - ok

13:14:00.0831 4656 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

13:14:00.0893 4656 napagent - ok

13:14:00.0940 4656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:14:00.0987 4656 NativeWifiP - ok

13:14:01.0034 4656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:14:01.0096 4656 NDIS - ok

13:14:01.0174 4656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:14:01.0205 4656 NdisTapi - ok

13:14:01.0237 4656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:14:01.0283 4656 Ndisuio - ok

13:14:01.0315 4656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:14:01.0346 4656 NdisWan - ok

13:14:01.0377 4656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:14:01.0408 4656 NDProxy - ok

13:14:01.0471 4656 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll

13:14:01.0471 4656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:14:01.0471 4656 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:14:01.0486 4656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:14:01.0533 4656 NetBIOS - ok

13:14:01.0580 4656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:14:01.0642 4656 netbt - ok

13:14:01.0673 4656 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:14:01.0689 4656 Netlogon - ok

13:14:01.0767 4656 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

13:14:01.0876 4656 Netman - ok

13:14:01.0907 4656 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

13:14:01.0970 4656 netprofm - ok

13:14:02.0609 4656 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:14:02.0781 4656 NetTcpPortSharing - ok

13:14:03.0202 4656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:14:03.0233 4656 nfrd960 - ok

13:14:03.0296 4656 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

13:14:03.0358 4656 NlaSvc - ok

13:14:03.0436 4656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:14:03.0452 4656 Npfs - ok

13:14:03.0608 4656 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

13:14:03.0717 4656 nsi - ok

13:14:03.0873 4656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:14:03.0935 4656 nsiproxy - ok

13:14:07.0664 4656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:14:08.0553 4656 Ntfs - ok

13:14:08.0709 4656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:14:08.0818 4656 ntrigdigi - ok

13:14:09.0005 4656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:14:09.0130 4656 Null - ok

13:14:15.0776 4656 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys

13:14:17.0866 4656 NVENETFD - ok

13:14:54.0230 4656 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:15:09.0159 4656 nvlddmkm - ok

13:15:16.0149 4656 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

13:15:16.0196 4656 nvraid - ok

13:15:16.0430 4656 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys

13:15:16.0523 4656 nvstor - ok

13:15:16.0601 4656 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys

13:15:16.0632 4656 nvstor32 - ok

13:15:17.0256 4656 nvsvc (cf7769f13b3ecc5e2bf1b3d1c5831ae8) C:\Windows\system32\nvvsvc.exe

13:15:17.0381 4656 nvsvc - ok

13:15:17.0631 4656 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

13:15:17.0771 4656 nv_agp - ok

13:15:17.0771 4656 NwlnkFlt - ok

13:15:17.0802 4656 NwlnkFwd - ok

13:15:18.0972 4656 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:15:19.0503 4656 odserv - ok

13:15:19.0986 4656 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

13:15:20.0142 4656 ohci1394 - ok

13:15:22.0015 4656 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:15:22.0218 4656 ose - ok

13:15:27.0569 4656 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:15:28.0911 4656 p2pimsvc - ok

13:15:28.0942 4656 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:15:29.0113 4656 p2psvc - ok

13:15:30.0003 4656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:15:30.0221 4656 Parport - ok

13:15:31.0048 4656 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

13:15:31.0110 4656 partmgr - ok

13:15:31.0438 4656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:15:31.0703 4656 Parvdm - ok

13:15:32.0062 4656 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

13:15:32.0577 4656 PcaSvc - ok

13:15:34.0074 4656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:15:34.0246 4656 pci - ok

13:15:34.0511 4656 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:15:34.0558 4656 pciide - ok

13:15:36.0586 4656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:15:36.0820 4656 pcmcia - ok

13:15:45.0150 4656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:15:45.0649 4656 PEAUTH - ok

13:15:48.0863 4656 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

13:15:49.0425 4656 pla - ok

13:15:54.0339 4656 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

13:15:54.0604 4656 PlugPlay - ok

13:15:55.0228 4656 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll

13:15:55.0306 4656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:15:55.0306 4656 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:16:00.0782 4656 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:16:01.0859 4656 PNRPAutoReg - ok

13:16:01.0874 4656 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:16:01.0968 4656 PNRPsvc - ok

13:16:04.0214 4656 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

13:16:04.0573 4656 PolicyAgent - ok

13:16:04.0932 4656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:16:04.0994 4656 PptpMiniport - ok

13:16:05.0509 4656 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

13:16:05.0681 4656 Processor - ok

13:16:05.0884 4656 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

13:16:05.0915 4656 ProfSvc - ok

13:16:06.0102 4656 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:16:06.0118 4656 ProtectedStorage - ok

13:16:06.0523 4656 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys

13:16:06.0742 4656 Ps2 - ok

13:16:07.0506 4656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:16:07.0646 4656 PSched - ok

