Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Results from Instructions given in my original post: I believe I have a Virus or Trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 marirw

marirw

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 24 May 2012 - 10:40 AM

Thank-you ever so much for your help with this matter. I have performed the instructions and this is the result.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Martha at 11:32:10 on 2012-05-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4363 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Martha\AppData\Local\Apps\2.0\0V5TM8NV.P6D\ARHVQ3QY.2HX\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425191108.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - C:\Program Files (x86)\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [OPSE reminder] "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
StartupFolder: C:\Users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{9764D748-03B5-490E-94BC-965A01029523} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425191108.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Tunebite_WebRipPlugin Class: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [OPSE reminder] "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Martha\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - cd26d667-9f32-485f-8d36-5095e1b1947a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-23 103440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-21 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-21 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-21 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-16 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-16 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-16 162192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 1262400]
R2 ReplicaSysMon;Seagate Replica System Monitor;C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe [2011-9-24 416208]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-24 1153368]
R2 Seagate-Replica-Svc;Seagate Replica Service;C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe [2011-9-24 1947600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976]
S3 RRNetCap;RRNetCap Service;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-24 01:43:43 388096 ----a-r- C:\Users\Martha\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-24 01:43:42 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-23 21:24:27 -------- d-----w- C:\Users\Martha\AppData\Roaming\Dell
2012-05-23 21:24:19 -------- d-----w- C:\ProgramData\PCDr
2012-05-23 21:23:47 -------- d-----w- C:\Program Files\Dell Support Center
2012-05-23 21:22:27 -------- d-----w- C:\Users\Martha\AppData\Roaming\PCDr
2012-05-23 18:23:13 -------- d-----w- C:\Users\Martha\AppData\Roaming\NVIDIA
2012-05-23 17:06:03 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-23 14:28:19 -------- d-----w- C:\Windows\System32\SPReview
2012-05-23 11:24:09 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-05-23 11:24:08 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-05-23 11:24:07 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-05-23 11:24:03 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-05-23 11:24:03 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-05-23 11:24:03 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-05-23 11:24:03 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-05-23 11:24:02 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-05-23 11:24:02 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-05-23 11:24:01 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-05-23 11:24:00 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-05-22 22:05:17 -------- d-----w- C:\Users\Martha\AppData\Roaming\Malwarebytes
2012-05-22 22:04:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-22 22:04:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-21 12:52:43 -------- d-----w- C:\Program Files (x86)\Gimp-2.0
2012-05-21 12:46:03 -------- d-----w- C:\temp
2012-05-15 13:38:06 -------- d-----w- C:\Program Files (x86)\Picaboo Desktop
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-09 03:05:27 -------- d-----w- C:\Users\Martha\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
2012-05-08 19:55:15 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-08 19:55:15 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-08 19:55:14 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-08 19:55:14 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-08 19:55:14 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-08 19:55:14 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-08 19:55:14 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-08 19:55:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-08 19:55:13 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-08 19:55:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-08 19:54:35 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-08 19:54:33 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-08 19:54:33 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-08 19:54:32 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-08 19:54:23 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-08 19:54:16 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-08 19:54:10 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:54:10 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-08 19:54:10 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:54:09 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-08 19:54:09 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 13:58:59 -------- d-----w- C:\Users\Martha\AppData\Local\blekkotb
2012-05-07 04:53:18 479232 ----a-w- C:\Windows\SysWow64\Parrot.scr
2012-05-07 04:53:12 -------- d-----w- C:\Program Files (x86)\AV Digital Talking Parrot
2012-05-07 04:52:58 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-05-07 04:52:55 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-02 21:38:29 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 21:38:14 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 21:38:14 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 23:11:06 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
.
==================== Find3M ====================
.
2012-05-15 10:48:00 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48:00 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-15 10:48:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 10:48:00 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-05-15 10:48:00 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-05-15 10:48:00 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-05-15 10:48:00 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-05-15 10:48:00 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-15 10:48:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-07 22:43:01 2516 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-05-07 05:00:10 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 05:00:10 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-07 05:00:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

Again, thank-you.
I look forward to hearing from you at your convenience.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 PM

Posted 24 May 2012 - 12:30 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 24 May 2012 - 02:56 PM

I neglected to paste the second report included in the first instructions. This is the attachment information:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2010 4:30:08 PM
System Uptime: 5/23/2012 4:51:09 PM (19 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 717.335 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Canon MP620 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP620 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP234: 5/23/2012 10:28:08 AM - Windows 7 Service Pack 1
RP235: 5/23/2012 5:23:21 PM - Installed Dell Support Center
RP236: 5/23/2012 9:43:21 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.5.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Buzz 3D Media Converter
Canon IJ Network Scan Utility
Canon IJ Network Tool
CoffeeCup Free FTP
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo X2
Curse Client
D3DX10
doubleTwist
eReg
Feedback Tool
HiJackThis
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Legacy 7.5
Living Cookbook 2008
Manual CanoScan LiDE 35
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft Default Manager
Microsoft Money 2001
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Parrot 1.0.19(Screen Saver ability)
PDF Settings
Photodex Presenter
Picaboo Desktop
PixiePack Codec Pack
PlayerScore
ProShow Gold
QuickTime
Rhapsody
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Seagate Replica v3.0.1801.8554
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Spybot - Search & Destroy
System Requirements Lab
Tunebite
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.5
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
5/24/2012 8:12:55 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer REBECCA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9764D748-03B5-490E-94BC-965A01029523}. The master browser is stopping or an election is being forced.
5/23/2012 4:51:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
5/23/2012 10:29:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
5/23/2012 10:26:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
5/22/2012 8:18:26 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/22/2012 8:16:13 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
.
==== End Of File ===========================

Gringo,

First, thank-you.

I ran the security check; the black box comes up, it runs and finishes but no notepad is produced and then the black box disappears. Because this did not work for me as you described, I was not sure if I was to finish your instructions or hold back until I got the security check to work. I have not done anything further at this point. Please advise when it is convenient for you.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 PM

Posted 24 May 2012 - 03:08 PM

go ahead and run combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 24 May 2012 - 05:47 PM

Here are the results:

ComboFix 12-05-24.03 - Martha 05/24/2012 16:27:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4762 [GMT -4:00]
Running from: c:\users\Public\M\Documents\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 20:04 . 2012-05-24 20:04 -------- d-----w- c:\users\TEMP
2012-05-24 01:43 . 2012-05-24 01:43 388096 ----a-r- c:\users\Martha\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-24 01:43 . 2012-05-24 01:43 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-23 21:24 . 2012-05-23 21:24 -------- d-----w- c:\users\Martha\AppData\Roaming\Dell
2012-05-23 21:24 . 2012-05-23 21:24 -------- d-----w- c:\programdata\PCDr
2012-05-23 21:24 . 2012-05-23 21:24 -------- d-----w- c:\programdata\Dell
2012-05-23 21:23 . 2012-05-23 21:24 -------- d-----w- c:\program files\Dell Support Center
2012-05-23 21:22 . 2012-05-23 21:22 -------- d-----w- c:\users\Martha\AppData\Roaming\PCDr
2012-05-23 18:23 . 2012-05-23 18:23 -------- d-----w- c:\users\Martha\AppData\Roaming\NVIDIA
2012-05-23 17:36 . 2012-05-23 17:39 -------- d-----w- c:\users\Public\M
2012-05-23 17:06 . 2012-05-23 17:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-23 14:28 . 2012-05-23 14:28 -------- d-----w- c:\windows\system32\SPReview
2012-05-23 11:24 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-23 11:24 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-23 11:24 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-23 11:24 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-23 11:24 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-23 11:24 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-23 11:24 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-23 11:24 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-23 11:24 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-23 11:24 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-23 11:24 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-22 22:05 . 2012-05-22 22:05 -------- d-----w- c:\users\Martha\AppData\Roaming\Malwarebytes
2012-05-22 22:04 . 2012-05-22 22:04 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 22:04 . 2012-05-23 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-21 12:52 . 2012-05-23 00:14 -------- d-----w- c:\program files (x86)\Gimp-2.0
2012-05-21 12:46 . 2012-05-21 12:46 -------- d-----w- C:\temp
2012-05-16 10:52 . 2012-05-23 00:14 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 13:38 . 2012-05-15 13:38 -------- d-----w- c:\program files (x86)\Picaboo Desktop
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-09 03:05 . 2012-05-09 03:05 -------- d-----w- c:\users\Martha\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
2012-05-08 19:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 19:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 19:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-08 19:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-08 19:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-08 19:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-08 19:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-08 19:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-08 19:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-08 19:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-08 19:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 19:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 19:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 19:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 19:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 19:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 19:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 19:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 19:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 13:58 . 2012-05-08 13:58 -------- d-----w- c:\users\Martha\AppData\Local\blekkotb
2012-05-07 04:53 . 2012-03-19 20:02 479232 ----a-w- c:\windows\SysWow64\Parrot.scr
2012-05-07 04:53 . 2012-05-07 04:53 -------- d-----w- c:\program files (x86)\AV Digital Talking Parrot
2012-05-07 04:52 . 2012-05-07 04:52 -------- d-----w- c:\program files (x86)\Yontoo
2012-05-07 04:52 . 2012-05-08 12:51 -------- d-----w- c:\programdata\Tarma Installer
2012-05-02 21:38 . 2012-05-02 21:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 21:38 . 2012-05-02 21:38 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 21:38 . 2012-05-02 21:38 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 23:11 . 2012-03-20 17:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2012-02-22 20:50 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 20:50 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 20:50 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-11-11 22:12 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-11 22:12 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-11-11 22:11 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-05-21 11:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 11:01 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-07-13 21:59 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 09:29 . 2011-11-11 20:24 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-11-11 20:24 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-11-11 20:24 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-11-11 20:24 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-11-11 20:24 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-07 05:00 . 2012-04-12 13:51 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-07 05:00 . 2011-05-31 17:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 05:00 . 2012-04-12 14:00 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-07 19:26 . 2012-03-07 19:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 19:26 . 2012-03-07 19:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 19:26 . 2012-03-07 19:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 19:26 . 2012-03-07 19:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 19:26 . 2012-03-07 19:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 19:26 . 2012-03-07 19:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 19:26 . 2012-03-07 19:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 19:26 . 2012-03-07 19:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 19:26 . 2012-03-07 19:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 19:26 . 2012-03-07 19:26 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 19:26 . 2012-03-07 19:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 19:26 . 2012-03-07 19:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 19:26 . 2012-03-07 19:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 19:26 . 2012-03-07 19:26 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 19:26 . 2012-03-07 19:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 19:26 . 2012-03-07 19:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 19:26 . 2012-03-07 19:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 19:26 . 2012-03-07 19:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 19:26 . 2012-03-07 19:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 19:26 . 2012-03-07 19:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 19:26 . 2012-03-07 19:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 19:26 . 2012-03-07 19:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 19:26 . 2012-03-07 19:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 19:26 . 2012-03-07 19:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 19:26 . 2012-03-07 19:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 19:26 . 2012-03-07 19:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 19:26 . 2012-03-07 19:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 19:26 . 2012-03-07 19:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 19:26 . 2012-03-07 19:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 19:26 . 2012-03-07 19:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 19:26 . 2012-03-07 19:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 19:26 . 2012-03-07 19:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 19:26 . 2012-03-07 19:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 19:26 . 2012-03-07 19:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 06:54 . 2012-04-12 07:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 07:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 07:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
c:\users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-23 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-26 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2011-11-11 738776]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files (x86)\Seagate Replica\bin\ReplicaSysMon.exe [2010-06-08 416208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe [2010-06-08 1947600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - prefs.js: network.proxy.type - 2
FF - user.js: extentions.y2layers.installId - cd26d667-9f32-485f-8d36-5095e1b1947a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-OPSE reminder - c:\program files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
AddRemove-Amazon MP3 Downloader - c:\users\Martha\Music\Uninstall.exe
AddRemove-Parrot 1.0.19(Screen Saver ability) - c:\progra~2\AVDIGI~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Seagate-Replica-Svc]
"ImagePath"="c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PSIService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe
c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Tray.exe
.
**************************************************************************
.
Completion time: 2012-05-24 16:45:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-24 20:45
.
Pre-Run: 770,335,043,584 bytes free
Post-Run: 770,643,959,808 bytes free
.
- - End Of File - - 66281245465C6548FCEB36945FA9BD2F

Once again, thank-you very much

#6 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 24 May 2012 - 05:58 PM

I had not done anything today but do the scans needed today. I have had a few minutes to play on the computer now and WOW! The computer is running at normal speed, the Adobe Photoshop and Bridge problems do not exist anymore. I can open Games now. Everything seems to be running normally and I just want to thank-you so very much for your time and effort to help me with the problems I had before now.

Thank-you again!

#7 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 24 May 2012 - 07:48 PM

Sorry, just noticed that I still have Spigot Yahoo! Search Results

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 PM

Posted 24 May 2012 - 09:06 PM

Greetings

I still have Spigot Yahoo! Search Results

we will remove that next but for now I would like you to run these to make sure nothing more serious is in the background