13:16:08.0021 4656 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

13:16:08.0036 4656 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

13:16:08.0036 4656 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

13:16:13.0247 4656 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

13:16:14.0261 4656 ql2300 - ok

13:16:15.0384 4656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:16:15.0462 4656 ql40xx - ok

13:16:17.0989 4656 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

13:16:18.0395 4656 QWAVE - ok

13:16:19.0112 4656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:16:19.0300 4656 QWAVEdrv - ok

13:16:19.0612 4656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:16:19.0814 4656 RasAcd - ok

13:16:21.0905 4656 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

13:16:22.0108 4656 RasAuto - ok

13:16:22.0669 4656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:16:22.0856 4656 Rasl2tp - ok

13:16:24.0884 4656 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

13:16:24.0994 4656 RasMan - ok

13:16:25.0337 4656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:16:25.0493 4656 RasPppoe - ok

13:16:25.0711 4656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:16:25.0789 4656 RasSstp - ok

13:16:27.0396 4656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:16:27.0599 4656 rdbss - ok

13:16:27.0724 4656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:16:27.0833 4656 RDPCDD - ok

13:16:29.0050 4656 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

13:16:29.0206 4656 rdpdr - ok

13:16:29.0299 4656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:16:29.0346 4656 RDPENCDD - ok

13:16:30.0344 4656 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

13:16:30.0563 4656 RDPWD - ok

13:16:30.0890 4656 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

13:16:31.0015 4656 RemoteAccess - ok

13:16:31.0609 4656 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

13:16:31.0749 4656 RemoteRegistry - ok

13:16:31.0921 4656 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:16:32.0405 4656 RpcLocator - ok

13:16:34.0933 4656 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:16:35.0354 4656 RpcSs - ok

13:16:35.0728 4656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:16:35.0775 4656 rspndr - ok

13:16:35.0962 4656 ryjqwor (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\fnwg.sys

13:16:35.0978 4656 ryjqwor ( UnsignedFile.Multi.Generic ) - warning

13:16:35.0978 4656 ryjqwor - detected UnsignedFile.Multi.Generic (1)

13:16:36.0181 4656 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:16:36.0228 4656 SamSs - ok

13:16:36.0914 4656 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:16:36.0976 4656 SASDIFSV - ok

13:16:37.0585 4656 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

13:16:37.0600 4656 SASKUTIL - ok

13:16:37.0897 4656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:16:37.0959 4656 sbp2port - ok

13:16:38.0521 4656 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

13:16:38.0614 4656 SCardSvr - ok

13:16:39.0940 4656 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

13:16:40.0471 4656 Schedule - ok

13:16:40.0533 4656 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:16:40.0580 4656 SCPolicySvc - ok

13:16:41.0235 4656 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

13:16:41.0360 4656 SDRSVC - ok

13:16:43.0747 4656 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

13:16:43.0762 4656 SeaPort - ok

13:16:43.0965 4656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:16:44.0152 4656 secdrv - ok

13:16:44.0433 4656 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

13:16:44.0511 4656 seclogon - ok

13:16:45.0369 4656 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

13:16:45.0478 4656 SENS - ok

13:16:45.0666 4656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:16:45.0790 4656 Serenum - ok

13:16:46.0118 4656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:16:46.0227 4656 Serial - ok

13:16:46.0461 4656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:16:46.0508 4656 sermouse - ok

13:16:47.0116 4656 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

13:16:47.0241 4656 SessionEnv - ok

13:16:47.0522 4656 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

13:16:47.0709 4656 sffdisk - ok

13:16:47.0896 4656 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

13:16:48.0084 4656 sffp_mmc - ok

13:16:48.0286 4656 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

13:16:48.0411 4656 sffp_sd - ok

13:16:48.0614 4656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:16:48.0786 4656 sfloppy - ok

13:16:50.0408 4656 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

13:16:50.0689 4656 ShellHWDetection - ok

13:16:51.0079 4656 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

13:16:51.0172 4656 sisagp - ok

13:16:51.0328 4656 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

13:16:51.0360 4656 SiSRaid2 - ok

13:16:52.0140 4656 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

13:16:52.0280 4656 SiSRaid4 - ok

13:17:01.0297 4656 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

13:17:05.0041 4656 slsvc - ok

13:17:07.0162 4656 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

13:17:07.0303 4656 SLUINotify - ok

13:17:08.0067 4656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:17:08.0114 4656 Smb - ok

13:17:08.0270 4656 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:17:08.0317 4656 SNMPTRAP - ok

13:17:08.0676 4656 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

13:17:08.0707 4656 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning

13:17:08.0707 4656 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)

13:17:08.0754 4656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:17:08.0769 4656 spldr - ok

13:17:08.0863 4656 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

13:17:08.0941 4656 Spooler - ok

13:17:09.0112 4656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:17:09.0190 4656 srv - ok

13:17:09.0346 4656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:17:09.0409 4656 srv2 - ok

13:17:09.0456 4656 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:17:09.0471 4656 srvnet - ok

13:17:09.0534 4656 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys

13:17:09.0565 4656 sscdbus - ok

13:17:09.0580 4656 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys

13:17:09.0596 4656 sscdmdfl - ok

13:17:09.0627 4656 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys

13:17:09.0643 4656 sscdmdm - ok

13:17:09.0674 4656 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys

13:17:09.0690 4656 sscdserd - ok

13:17:10.0002 4656 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

13:17:10.0111 4656 SSDPSRV - ok

13:17:10.0158 4656 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

13:17:10.0220 4656 SstpSvc - ok

13:17:10.0329 4656 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

13:17:10.0407 4656 stisvc - ok

13:17:10.0750 4656 stllssvr (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

13:17:10.0782 4656 stllssvr - ok

13:17:10.0828 4656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:17:10.0844 4656 swenum - ok

13:17:10.0922 4656 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

13:17:11.0000 4656 swprv - ok

13:17:11.0000 4656 sxuptp - ok

13:17:11.0047 4656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:17:11.0062 4656 Symc8xx - ok

13:17:11.0078 4656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:17:11.0094 4656 Sym_hi - ok

13:17:11.0125 4656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:17:11.0140 4656 Sym_u3 - ok

13:17:11.0562 4656 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

13:17:11.0655 4656 SysMain - ok

13:17:11.0702 4656 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:17:11.0780 4656 TabletInputService - ok

13:17:12.0061 4656 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

13:17:12.0123 4656 TapiSrv - ok

13:17:12.0170 4656 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

13:17:12.0201 4656 TBS - ok

13:17:12.0654 4656 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

13:17:12.0732 4656 Tcpip - ok

13:17:12.0747 4656 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

13:17:12.0810 4656 Tcpip6 - ok

13:17:12.0919 4656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

13:17:12.0950 4656 tcpipreg - ok

13:17:12.0997 4656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:17:13.0044 4656 TDPIPE - ok

13:17:13.0075 4656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:17:13.0106 4656 TDTCP - ok

13:17:13.0184 4656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:17:13.0215 4656 tdx - ok

13:17:13.0246 4656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:17:13.0278 4656 TermDD - ok

13:17:13.0356 4656 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

13:17:13.0402 4656 TermService - ok

13:17:13.0543 4656 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

13:17:13.0590 4656 Themes - ok

13:17:13.0652 4656 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:17:13.0683 4656 THREADORDER - ok

13:17:13.0699 4656 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

13:17:13.0761 4656 TrkWks - ok

13:17:13.0824 4656 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

13:17:13.0855 4656 TrustedInstaller - ok

13:17:13.0902 4656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:17:13.0964 4656 tssecsrv - ok

13:17:14.0026 4656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:17:14.0058 4656 tunmp - ok

13:17:14.0089 4656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:17:14.0120 4656 tunnel - ok

13:17:14.0182 4656 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

13:17:14.0198 4656 uagp35 - ok

13:17:14.0214 4656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:17:14.0276 4656 udfs - ok

13:17:14.0385 4656 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

13:17:14.0432 4656 UI0Detect - ok

13:17:14.0463 4656 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

13:17:14.0479 4656 uliagpkx - ok

13:17:14.0494 4656 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

13:17:14.0526 4656 uliahci - ok

13:17:14.0557 4656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:17:14.0572 4656 UlSata - ok

13:17:14.0588 4656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:17:14.0604 4656 ulsata2 - ok

13:17:14.0635 4656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:17:14.0682 4656 umbus - ok

13:17:14.0791 4656 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

13:17:14.0853 4656 upnphost - ok

13:17:14.0884 4656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

13:17:14.0916 4656 USBAAPL - ok

13:17:14.0962 4656 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

13:17:14.0994 4656 usbaudio - ok

13:17:15.0040 4656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:17:15.0087 4656 usbccgp - ok

13:17:15.0259 4656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:17:15.0337 4656 usbcir - ok

13:17:15.0384 4656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:17:15.0430 4656 usbehci - ok

13:17:15.0477 4656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:17:15.0524 4656 usbhub - ok

13:17:15.0555 4656 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

13:17:15.0586 4656 usbohci - ok

13:17:15.0586 4656 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

13:17:15.0664 4656 usbprint - ok

13:17:15.0711 4656 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:17:15.0727 4656 usbscan - ok

13:17:15.0742 4656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:17:15.0774 4656 USBSTOR - ok

13:17:15.0805 4656 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

13:17:15.0867 4656 usbuhci - ok

13:17:15.0898 4656 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

13:17:15.0930 4656 UxSms - ok

13:17:16.0210 4656 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

13:17:16.0288 4656 vds - ok

13:17:16.0304 4656 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

13:17:16.0351 4656 vga - ok

13:17:16.0366 4656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:17:16.0398 4656 VgaSave - ok