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 25 May 2012 - 06:33 AM

23:00:46.0552 3408 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
23:00:47.0864 3408 ============================================================
23:00:47.0864 3408 Current date / time: 2012/05/24 23:00:47.0864
23:00:47.0864 3408 SystemInfo:
23:00:47.0864 3408
23:00:47.0864 3408 OS Version: 6.1.7600 ServicePack: 0.0
23:00:47.0864 3408 Product type: Workstation
23:00:47.0865 3408 ComputerName: MARTHA-PC
23:00:47.0865 3408 UserName: Martha
23:00:47.0865 3408 Windows directory: C:\Windows
23:00:47.0865 3408 System windows directory: C:\Windows
23:00:47.0865 3408 Running under WOW64
23:00:47.0865 3408 Processor architecture: Intel x64
23:00:47.0865 3408 Number of processors: 4
23:00:47.0865 3408 Page size: 0x1000
23:00:47.0865 3408 Boot type: Normal boot
23:00:47.0865 3408 ============================================================
23:00:50.0185 3408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:00:50.0202 3408 ============================================================
23:00:50.0203 3408 \Device\Harddisk0\DR0:
23:00:50.0203 3408 MBR partitions:
23:00:50.0203 3408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:00:50.0203 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
23:00:50.0203 3408 ============================================================
23:00:50.0219 3408 C: <-> \Device\Harddisk0\DR0\Partition1
23:00:50.0219 3408 ============================================================
23:00:50.0219 3408 Initialize success
23:00:50.0219 3408 ============================================================
23:00:53.0888 1656 ============================================================
23:00:53.0888 1656 Scan started
23:00:53.0888 1656 Mode: Manual;
23:00:53.0888 1656 ============================================================
23:00:55.0387 1656 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:00:55.0391 1656 1394ohci - ok
23:00:55.0440 1656 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:00:55.0445 1656 ACPI - ok
23:00:55.0458 1656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:00:55.0459 1656 AcpiPmi - ok
23:00:55.0613 1656 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
23:00:55.0692 1656 Adobe Version Cue CS3 - ok
23:00:55.0829 1656 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:00:55.0830 1656 AdobeFlashPlayerUpdateSvc - ok
23:00:55.0888 1656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:00:55.0906 1656 adp94xx - ok
23:00:55.0935 1656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:00:55.0940 1656 adpahci - ok
23:00:55.0963 1656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:00:55.0967 1656 adpu320 - ok
23:00:55.0999 1656 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:00:56.0000 1656 AeLookupSvc - ok
23:00:56.0132 1656 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:00:56.0201 1656 AFD - ok
23:00:56.0240 1656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:00:56.0242 1656 agp440 - ok
23:00:56.0259 1656 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:00:56.0266 1656 ALG - ok
23:00:56.0277 1656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:00:56.0279 1656 aliide - ok
23:00:56.0311 1656 AMD External Events Utility (54716d9bb43733578a5647e9b121141f) C:\Windows\system32\atiesrxx.exe
23:00:56.0410 1656 AMD External Events Utility - ok
23:00:56.0427 1656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:00:56.0429 1656 amdide - ok
23:00:56.0445 1656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:00:56.0446 1656 AmdK8 - ok
23:00:56.0848 1656 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
23:00:56.0956 1656 amdkmdag - ok
23:00:57.0093 1656 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
23:00:57.0098 1656 amdkmdap - ok
23:00:57.0114 1656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:00:57.0116 1656 AmdPPM - ok
23:00:57.0168 1656 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:00:57.0171 1656 amdsata - ok
23:00:57.0222 1656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:00:57.0226 1656 amdsbs - ok
23:00:57.0241 1656 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:00:57.0243 1656 amdxata - ok
23:00:57.0263 1656 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:00:57.0265 1656 AppID - ok
23:00:57.0326 1656 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:00:57.0332 1656 AppIDSvc - ok
23:00:57.0380 1656 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:00:57.0385 1656 Appinfo - ok
23:00:57.0526 1656 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:00:57.0528 1656 Apple Mobile Device - ok
23:00:57.0567 1656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:00:57.0569 1656 arc - ok
23:00:57.0586 1656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:00:57.0587 1656 arcsas - ok
23:00:57.0617 1656 aspnet_state - ok
23:00:57.0663 1656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:57.0665 1656 AsyncMac - ok
23:00:57.0676 1656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:00:57.0676 1656 atapi - ok
23:00:58.0089 1656 atikmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
23:00:58.0130 1656 atikmdag - ok
23:00:58.0261 1656 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:00:58.0281 1656 AudioEndpointBuilder - ok
23:00:58.0290 1656 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:00:58.0294 1656 AudioSrv - ok
23:00:58.0350 1656 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:00:58.0358 1656 AxInstSV - ok
23:00:58.0433 1656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:00:58.0442 1656 b06bdrv - ok
23:00:58.0467 1656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:00:58.0476 1656 b57nd60a - ok
23:00:58.0516 1656 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:00:58.0522 1656 BDESVC - ok
23:00:58.0549 1656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:00:58.0551 1656 Beep - ok
23:00:58.0619 1656 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:00:58.0685 1656 BFE - ok
23:00:58.0751 1656 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
23:00:58.0781 1656 BITS - ok
23:00:58.0912 1656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:00:58.0947 1656 blbdrive - ok
23:00:59.0066 1656 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:00:59.0071 1656 Bonjour Service - ok
23:00:59.0105 1656 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:00:59.0152 1656 bowser - ok
23:00:59.0165 1656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:00:59.0166 1656 BrFiltLo - ok
23:00:59.0169 1656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:00:59.0171 1656 BrFiltUp - ok
23:00:59.0215 1656 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:00:59.0220 1656 BridgeMP - ok
23:00:59.0244 1656 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:00:59.0252 1656 Browser - ok
23:00:59.0266 1656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:00:59.0270 1656 Brserid - ok
23:00:59.0275 1656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:00:59.0277 1656 BrSerWdm - ok
23:00:59.0281 1656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:00:59.0282 1656 BrUsbMdm - ok
23:00:59.0298 1656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:00:59.0299 1656 BrUsbSer - ok
23:00:59.0308 1656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:00:59.0310 1656 BTHMODEM - ok
23:00:59.0327 1656 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:00:59.0330 1656 bthserv - ok
23:00:59.0346 1656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:00:59.0348 1656 cdfs - ok
23:00:59.0399 1656 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:00:59.0402 1656 cdrom - ok
23:00:59.0436 1656 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:00:59.0444 1656 CertPropSvc - ok
23:00:59.0485 1656 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:00:59.0487 1656 cfwids - ok
23:00:59.0506 1656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:00:59.0507 1656 circlass - ok
23:00:59.0537 1656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:00:59.0543 1656 CLFS - ok
23:00:59.0593 1656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:59.0598 1656 clr_optimization_v2.0.50727_32 - ok
23:00:59.0642 1656 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:00:59.0648 1656 clr_optimization_v2.0.50727_64 - ok
23:00:59.0732 1656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:59.0805 1656 clr_optimization_v4.0.30319_32 - ok
23:00:59.0886 1656 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:00:59.0889 1656 clr_optimization_v4.0.30319_64 - ok
23:00:59.0910 1656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:00:59.0911 1656 CmBatt - ok
23:00:59.0926 1656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:00:59.0927 1656 cmdide - ok
23:01:00.0014 1656 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:01:00.0020 1656 CNG - ok
23:01:00.0055 1656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:01:00.0056 1656 Compbatt - ok
23:01:00.0093 1656 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:01:00.0094 1656 CompositeBus - ok
23:01:00.0110 1656 COMSysApp - ok
23:01:00.0159 1656 cpuz132 - ok
23:01:00.0177 1656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:01:00.0178 1656 crcdisk - ok
23:01:00.0207 1656 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
23:01:00.0212 1656 CryptSvc - ok
23:01:00.0265 1656 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
23:01:00.0267 1656 dc3d - ok
23:01:00.0317 1656 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:01:00.0323 1656 DcomLaunch - ok
23:01:00.0376 1656 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:01:00.0387 1656 defragsvc - ok
23:01:00.0432 1656 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:01:00.0504 1656 DfsC - ok