13:17:16.0413 4656 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

13:17:16.0429 4656 viaagp - ok

13:17:16.0460 4656 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

13:17:16.0522 4656 ViaC7 - ok

13:17:16.0585 4656 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

13:17:16.0600 4656 viaide - ok

13:17:16.0632 4656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:17:16.0647 4656 volmgr - ok

13:17:16.0710 4656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:17:16.0725 4656 volmgrx - ok

13:17:16.0866 4656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:17:16.0912 4656 volsnap - ok

13:17:16.0959 4656 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

13:17:16.0975 4656 vsmraid - ok

13:17:17.0053 4656 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

13:17:17.0209 4656 VSS - ok

13:17:17.0287 4656 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

13:17:17.0334 4656 W32Time - ok

13:17:17.0427 4656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:17:17.0490 4656 WacomPen - ok

13:17:17.0802 4656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:17:17.0864 4656 Wanarp - ok

13:17:17.0880 4656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:17:17.0926 4656 Wanarpv6 - ok

13:17:17.0989 4656 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

13:17:18.0051 4656 wcncsvc - ok

13:17:18.0098 4656 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:17:18.0129 4656 WcsPlugInService - ok

13:17:18.0192 4656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

13:17:18.0192 4656 Wd - ok

13:17:18.0254 4656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

13:17:18.0301 4656 Wdf01000 - ok

13:17:18.0332 4656 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:17:18.0363 4656 WdiServiceHost - ok

13:17:18.0379 4656 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:17:18.0410 4656 WdiSystemHost - ok

13:17:18.0660 4656 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

13:17:18.0706 4656 WebClient - ok

13:17:18.0738 4656 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

13:17:18.0769 4656 Wecsvc - ok

13:17:18.0816 4656 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

13:17:18.0878 4656 wercplsupport - ok

13:17:18.0925 4656 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

13:17:18.0956 4656 WerSvc - ok

13:17:19.0018 4656 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:17:19.0096 4656 winachsf - ok

13:17:19.0112 4656 WinHttpAutoProxySvc - ok

13:17:19.0221 4656 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

13:17:19.0284 4656 Winmgmt - ok

13:17:19.0627 4656 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

13:17:19.0783 4656 WinRM - ok

13:17:19.0908 4656 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

13:17:20.0032 4656 Wlansvc - ok

13:17:20.0188 4656 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

13:17:20.0298 4656 WmiAcpi - ok

13:17:20.0625 4656 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

13:17:20.0703 4656 wmiApSrv - ok

13:17:21.0187 4656 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:17:21.0312 4656 WMPNetworkSvc - ok

13:17:21.0390 4656 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

13:17:21.0452 4656 WPCSvc - ok

13:17:21.0530 4656 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

13:17:21.0561 4656 WPDBusEnum - ok

13:17:21.0686 4656 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:17:21.0702 4656 WpdUsb - ok

13:17:21.0733 4656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:17:21.0795 4656 ws2ifsl - ok

13:17:21.0811 4656 WSearch - ok

13:17:22.0029 4656 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

13:17:22.0154 4656 wuauserv - ok

13:17:22.0310 4656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:17:22.0388 4656 WUDFRd - ok

13:17:22.0497 4656 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

13:17:22.0528 4656 wudfsvc - ok

13:17:22.0575 4656 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

13:17:22.0591 4656 XAudio - ok

13:17:22.0638 4656 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

13:17:22.0669 4656 XAudioService - ok

13:17:22.0950 4656 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

13:17:23.0059 4656 YahooAUService - ok

13:17:23.0090 4656 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0

13:17:23.0262 4656 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:17:23.0262 4656 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:17:23.0277 4656 Boot (0x1200) (5018e2ce3e0478ba009695899db10f16) \Device\Harddisk0\DR0\Partition0

13:17:23.0277 4656 \Device\Harddisk0\DR0\Partition0 - ok

13:17:23.0293 4656 Boot (0x1200) (c83fb83e25bc24c226da38c40380c01e) \Device\Harddisk0\DR0\Partition1

13:17:23.0293 4656 \Device\Harddisk0\DR0\Partition1 - ok

13:17:23.0293 4656 ============================================================

13:17:23.0293 4656 Scan finished

13:17:23.0293 4656 ============================================================

13:17:23.0308 2380 Detected object count: 11

13:17:23.0308 2380 Actual detected object count: 11

13:18:03.0653 2380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0653 2380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0653 2380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0653 2380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0669 2380 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0669 2380 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0669 2380 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0669 2380 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0669 2380 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0669 2380 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0669 2380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0669 2380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0684 2380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0684 2380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0684 2380 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0684 2380 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0700 2380 ryjqwor ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0700 2380 ryjqwor ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0700 2380 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:03.0700 2380 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:19:36.0473 5608 Deinitialize success

Share this post


Link to post
Share on other sites

OTL logfile created on: 6/26/2012 1:21:28 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Michael&Mary\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.26% Memory free