23:01:00.0539 1656 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:01:00.0548 1656 Dhcp - ok
23:01:00.0586 1656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:01:00.0588 1656 discache - ok
23:01:00.0627 1656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:01:00.0629 1656 Disk - ok
23:01:00.0673 1656 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:01:00.0748 1656 Dnscache - ok
23:01:00.0779 1656 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:01:00.0786 1656 dot3svc - ok
23:01:00.0800 1656 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:01:00.0801 1656 DPS - ok
23:01:00.0844 1656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:01:00.0845 1656 drmkaud - ok
23:01:00.0928 1656 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:01:00.0939 1656 DXGKrnl - ok
23:01:01.0004 1656 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:01:01.0033 1656 EapHost - ok
23:01:01.0283 1656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:01:01.0335 1656 ebdrv - ok
23:01:01.0434 1656 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:01:01.0508 1656 EFS - ok
23:01:01.0600 1656 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:01:01.0685 1656 ehRecvr - ok
23:01:01.0718 1656 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:01:01.0722 1656 ehSched - ok
23:01:01.0788 1656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:01:01.0804 1656 elxstor - ok
23:01:01.0814 1656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:01:01.0816 1656 ErrDev - ok
23:01:01.0897 1656 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:01:01.0901 1656 EventSystem - ok
23:01:01.0964 1656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:01:01.0968 1656 exfat - ok
23:01:02.0007 1656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:01:02.0011 1656 fastfat - ok
23:01:02.0102 1656 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:01:02.0118 1656 Fax - ok
23:01:02.0177 1656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:01:02.0179 1656 fdc - ok
23:01:02.0200 1656 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:01:02.0205 1656 fdPHost - ok
23:01:02.0217 1656 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:01:02.0220 1656 FDResPub - ok
23:01:02.0233 1656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:01:02.0235 1656 FileInfo - ok
23:01:02.0240 1656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:01:02.0242 1656 Filetrace - ok
23:01:02.0328 1656 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:01:02.0340 1656 FLEXnet Licensing Service - ok
23:01:02.0357 1656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:01:02.0362 1656 flpydisk - ok
23:01:02.0405 1656 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:01:02.0415 1656 FltMgr - ok
23:01:02.0494 1656 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:01:02.0552 1656 FontCache - ok
23:01:02.0590 1656 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:01:02.0595 1656 FontCache3.0.0.0 - ok
23:01:02.0614 1656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:01:02.0615 1656 FsDepends - ok
23:01:02.0647 1656 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:01:02.0654 1656 Fs_Rec - ok
23:01:02.0722 1656 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:01:02.0726 1656 fvevol - ok
23:01:02.0740 1656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:01:02.0742 1656 gagp30kx - ok
23:01:02.0786 1656 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:01:02.0788 1656 GEARAspiWDM - ok
23:01:02.0806 1656 GMSIPCI - ok
23:01:02.0869 1656 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:01:02.0925 1656 gpsvc - ok
23:01:03.0088 1656 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
23:01:03.0110 1656 HCW85BDA - ok
23:01:03.0260 1656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:01:03.0262 1656 hcw85cir - ok
23:01:03.0325 1656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:01:03.0334 1656 HdAudAddService - ok
23:01:03.0382 1656 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:01:03.0385 1656 HDAudBus - ok
23:01:03.0390 1656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:01:03.0393 1656 HidBatt - ok
23:01:03.0408 1656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:01:03.0410 1656 HidBth - ok
23:01:03.0416 1656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:01:03.0418 1656 HidIr - ok
23:01:03.0434 1656 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:01:03.0440 1656 hidserv - ok
23:01:03.0456 1656 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:01:03.0458 1656 HidUsb - ok
23:01:03.0485 1656 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:01:03.0493 1656 hkmsvc - ok
23:01:03.0517 1656 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:01:03.0524 1656 HomeGroupListener - ok
23:01:03.0551 1656 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:01:03.0561 1656 HomeGroupProvider - ok
23:01:03.0580 1656 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:01:03.0582 1656 HpSAMD - ok
23:01:03.0651 1656 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:01:03.0668 1656 HTTP - ok
23:01:03.0702 1656 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:01:03.0703 1656 hwpolicy - ok
23:01:03.0740 1656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:01:03.0743 1656 i8042prt - ok
23:01:03.0794 1656 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:01:03.0805 1656 iaStorV - ok
23:01:03.0892 1656 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:01:03.0929 1656 idsvc - ok
23:01:03.0948 1656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:01:03.0950 1656 iirsp - ok
23:01:04.0110 1656 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:01:04.0128 1656 IKEEXT - ok
23:01:04.0151 1656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:01:04.0152 1656 intelide - ok
23:01:04.0191 1656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:01:04.0193 1656 intelppm - ok
23:01:04.0206 1656 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:01:04.0212 1656 IPBusEnum - ok
23:01:04.0257 1656 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:04.0259 1656 IpFilterDriver - ok
23:01:04.0299 1656 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:01:04.0313 1656 iphlpsvc - ok
23:01:04.0326 1656 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:01:04.0328 1656 IPMIDRV - ok
23:01:04.0338 1656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:01:04.0340 1656 IPNAT - ok
23:01:04.0486 1656 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
23:01:04.0508 1656 iPod Service - ok
23:01:04.0565 1656 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
23:01:04.0566 1656 iPodDrv - ok
23:01:04.0597 1656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:01:04.0598 1656 IRENUM - ok
23:01:04.0610 1656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:01:04.0612 1656 isapnp - ok
23:01:04.0636 1656 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:01:04.0640 1656 iScsiPrt - ok
23:01:04.0679 1656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:04.0681 1656 kbdclass - ok
23:01:04.0719 1656 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:04.0720 1656 kbdhid - ok
23:01:04.0750 1656 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:01:04.0752 1656 KeyIso - ok
23:01:04.0792 1656 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:01:04.0794 1656 KSecDD - ok
23:01:04.0836 1656 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:01:04.0838 1656 KSecPkg - ok
23:01:04.0850 1656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:01:04.0851 1656 ksthunk - ok
23:01:04.0888 1656 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:01:04.0901 1656 KtmRm - ok
23:01:04.0966 1656 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
23:01:05.0030 1656 LanmanServer - ok
23:01:05.0063 1656 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:01:05.0071 1656 LanmanWorkstation - ok
23:01:05.0241 1656 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:01:05.0323 1656 LBTServ - ok
23:01:05.0391 1656 LEqdUsb (8817aba3a9180f6c4b8938842925b1e1) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
23:01:05.0394 1656 LEqdUsb - ok
23:01:05.0446 1656 LHidEqd (8bcb069c2b6da65b5f6f561293ee447c) C:\Windows\system32\DRIVERS\LHidEqd.Sys
23:01:05.0448 1656 LHidEqd - ok
23:01:05.0515 1656 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:01:05.0517 1656 LHidFilt - ok
23:01:05.0556 1656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:01:05.0558 1656 lltdio - ok
23:01:05.0594 1656 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:01:05.0604 1656 lltdsvc - ok
23:01:05.0621 1656 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:01:05.0629 1656 lmhosts - ok
23:01:05.0639 1656 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:01:05.0641 1656 LMouFilt - ok
23:01:05.0688 1656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:01:05.0690 1656 LSI_FC - ok
23:01:05.0699 1656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:01:05.0702 1656 LSI_SAS - ok
23:01:05.0717 1656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:01:05.0719 1656 LSI_SAS2 - ok
23:01:05.0728 1656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:01:05.0734 1656 LSI_SCSI - ok
23:01:05.0779 1656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:01:05.0781 1656 luafv - ok
23:01:05.0826 1656 LUsbFilt (da3494df01c62d821911ed91ce5e1642) C:\Windows\system32\Drivers\LUsbFilt.Sys
23:01:05.0828 1656 LUsbFilt - ok
23:01:05.0947 1656 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
23:01:05.0949 1656 McAfee SiteAdvisor Service - ok
23:01:06.0045 1656 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
23:01:06.0143 1656 McComponentHostService - ok
23:01:06.0294 1656 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:06.0297 1656 McMPFSvc - ok
23:01:06.0316 1656 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:06.0318 1656 mcmscsvc - ok
23:01:06.0323 1656 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:06.0325 1656 McNaiAnn - ok
23:01:06.0328 1656 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:06.0330 1656 McNASvc - ok
23:01:06.0454 1656 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
23:01:06.0461 1656 McODS - ok
23:01:06.0480 1656 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:06.0482 1656 McProxy - ok
23:01:06.0597 1656 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:01:06.0668 1656 McShield - ok
23:01:06.0762 1656 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:01:06.0768 1656 Mcx2Svc - ok
23:01:06.0809 1656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:01:06.0811 1656 megasas - ok
23:01:06.0836 1656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:01:06.0840 1656 MegaSR - ok
23:01:06.0870 1656 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:01:06.0873 1656 mfeapfk - ok
23:01:06.0897 1656 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:01:06.0901 1656 mfeavfk - ok
23:01:06.0915 1656 mfeavfk01 - ok
23:01:06.0955 1656 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:01:07.0036 1656 mfefire - ok
23:01:07.0106 1656 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:01:07.0115 1656 mfefirek - ok
23:01:07.0184 1656 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:01:07.0249 1656 mfehidk - ok
23:01:07.0322 1656 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:01:07.0325 1656 mfenlfk - ok
23:01:07.0385 1656 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:01:07.0387 1656 mferkdet - ok
23:01:07.0521 1656 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
23:01:07.0588 1656 mfevtp - ok
23:01:07.0625 1656 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:01:07.0672 1656 mfewfpk - ok
23:01:07.0716 1656 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:01:07.0719 1656 MMCSS - ok
23:01:07.0739 1656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:01:07.0740 1656 Modem - ok
23:01:07.0786 1656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:01:07.0788 1656 monitor - ok
23:01:07.0824 1656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:01:07.0826 1656 mouclass - ok
23:01:07.0867 1656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:01:07.0869 1656 mouhid - ok
23:01:07.0879 1656 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:01:07.0881 1656 mountmgr - ok
23:01:07.0955 1656 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:01:08.0042 1656 MozillaMaintenance - ok
23:01:08.0057 1656 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:01:08.0060 1656 mpio - ok
23:01:08.0070 1656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:01:08.0072 1656 mpsdrv - ok
23:01:08.0118 1656 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:01:08.0140 1656 MpsSvc - ok
23:01:08.0154 1656 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:01:08.0157 1656 MRxDAV - ok
23:01:08.0191 1656 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:08.0193 1656 mrxsmb - ok
23:01:08.0238 1656 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:08.0313 1656 mrxsmb10 - ok
23:01:08.0351 1656 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:08.0412 1656 mrxsmb20 - ok
23:01:08.0455 1656 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:01:08.0457 1656 msahci - ok
23:01:08.0466 1656 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:01:08.0468 1656 msdsm - ok
23:01:08.0488 1656 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:01:08.0494 1656 MSDTC - ok
23:01:08.0509 1656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:01:08.0511 1656 Msfs - ok
23:01:08.0518 1656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:01:08.0519 1656 mshidkmdf - ok
23:01:08.0524 1656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:01:08.0526 1656 msisadrv - ok
23:01:08.0600 1656 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:01:08.0608 1656 MSiSCSI - ok
23:01:08.0611 1656 msiserver - ok
23:01:08.0759 1656 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:08.0761 1656 MSK80Service - ok
23:01:08.0789 1656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:01:08.0791 1656 MSKSSRV - ok
23:01:08.0834 1656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:08.0835 1656 MSPCLOCK - ok
23:01:08.0848 1656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:01:08.0850 1656 MSPQM - ok
23:01:08.0875 1656 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:01:08.0881 1656 MsRPC - ok
23:01:08.0927 1656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:01:08.0929 1656 mssmbios - ok
23:01:08.0942 1656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:01:08.0944 1656 MSTEE - ok
23:01:08.0954 1656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:01:08.0955 1656 MTConfig - ok
23:01:08.0981 1656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:01:08.0987 1656 Mup - ok
23:01:09.0042 1656 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:01:09.0051 1656 napagent - ok
23:01:09.0268 1656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:01:09.0273 1656 NativeWifiP - ok
23:01:09.0353 1656 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:01:09.0374 1656 NDIS - ok
23:01:09.0407 1656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:09.0408 1656 NdisCap - ok
23:01:09.0447 1656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:09.0448 1656 NdisTapi - ok
23:01:09.0483 1656 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:09.0485 1656 Ndisuio - ok
23:01:09.0505 1656 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:09.0508 1656 NdisWan - ok
23:01:09.0543 1656 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:01:09.0545 1656 NDProxy - ok
23:01:09.0584 1656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:01:09.0586 1656 NetBIOS - ok
23:01:09.0606 1656 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:01:09.0611 1656 NetBT - ok
23:01:09.0642 1656 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:01:09.0644 1656 Netlogon - ok
23:01:09.0724 1656 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:01:09.0735 1656 Netman - ok
23:01:09.0777 1656 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:01:09.0791 1656 netprofm - ok
23:01:09.0889 1656 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:09.0895 1656 NetTcpPortSharing - ok
23:01:09.0906 1656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:01:09.0908 1656 nfrd960 - ok
23:01:09.0955 1656 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:01:09.0965 1656 NlaSvc - ok
23:01:10.0005 1656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:01:10.0007 1656 Npfs - ok
23:01:10.0022 1656 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:01:10.0028 1656 nsi - ok
23:01:10.0041 1656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:01:10.0046 1656 nsiproxy - ok
23:01:10.0062 1656 NTACCESS - ok
23:01:10.0164 1656 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:01:10.0191 1656 Ntfs - ok
23:01:10.0259 1656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:01:10.0260 1656 Null - ok
23:01:10.0932 1656 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:01:11.0206 1656 nvlddmkm - ok
23:01:11.0327 1656 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:01:11.0330 1656 nvraid - ok
23:01:11.0369 1656 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:01:11.0372 1656 nvstor - ok
23:01:11.0472 1656 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
23:01:11.0487 1656 nvsvc - ok
23:01:11.0643 1656 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:01:11.0676 1656 nvUpdatusService - ok
23:01:11.0770 1656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:01:11.0772 1656 nv_agp - ok
23:01:11.0792 1656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:01:11.0794 1656 ohci1394 - ok
23:01:11.0844 1656 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:01:11.0858 1656 p2pimsvc - ok
23:01:11.0907 1656 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:01:11.0924 1656 p2psvc - ok
23:01:11.0951 1656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:01:11.0954 1656 Parport - ok
23:01:11.0986 1656 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:01:11.0988 1656 partmgr - ok
23:01:12.0006 1656 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:01:12.0015 1656 PcaSvc - ok
23:01:12.0030 1656 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:01:12.0033 1656 pci - ok
23:01:12.0041 1656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:01:12.0042 1656 pciide - ok
23:01:12.0065 1656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:01:12.0069 1656 pcmcia - ok
23:01:12.0086 1656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:01:12.0088 1656 pcw - ok
23:01:12.0143 1656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:01:12.0152 1656 PEAUTH - ok
23:01:12.0221 1656 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:01:12.0225 1656 PerfHost - ok
23:01:12.0305 1656 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:01:12.0326 1656 pla - ok
23:01:12.0415 1656 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:01:12.0422 1656 PlugPlay - ok
23:01:12.0452 1656 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:01:12.0461 1656 PNRPAutoReg - ok
23:01:12.0495 1656 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:01:12.0505 1656 PNRPsvc - ok
23:01:12.0570 1656 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
23:01:12.0571 1656 Point64 - ok
23:01:12.0619 1656 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:01:12.0640 1656 PolicyAgent - ok
23:01:12.0685 1656 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:01:12.0693 1656 Power - ok
23:01:12.0747 1656 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:01:12.0749 1656 PptpMiniport - ok