6.10 Gb Paging File | 4.60 Gb Available in Paging File | 75.43% Paging File free

Paging file location(s): c:\pagefile.sys 2875 2875 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.83 Gb Total Space | 142.77 Gb Free Space | 48.92% Space Free | Partition Type: NTFS

Drive D: | 6.26 Gb Total Space | 0.90 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: MMSCOMP | User Name: Michael&Mary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 13:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe

PRC - [2012/06/21 00:18:22 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/17 20:10:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/08/02 06:08:34 | 000,967,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgscanx.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/03/11 22:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

PRC - [2007/03/11 22:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe

PRC - [2007/03/11 22:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/26 10:58:11 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/06/26 10:58:11 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2011/08/05 08:20:54 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2011/08/05 08:20:54 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2010/01/27 07:18:57 | 000,163,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll

MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 19:27:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/17 20:10:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/04/02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2009/03/30 18:31:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/03/23 20:21:51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/06/04 23:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2007/06/04 23:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\MICHAE~1\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/06/26 11:53:59 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\fnwg.sys -- (ryjqwor)

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/08/05 08:17:19 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/08/05 08:17:19 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)

DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)

DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)

DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{0B0219F8-2B01-4167-BD43-A36C53CD08E8}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{5E21637A-9BD5-4ED5-9A15-F6C95F06AB2A}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS365

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7A7941BE-96CA-4810-8DF3-8C565390C872}&mid=4ca587aa215cf3075cd69d3275846ec1-2793da85c7042633c4b74aabcfbe61472fe2a859〈=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{BFB66404-4CC9-4A7D-9BC7-8216115A8AB2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{CD34A348-F951-4788-AB5B-A54131B373F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Michael&Mary\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/03 14:12:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/05 16:53:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/24 19:15:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/03 14:12:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (UserZoomBHO Class) - {246E2928-34B8-48D9-BE73-38BA37241E5B} - C:\Windows\Downloaded Program Files\UserZoom.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKU\S-1-5-19..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.commissarycoupons.com/scriptx/smsx.cab (MeadCo ScriptX)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Citrix ICA Client)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)

O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Reg Error: Key error.)

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object)

O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab (BewitchedGameClass Control)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab (Zylom Games Player)

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)

O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab (SproutLauncherCtrl Class)

O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} https://server.userzoom.com/uz/UserZoom.cab (CUZControl Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} http://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab (CPlayFirstDDPrilosecControl Object)

O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} http://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab (CPlayFirstDressShopHControl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/26 04:21:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{46b8b70f-dd03-11db-9ae5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{46b8b70f-dd03-11db-9ae5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe

O33 - MountPoints2\{f264cf93-bc99-11db-9e35-001a92100efa}\Shell\AutoRun\command - "" = K:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 13:13:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe

[2012/06/26 13:11:12 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael&Mary\Desktop\tdsskiller.exe

[2012/06/26 11:50:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michael&Mary\Desktop\dds.scr

[2012/06/15 11:48:29 | 000,000,000 | ---D | C] -- C:\Users\Michael&Mary\Documents\Utility Receipts

[2012/06/09 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Michael&Mary\AppData\Roaming\Sibelius Software

[2012/06/09 12:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sibelius Software

[2007/10/28 14:57:13 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 13:27:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/26 13:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe

[2012/06/26 13:11:19 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael&Mary\Desktop\tdsskiller.exe

[2012/06/26 12:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/26 11:53:59 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fnwg.sys

[2012/06/26 11:50:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michael&Mary\Desktop\dds.scr

[2012/06/26 10:56:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/26 10:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/26 10:56:19 | 3622,363,136 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/26 10:46:20 | 100,725,600 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2012/06/25 21:50:15 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job

[2012/06/25 16:33:53 | 000,664,798 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

[2012/06/18 02:28:21 | 000,287,289 | ---- | M] () -- C:\Users\Michael&Mary\Documents\Bolt Type-Chart.pdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 11:56:59 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@

[2012/06/26 11:56:59 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@

[2012/06/26 11:56:57 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@

[2012/06/26 11:53:59 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fnwg.sys

[2012/06/18 02:28:21 | 000,287,289 | ---- | C] () -- C:\Users\Michael&Mary\Documents\Bolt Type-Chart.pdf

[2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@

[2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@

[2011/12/16 18:35:42 | 000,000,358 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\com.mcmguides.pdg.NCO.2011_state.xml

[2010/12/25 23:06:02 | 3622,363,136 | -HS- | C] () -- \hiberfil.sys

[2010/12/15 12:26:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/07/13 06:15:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2010/07/13 06:15:03 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2009/03/29 18:38:47 | 000,077,973 | ---- | C] () -- C:\Users\Michael&Mary\water2.jpg

[2009/03/29 18:38:29 | 000,048,359 | ---- | C] () -- C:\Users\Michael&Mary\water1.jpg

[2009/03/29 16:54:11 | 000,043,626 | ---- | C] () -- C:\Users\Michael&Mary\brook-header.jpg