23:01:12.0776 1656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:01:12.0778 1656 Processor - ok
23:01:12.0822 1656 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
23:01:12.0832 1656 ProfSvc - ok
23:01:12.0875 1656 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:01:12.0877 1656 ProtectedStorage - ok
23:01:12.0995 1656 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\SysWOW64\PSIService.exe
23:01:13.0081 1656 ProtexisLicensing - ok
23:01:13.0117 1656 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:01:13.0119 1656 Psched - ok
23:01:13.0171 1656 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
23:01:13.0173 1656 PxHlpa64 - ok
23:01:13.0260 1656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:01:13.0279 1656 ql2300 - ok
23:01:13.0382 1656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:01:13.0387 1656 ql40xx - ok
23:01:13.0416 1656 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:01:13.0425 1656 QWAVE - ok
23:01:13.0437 1656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:01:13.0439 1656 QWAVEdrv - ok
23:01:13.0455 1656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:01:13.0457 1656 RasAcd - ok
23:01:13.0497 1656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:13.0499 1656 RasAgileVpn - ok
23:01:13.0517 1656 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:01:13.0526 1656 RasAuto - ok
23:01:13.0543 1656 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:13.0545 1656 Rasl2tp - ok
23:01:13.0568 1656 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:01:13.0580 1656 RasMan - ok
23:01:13.0591 1656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:13.0594 1656 RasPppoe - ok
23:01:13.0634 1656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:01:13.0636 1656 RasSstp - ok
23:01:13.0669 1656 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:01:13.0677 1656 rdbss - ok
23:01:13.0718 1656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:01:13.0720 1656 rdpbus - ok
23:01:13.0729 1656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:13.0731 1656 RDPCDD - ok
23:01:13.0750 1656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:01:13.0752 1656 RDPENCDD - ok
23:01:13.0778 1656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:01:13.0779 1656 RDPREFMP - ok
23:01:13.0821 1656 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
23:01:13.0825 1656 RDPWD - ok
23:01:13.0854 1656 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:01:13.0864 1656 rdyboost - ok
23:01:13.0896 1656 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:01:13.0904 1656 RemoteAccess - ok
23:01:13.0922 1656 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:01:13.0928 1656 RemoteRegistry - ok
23:01:14.0073 1656 ReplicaSysMon (dc9b2c035692b3e59125b6d73fc6f8fc) C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe
23:01:14.0079 1656 ReplicaSysMon - ok
23:01:14.0114 1656 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:01:14.0123 1656 RpcEptMapper - ok
23:01:14.0140 1656 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:01:14.0147 1656 RpcLocator - ok
23:01:14.0199 1656 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:01:14.0205 1656 RpcSs - ok
23:01:14.0368 1656 RRNetCap (fed4bccf4814bd6036b108805d402492) C:\Windows\system32\DRIVERS\rrnetcap.sys
23:01:14.0370 1656 RRNetCap - ok
23:01:14.0373 1656 RRNetCapMP (fed4bccf4814bd6036b108805d402492) C:\Windows\system32\DRIVERS\rrnetcap.sys
23:01:14.0374 1656 RRNetCapMP - ok
23:01:14.0400 1656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:01:14.0402 1656 rspndr - ok
23:01:14.0464 1656 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:01:14.0469 1656 RTL8167 - ok
23:01:14.0500 1656 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:01:14.0502 1656 SamSs - ok
23:01:14.0518 1656 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:01:14.0520 1656 sbp2port - ok
23:01:14.0645 1656 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:01:14.0669 1656 SBSDWSCService - ok
23:01:14.0725 1656 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:01:14.0735 1656 SCardSvr - ok
23:01:14.0745 1656 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:01:14.0747 1656 scfilter - ok
23:01:14.0829 1656 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:01:14.0910 1656 Schedule - ok
23:01:14.0943 1656 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:01:14.0944 1656 SCPolicySvc - ok
23:01:15.0030 1656 ScsiAccess (54196cdac7e1d81d71c652e100b99e77) C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
23:01:15.0034 1656 ScsiAccess - ok
23:01:15.0049 1656 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:01:15.0057 1656 SDRSVC - ok
23:01:15.0142 1656 Seagate-Replica-Svc - ok
23:01:15.0177 1656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:01:15.0178 1656 secdrv - ok
23:01:15.0193 1656 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:01:15.0202 1656 seclogon - ok
23:01:15.0211 1656 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:01:15.0218 1656 SENS - ok
23:01:15.0237 1656 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:01:15.0242 1656 SensrSvc - ok
23:01:15.0266 1656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:01:15.0268 1656 Serenum - ok
23:01:15.0285 1656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:01:15.0287 1656 Serial - ok
23:01:15.0293 1656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:01:15.0294 1656 sermouse - ok
23:01:15.0322 1656 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:01:15.0330 1656 SessionEnv - ok
23:01:15.0361 1656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:01:15.0363 1656 sffdisk - ok
23:01:15.0408 1656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:01:15.0410 1656 sffp_mmc - ok
23:01:15.0425 1656 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:01:15.0426 1656 sffp_sd - ok
23:01:15.0432 1656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:01:15.0433 1656 sfloppy - ok
23:01:15.0501 1656 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:01:15.0513 1656 SharedAccess - ok
23:01:15.0544 1656 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:01:15.0551 1656 ShellHWDetection - ok
23:01:15.0569 1656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:01:15.0571 1656 SiSRaid2 - ok
23:01:15.0590 1656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:01:15.0592 1656 SiSRaid4 - ok
23:01:15.0626 1656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:01:15.0629 1656 Smb - ok
23:01:15.0639 1656 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:01:15.0649 1656 SNMPTRAP - ok
23:01:15.0711 1656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:01:15.0717 1656 spldr - ok
23:01:15.0775 1656 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:01:15.0836 1656 Spooler - ok
23:01:16.0008 1656 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:01:16.0068 1656 sppsvc - ok
23:01:16.0165 1656 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:01:16.0174 1656 sppuinotify - ok
23:01:16.0274 1656 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:01:16.0280 1656 srv - ok
23:01:16.0317 1656 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:01:16.0323 1656 srv2 - ok
23:01:16.0395 1656 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:01:16.0398 1656 srvnet - ok
23:01:16.0439 1656 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:01:16.0448 1656 SSDPSRV - ok
23:01:16.0458 1656 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:01:16.0466 1656 SstpSvc - ok
23:01:16.0631 1656 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:01:16.0636 1656 Stereo Service - ok
23:01:16.0688 1656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:01:16.0690 1656 stexstor - ok
23:01:16.0735 1656 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
23:01:16.0737 1656 StillCam - ok
23:01:16.0810 1656 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:01:16.0859 1656 stisvc - ok
23:01:16.0924 1656 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:01:16.0998 1656 stllssvr - ok
23:01:17.0031 1656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:01:17.0032 1656 swenum - ok
23:01:17.0067 1656 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:01:17.0108 1656 swprv - ok
23:01:17.0220 1656 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:01:17.0250 1656 SysMain - ok
23:01:17.0336 1656 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:01:17.0343 1656 TabletInputService - ok
23:01:17.0367 1656 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:01:17.0376 1656 TapiSrv - ok
23:01:17.0469 1656 tbhsd (380aa9606d56e3c7d05fbf3655ec64ea) C:\Windows\system32\drivers\tbhsd.sys
23:01:17.0536 1656 tbhsd - ok
23:01:17.0570 1656 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:01:17.0573 1656 TBS - ok
23:01:17.0760 1656 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:01:17.0806 1656 Tcpip - ok
23:01:17.0929 1656 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:01:17.0942 1656 TCPIP6 - ok
23:01:17.0982 1656 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:01:17.0984 1656 tcpipreg - ok
23:01:17.0995 1656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:01:17.0997 1656 TDPIPE - ok
23:01:18.0030 1656 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:01:18.0032 1656 TDTCP - ok
23:01:18.0076 1656 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:01:18.0078 1656 tdx - ok
23:01:18.0091 1656 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:01:18.0093 1656 TermDD - ok
23:01:18.0138 1656 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:01:18.0163 1656 TermService - ok
23:01:18.0180 1656 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:01:18.0189 1656 Themes - ok
23:01:18.0217 1656 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:01:18.0219 1656 THREADORDER - ok
23:01:18.0237 1656 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:01:18.0245 1656 TrkWks - ok
23:01:18.0277 1656 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:01:18.0280 1656 TrustedInstaller - ok
23:01:18.0297 1656 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:18.0300 1656 tssecsrv - ok
23:01:18.0341 1656 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:01:18.0343 1656 tunnel - ok
23:01:18.0357 1656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:01:18.0359 1656 uagp35 - ok
23:01:18.0388 1656 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:01:18.0393 1656 udfs - ok
23:01:18.0413 1656 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:01:18.0422 1656 UI0Detect - ok
23:01:18.0430 1656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:01:18.0432 1656 uliagpkx - ok
23:01:18.0455 1656 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:01:18.0457 1656 umbus - ok
23:01:18.0462 1656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:01:18.0463 1656 UmPass - ok
23:01:18.0509 1656 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:01:18.0520 1656 upnphost - ok
23:01:18.0573 1656 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:01:18.0575 1656 USBAAPL64 - ok
23:01:18.0621 1656 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
23:01:18.0623 1656 usbaudio - ok
23:01:18.0644 1656 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:18.0646 1656 usbccgp - ok
23:01:18.0668 1656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:01:18.0670 1656 usbcir - ok
23:01:18.0702 1656 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:01:18.0777 1656 usbehci - ok
23:01:18.0818 1656 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:01:18.0822 1656 usbhub - ok
23:01:18.0858 1656 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
23:01:18.0860 1656 usbohci - ok
23:01:18.0901 1656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:01:18.0902 1656 usbprint - ok
23:01:18.0951 1656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:01:18.0953 1656 usbscan - ok
23:01:18.0984 1656 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:18.0987 1656 USBSTOR - ok
23:01:19.0023 1656 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:01:19.0024 1656 usbuhci - ok
23:01:19.0044 1656 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:01:19.0049 1656 UxSms - ok
23:01:19.0083 1656 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:01:19.0086 1656 VaultSvc - ok
23:01:19.0095 1656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:01:19.0097 1656 vdrvroot - ok
23:01:19.0136 1656 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:01:19.0152 1656 vds - ok
23:01:19.0162 1656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:19.0164 1656 vga - ok
23:01:19.0169 1656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:01:19.0171 1656 VgaSave - ok
23:01:19.0194 1656 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:01:19.0198 1656 vhdmp - ok
23:01:19.0210 1656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:01:19.0211 1656 viaide - ok
23:01:19.0233 1656 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:01:19.0235 1656 volmgr - ok
23:01:19.0258 1656 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:01:19.0269 1656 volmgrx - ok
23:01:19.0289 1656 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:01:19.0294 1656 volsnap - ok
23:01:19.0319 1656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:01:19.0322 1656 vsmraid - ok
23:01:19.0407 1656 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:01:19.0430 1656 VSS - ok
23:01:19.0542 1656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:01:19.0543 1656 vwifibus - ok
23:01:19.0577 1656 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:01:19.0582 1656 W32Time - ok
23:01:19.0632 1656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:01:19.0634 1656 WacomPen - ok
23:01:19.0671 1656 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:19.0673 1656 WANARP - ok
23:01:19.0695 1656 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:19.0696 1656 Wanarpv6 - ok
23:01:19.0813 1656 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:01:19.0925 1656 WatAdminSvc - ok
23:01:20.0005 1656 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:01:20.0077 1656 wbengine - ok
23:01:20.0145 1656 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:01:20.0155 1656 WbioSrvc - ok
23:01:20.0201 1656 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:01:20.0264 1656 wcncsvc - ok
23:01:20.0290 1656 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:01:20.0294 1656 WcsPlugInService - ok
23:01:20.0326 1656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:01:20.0327 1656 Wd - ok
23:01:20.0373 1656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:01:20.0385 1656 Wdf01000 - ok
23:01:20.0403 1656 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:01:20.0407 1656 WdiServiceHost - ok
23:01:20.0411 1656 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:01:20.0414 1656 WdiSystemHost - ok
23:01:20.0458 1656 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:01:20.0544 1656 WebClient - ok
23:01:20.0558 1656 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:01:20.0567 1656 Wecsvc - ok
23:01:20.0606 1656 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:01:20.0615 1656 wercplsupport - ok
23:01:20.0660 1656 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:01:20.0663 1656 WerSvc - ok
23:01:20.0700 1656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:20.0702 1656 WfpLwf - ok
23:01:20.0712 1656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:01:20.0714 1656 WIMMount - ok
23:01:20.0755 1656 WinDefend - ok
23:01:20.0761 1656 WinHttpAutoProxySvc - ok
23:01:20.0868 1656 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:01:20.0876 1656 Winmgmt - ok
23:01:20.0984 1656 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:01:21.0026 1656 WinRM - ok
23:01:21.0126 1656 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:01:21.0128 1656 WinUsb - ok
23:01:21.0189 1656 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:01:21.0217 1656 Wlansvc - ok
23:01:21.0425 1656 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:01:21.0497 1656 wlidsvc - ok
23:01:21.0534 1656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:01:21.0536 1656 WmiAcpi - ok
23:01:21.0560 1656 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:01:21.0568 1656 wmiApSrv - ok
23:01:21.0573 1656 WMPNetworkSvc - ok
23:01:21.0583 1656 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:01:21.0589 1656 WPCSvc - ok
23:01:21.0604 1656 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:01:21.0613 1656 WPDBusEnum - ok
23:01:21.0623 1656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:01:21.0625 1656 ws2ifsl - ok
23:01:21.0673 1656 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
23:01:21.0727 1656 wscsvc - ok
23:01:21.0731 1656 WSearch - ok
23:01:21.0950 1656 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:01:21.0992 1656 wuauserv - ok
23:01:22.0053 1656 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:01:22.0056 1656 WudfPf - ok
23:01:22.0092 1656 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:22.0096 1656 WUDFRd - ok
23:01:22.0114 1656 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:01:22.0122 1656 wudfsvc - ok
23:01:22.0142 1656 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:01:22.0154 1656 WwanSvc - ok
23:01:22.0193 1656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:01:22.0370 1656 \Device\Harddisk0\DR0 - ok
23:01:22.0374 1656 Boot (0x1200) (da63fd3f20eedc040a0c98378d5b0d99) \Device\Harddisk0\DR0\Partition0
23:01:22.0376 1656 \Device\Harddisk0\DR0\Partition0 - ok
23:01:22.0382 1656 Boot (0x1200) (7927389e7b96857ee787f75cee8e2395) \Device\Harddisk0\DR0\Partition1
23:01:22.0384 1656 \Device\Harddisk0\DR0\Partition1 - ok
23:01:22.0384 1656 ============================================================
23:01:22.0384 1656 Scan finished
23:01:22.0384 1656 ============================================================
23:01:22.0399 3572 Detected object count: 0
23:01:22.0399 3572 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 23:04:01
-----------------------------
23:04:01.986 OS Version: Windows x64 6.1.7600
23:04:01.986 Number of processors: 4 586 0xF0B
23:04:01.987 ComputerName: MARTHA-PC UserName: Martha
23:04:05.904 Initialize success
23:04:43.104 AVAST engine defs: 12052402
23:04:53.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:04:53.564 Disk 0 Vendor: WDC_WD1001FALS-40U9B0 20.04F20 Size: 953869MB BusType: 3
23:04:53.580 Disk 0 MBR read successfully
23:04:53.583 Disk 0 MBR scan
23:04:53.589 Disk 0 Windows 7 default MBR code
23:04:53.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:04:53.603 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
23:04:53.625 Disk 0 scanning C:\Windows\system32\drivers
23:05:04.225 Service scanning
23:05:21.535 Modules scanning
23:05:21.544 Disk 0 trace - called modules:
23:05:21.563 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:05:21.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006117790]
23:05:21.576 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005ff8580]
23:05:21.582 5 ACPI.sys[fffff88000f85781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ffa060]
23:05:24.604 AVAST engine scan C:\Windows
23:05:33.254 AVAST engine scan C:\Windows\system32
23:12:40.520 AVAST engine scan C:\Windows\system32\drivers
23:13:40.016 AVAST engine scan C:\Users\Martha
23:50:25.135 AVAST engine scan C:\ProgramData
00:09:34.683 Scan finished successfully
07:25:26.926 Disk 0 MBR has been saved successfully to "C:\Users\Public\M\Documents\MBR.dat"
07:25:26.934 The log file has been saved successfully to "C:\Users\Public\M\Documents\aswMBR.txt"