[2009/01/24 11:01:45 | 000,000,094 | ---- | C] () -- C:\Users\Michael&Mary\couponmanager.properties

[2008/07/09 11:45:51 | 000,000,064 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\Statdisk.prefs

[2008/05/22 22:43:15 | 000,000,058 | ---- | C] () -- C:\Users\Michael&Mary\1.feq

[2007/08/28 09:56:38 | 000,000,000 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\wklnhst.dat

[2007/04/22 02:04:18 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS

[2007/04/22 02:04:18 | 000,000,000 | RHS- | C] () -- \IO.SYS

[2006/12/26 04:00:36 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK

[2006/12/26 04:00:34 | 000,333,257 | RHS- | C] () -- \bootmgr

[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat

[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== LOP Check ==========

[2009/03/28 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Alien Skin

[2008/12/15 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Amazon

[2012/05/24 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\AVG2012

[2011/01/04 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Barnes & Noble

[2011/02/26 02:04:51 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Catalina Marketing Corp

[2011/12/16 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\com.mcmguides.pdg.NCO.2011

[2008/03/14 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Design Science

[2010/01/18 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\E-centives

[2008/11/06 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\foobar2000

[2008/09/19 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Gamelab

[2008/06/03 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Hoyle Casino

[2008/06/03 13:22:55 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Hoyle FaceCreator

[2007/02/17 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\ICAClient

[2008/07/03 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Jane s Hotel Family Hero

[2009/03/21 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\KompoZer

[2008/05/20 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\LimeWire

[2008/11/11 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Math Mechanixs

[2007/04/21 00:06:26 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\muvee Technologies

[2011/03/02 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PDG Studyware

[2008/12/19 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PlayFirst

[2009/04/22 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PoBros

[2007/03/12 09:48:59 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PureEdge

[2010/06/02 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Skip-Bo

[2007/08/28 09:57:30 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Template

[2010/11/16 01:40:49 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\TweakNow PowerPack 2010

[2009/12/23 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\TweakNow RegCleaner

[2008/12/19 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Valusoft

[2008/09/24 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Wildgames_JanesRealty

[2009/04/20 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\WildTangentv1002

[2007/07/12 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\WinBatch

[2012/06/26 10:55:22 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/06/25 21:50:15 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E95B6FD

< End of report >

OTL Extras logfile created on: 6/26/2012 1:21:28 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Michael&Mary\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.26% Memory free

6.10 Gb Paging File | 4.60 Gb Available in Paging File | 75.43% Paging File free

Paging file location(s): c:\pagefile.sys 2875 2875 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.83 Gb Total Space | 142.77 Gb Free Space | 48.92% Space Free | Partition Type: NTFS

Drive D: | 6.26 Gb Total Space | 0.90 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: MMSCOMP | User Name: Michael&Mary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallDisableNotify" = 0

"FirewallOverride" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 23

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer

"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX

"{3C2E50C9-1B4C-C582-2E1A-98167D48B6E8}" = PDG GOLD NCO - 2011

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7

"{6B6DFA96-41E6-4FD7-B380-51764CF7A4BF}" = Trigonometry Solved!

"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A11AC02-C461-42B2-B575-B29FB884FBFB}" = e-Sword

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8713CE86-5F4D-4A80-825E-AC1B2C777F85}" = honestech Audio Recorder 2.0 Deluxe

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}" = honestech Audio Recorder 2.0 Deluxe

"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony

"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing

"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer

"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200

"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0

"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min

"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core

"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

"Amazon Kindle" = Amazon Kindle

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"Audacity_is1" = Audacity 1.2.6

"AVG" = AVG 2012

"BN_DesktopReader" = NOOK for PC

"CCleaner" = CCleaner

"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.mcmguides.pdg.NCO.2011" = PDG GOLD NCO - 2011

"Coupon Printer for Windows1.0" = Coupon Printer for Windows

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"DSMT6" = MathType 6

"Eye Candy 4000" = Eye Candy 4000

"Free Window Registry Repair" = Free Window Registry Repair

"Funnix Begin Reading 1-40" = Funnix Begin Reading 1-40

"GOM Player" = GOM Player

"Google Desktop" = Google Desktop Search

"Graphmatica" = Graphmatica

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Math Mechanixs_is1" = Math Mechanixs

"Math Trek 1, 2, 3" = Math Trek 1, 2, 3

"Math Trek 4, 5, 6" = Math Trek 4, 5, 6

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MobTime Cell Phone Manager_is1" = MobTime Cell Phone Manager V6.6.5

"Monopoly Here & Now Edition" = Monopoly Here & Now Edition (remove only)

"Multiplex" = Multiplex 1.0

"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7

"NVIDIA Drivers" = NVIDIA Drivers

"Oracle JInitiator 1.3.1.17" = Oracle JInitiator 1.3.1.17

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"Phonics" = Phonics

"PROPLUSR" = Microsoft Office Professional Plus 2007

"QuicktimeAlt_is1" = QuickTime Alternative 1.81

"Reading" = Reading

"Recuva" = Recuva

"Revo Uninstaller" = Revo Uninstaller 1.94

"SysInfo" = Creative System Information

"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010

"TweakNow RegCleaner_is1" = TweakNow RegCleaner

"UMS 9.9 equation" = UMS 9.9 equation

"WinRAR archiver" = WinRAR archiver

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Master Your CDC 3.0" = Master Your CDC 3.0

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

"PDG Gold 4.0" = PDG Gold 4.0

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/26/2012 11:40:18 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:40:20 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:40:22 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:40:23 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:42:01 AM | Computer Name = MMscomp | Source = WinMgmt | ID = 28

Description =

Error - 6/26/2012 11:56:37 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:56:38 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:56:41 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:57:01 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542

Description = Windows cannot load classes registry file. DETAIL - The system cannot

find the file specified.

Error - 6/26/2012 11:57:09 AM | Computer Name = MMscomp | Source = WinMgmt | ID = 28

Description =

[ Media Center Events ]

Error - 4/18/2008 4:26:02 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 9:27:04 AM | Computer Name = MMscomp | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/20/2008 5:44:26 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 3:33:57 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 6/26/2012 1:40:36 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/26/2012 1:40:45 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/26/2012 1:41:04 AM | Computer Name = MMscomp | Source = Print | ID = 19

Description = The print spooler failed to share printer HP Photosmart C4200 series

with shared resource name HP Photosmart C4200 series. Error 1753. The printer cannot

be used by others on the network.

Error - 6/26/2012 11:39:51 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/26/2012 11:40:01 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/26/2012 11:40:11 AM | Computer Name = MMscomp | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.2 for the Network Card with network

address 001A92100EFA has been denied by the DHCP server 192.168.2.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/26/2012 11:40:19 AM | Computer Name = MMscomp | Source = Print | ID = 19

Description = The print spooler failed to share printer HP Photosmart C4200 series

with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot

be used by others on the network.

Error - 6/26/2012 11:55:59 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/26/2012 11:56:16 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/26/2012 11:56:38 AM | Computer Name = MMscomp | Source = Print | ID = 19

Description = The print spooler failed to share printer HP Photosmart C4200 series

with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot

be used by others on the network.

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and use Delete option for these entries:

13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKU\S-1-5-19..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found
    O4 - HKU\S-1-5-20..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found
    [2012/06/26 11:56:59 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@
    [2012/06/26 11:56:59 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@
    [2012/06/26 11:56:57 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@
    [2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@
    [2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@
    [2008/05/20 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\LimeWire

    :files
    C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}
    C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

I ran the programs as requested. One question though, I still have AVG running and when Malwarebytes runs AVG will pop up with a message about the trojans we're trying to get rid of. Is this ok? Should I turn off AVG when running Malwarebytes? Here are the logs.

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ moved successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ moved successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ moved successfully.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ moved successfully.

C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ moved successfully.

C:\Users\Michael&Mary\AppData\Roaming\LimeWire\xml\data folder moved successfully.

C:\Users\Michael&Mary\AppData\Roaming\LimeWire\xml folder moved successfully.

C:\Users\Michael&Mary\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.

C:\Users\Michael&Mary\AppData\Roaming\LimeWire\themes folder moved successfully.

C:\Users\Michael&Mary\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.

C:\Users\Michael&Mary\AppData\Roaming\LimeWire folder moved successfully.

========== FILES ==========

C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully.

C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\L folder moved successfully.

C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} folder moved successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Michael&Mary\Desktop\cmd.bat deleted successfully.

C:\Users\Michael&Mary\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Default

->Temporary Internet Files folder emptied: 33170 bytes

User: Michael&Mary

->Temporary Internet Files folder emptied: 294804 bytes

->Flash cache emptied: 60068 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 14508 bytes

RecycleBin emptied: 5184989 bytes

Total Files Cleaned = 5.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.53.0 log created on 06272012_104945

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully.

C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} folder moved successfully.

PendingFileRenameOperations files...

[2012/06/27 10:55:24 | 000,003,696 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5

[2012/06/27 10:55:24 | 000,003,696 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5

File C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19272

Michael&Mary :: MMSCOMP [administrator]

6/27/2012 11:14:20 AM

mbam-log-2012-06-27 (11-14-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205192

Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Make sure your AVG is up-to-date and perform a full system scan. Let me know.

Share this post


Link to post
Share on other sites

This is what AVG found

"";"C:\Windows\System32\services.exe";"Trojan horse Patched_c.LYT";"Object is white-listed (critical/system file that should not be removed)"

Share this post


Link to post
Share on other sites

I know about this problem. I'm working on it.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

After I turned on and logged in to my computer today, the desktop background was black, normally have a picture set as the background, and after a bit a window popped up that said "An unauthorized change was made to Windows. You must retype your Windows Vista product key to activate." This is really odd. Would any of the tools I've run so far cause this to happen? I did not put the key in yet, i just hit cancel. I ran the Combofix program and here is the log.

ComboFix 12-06-28.01 - Michael&Mary 06/28/2012 10:48:24.1.2 - x86

Running from: c:\users\Michael&Mary\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Michael&Mary\AppData\Roaming\Microsoft\Windows\Recent\scan0001.jpg

c:\users\Michael&Mary\AppData\Roaming\Microsoft\Windows\Recent\scan0002.jpg

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\AutoRun.inf

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\spsys.log

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

.

2012-06-28 15:54 . 2012-06-28 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-27 15:50 . 2012-06-27 15:50 -------- d-sh--w- c:\users\Michael&Mary\%APPDATA%

2012-06-27 15:49 . 2012-06-27 15:49 -------- d-----w- C:\_OTL

2012-06-27 15:47 . 2012-06-27 15:47 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-09 17:07 . 2012-06-09 17:07 -------- d-----w- c:\users\Michael&Mary\AppData\Roaming\Sibelius Software

2012-06-09 17:07 . 2012-06-09 17:07 -------- d-----w- c:\program files\Sibelius Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELST___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT

2012-06-02 22:19 . 2012-06-22 12:32 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 12:32 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 12:32 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 12:32 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 12:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-22 12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-22 12:32 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-22 12:32 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:12 . 2012-06-22 12:32 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 19:51 . 2012-06-13 22:25 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 06:37 . 2012-06-13 22:25 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 06:32 . 2012-06-13 22:25 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-15 06:32 . 2012-06-13 22:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-15 03:23 . 2012-06-13 22:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-05 00:27 . 2012-04-02 16:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 00:27 . 2011-06-06 01:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2012-05-25 03:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16 . 2012-05-09 23:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-09 23:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2007-10-28 19:57 . 2007-10-28 19:57 774144 ----a-w- c:\program files\RngInterstitial.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]

2010-07-13 07:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2007-01-19 18:49 4670968 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:27]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:47]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:47]

.

2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job

- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab

DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} - hxxps://server.userzoom.com/uz/UserZoom.cab

DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab

DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-28 10:58

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\AVG\AVG2012\avgwdsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\AVG\AVG2012\AVGIDSAgent.exe

c:\windows\system32\WUDFHost.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\SLUI.exe

c:\windows\System32\SLLUA.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-06-28 11:07:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-28 16:07

.

Pre-Run: 153,004,351,488 bytes free

Post-Run: 152,863,887,360 bytes free

.

- - End Of File - - 69290FD9F9D6B54A7C30940F8F2BBDC5

Share this post


Link to post
Share on other sites

Please validate your Windows. These tools do not make such changes. Then reboot and let me know how are things.

Also, do you know anything about these files?

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELST___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT

2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT

Please visit www.virustotal.com and upload the following file: c:\windows\Fonts\HELSINKI.FOT . When the scan finished, copy/paste the link in your next reply.

Share this post


Link to post
Share on other sites

It seems legitimate. About the validation, let's clean your system and will turn back to this problem

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Here's the ESET log.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b116f3437150d648ac9aa80dcbfb0c42

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-30 02:39:44

# local_time=2012-06-29 09:39:44 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 2190179 2190179 0 0

# compatibility_mode=5892 16776574 100 100 52644117 177624091 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=241140

# found=17

# cleaned=17

# scan_time=7420

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FB.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-348466c0 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-711b6879 a variant of Java/TrojanDownloader.OpenStream.NBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-77d11ed3 a variant of Java/TrojanDownloader.OpenStream.NBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Michael&Mary\Desktop\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Michael&Mary\Documents\Program Files\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79WM0YSE\mx_nan_a[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRM6ORQE\mx_nan_a[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9ALQRDM\firstload_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\06272012_104945\C_Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\06272012_104945\C_Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

javaicon.gifUPDATE JAVA

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  1. Please download JavaRa to your desktop.
    • Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.

[*]Run JavaRa.exe

[*]Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.

JavaRa1.png

[*]Open JavaRa.exe again and select Search For Updates.

[*]Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Reboot and let me know how are things then.

Share this post


Link to post
Share on other sites

I ran JavaRe and removed the old versions. Then downloaded the latest version of Java. The validation issue is the only problem that i've noticed. Ran another scan with Malwarebytes and nothing detected. Seems to be looking good so far.

Share this post


Link to post
Share on other sites

I really appreciate all of your help. One last question, do you have any advice on the Windows Vista product key validation error?

Share this post


Link to post
Share on other sites

Opss, sorry I forgot about this.

What is the error message?

Share this post


Link to post
Share on other sites

The message said "An unauthorized change was made to Windows. You must retype your Windows Vista product key to activate." When I input the product key it says it's invalid. The error code is 0xC004E003 which is "The software licensing service reported that license evaluation failed."

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.