Once again, Gringo, thank-you very much.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 PM

Posted 25 May 2012 - 07:47 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 25 May 2012 - 08:30 PM

Thanks, yet once again!

OTL logfile created on: 5/25/2012 9:01:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Public\M\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 63.80% Memory free
12.00 Gb Paging File | 9.36 Gb Available in Paging File | 77.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 716.51 Gb Free Space | 76.93% Space Free | Partition Type: NTFS

Computer Name: MARTHA-PC | User Name: Martha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Public\M\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe ()
PRC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Tray.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\muter@yxl.name\modules\ctypes-binary\MuterWin7-32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Seagate Replica\bin\QtSqlRebit4.dll ()
MOD - C:\Program Files (x86)\Seagate Replica\bin\QtGuiRebit4.dll ()
MOD - C:\Program Files (x86)\Seagate Replica\bin\QtCoreRebit4.dll ()
MOD - C:\Program Files (x86)\Seagate Replica\bin\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (ScsiAccess) -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe ()
SRV - (Seagate-Replica-Svc) -- C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe (Seagate Technology LLC)
SRV - (ReplicaSysMon) -- C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe (Seagate Technology LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 DB 0B F3 CF B4 CA 01 [binary data]
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes,DefaultScope = {0D2B6D8B-D9F9-4A23-88BB-DC2C5B05A956}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{0D2B6D8B-D9F9-4A23-88BB-DC2C5B05A956}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{19DDAE4F-1AD9-434B-AE0A-07FC59759C9E}: "URL" = http://search.aol.com/aol/search?invocationType=searchbox.webhome&query={searchTerms}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=7B894BD297E1E8B430B47D62&q={searchTerms}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{502826E9-DFA5-464A-9B40-037262703369}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=766371&p={searchTerms}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{6E8048F7-61E6-43CF-805C-A35E494D3777}: "URL" = http://photobucket.com/images/{searchTerms}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{77DCBDD5-4570-4871-99CA-CCE18948F289}: "URL" = http://www.wowhead.com/?search={searchTerms}
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{8AFDB4EC-5AD7-4787-8CB6-D778F0D888FF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{9C2F76C3-1BD4-4B29-8D23-67AA599FDDEC}: "URL" = http://www.ask.com/web?q={searchTerms}&search=search&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=766371"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: tunebite-firefox-surf-and-catch-extension@audials.com:1.4.7600.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: imgflashblocker@shimon.chohen:0.56
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.5
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q="
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files (x86)\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2010/06/16 19:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/26 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/25 21:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 17:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/31 22:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/18 08:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/02/24 16:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martha\AppData\Roaming\Mozilla\Extensions
[2010/02/24 16:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martha\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/08 08:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions
[2011/01/07 14:36:53 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2012/05/18 11:31:41 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\DeviceDetection@logitech.com
[2012/03/07 17:34:40 | 000,000,000 | ---D | M] (Muter) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\muter@yxl.name
[2011/03/15 21:19:55 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\personas@christopher.beard
[2012/05/07 00:53:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com
[2011/03/01 12:04:58 | 000,002,273 | ---- | M] () -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\searchplugins\ask.xml
[2012/03/07 17:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/07 14:13:23 | 000,222,171 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2012/03/07 17:34:44 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/03/07 17:34:44 | 000,061,700 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
[2012/01/07 12:30:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/07 17:34:44 | 000,088,908 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
[2012/03/07 17:34:40 | 000,470,149 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI
[2012/04/01 22:12:21 | 000,274,461 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\TRIDENT@TRIDENT.COM.UA.XPI
[2012/03/07 17:34:40 | 000,009,961 | ---- | M] () (No name found) -- C:\USERS\MARTHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8ZQPKIEO.DEFAULT\EXTENSIONS\YOUTUBEQUALITY@RZLL.XPI
[2012/05/02 17:38:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/07 00:53:18 | 000,002,119 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2010/11/19 14:51:56 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/05/24 16:37:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120425191108.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425191108.dll (McAfee, Inc.)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-2050827228-4175137052-466423314-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2050827228-4175137052-466423314-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2050827228-4175137052-466423314-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2050827228-4175137052-466423314-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9764D748-03B5-490E-94BC-965A01029523}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/25 20:59:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Public\M\Documents\OTL.exe
[2012/05/24 23:02:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Public\M\Documents\aswMBR.exe
[2012/05/24 23:00:31 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Public\M\Documents\tdsskiller.exe
[2012/05/24 21:06:42 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Public\Desktop\spybotsd162.exe
[2012/05/24 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Desktop
[2012/05/24 16:45:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/24 16:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/24 16:37:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/24 16:25:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/24 16:25:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/24 16:25:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/24 16:25:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/24 16:25:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/24 16:23:42 | 004,525,926 | R--- | C] (Swearware) -- C:\Users\Public\M\Documents\ComboFix.exe
[2012/05/23 21:41:18 | 000,000,000 | ---D | C] -- C:\Users\Martha\Documents
[2012/05/23 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Roaming\Dell
[2012/05/23 17:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/05/23 17:24:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/05/23 17:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/05/23 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/05/23 17:22:27 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Roaming\PCDr
[2012/05/23 16:48:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Public\Desktop\Desktop\spybotsd162.exe
[2012/05/23 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Roaming\NVIDIA
[2012/05/23 10:28:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/23 07:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/23 07:24:09 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/05/23 07:24:08 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/23 07:24:03 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/05/23 07:24:03 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/05/23 07:24:03 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/23 07:24:03 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/23 07:24:02 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/05/23 07:24:02 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/23 07:24:01 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/23 07:24:00 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/05/23 07:20:45 | 168,454,136 | ---- | C] (NVIDIA Corporation) -- C:\Users\Public\M\Documents\301.42-desktop-win7-winvista-64bit-english-whql.exe
[2012/05/22 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Roaming\Malwarebytes
[2012/05/22 18:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/22 18:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/21 08:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gimp-2.0
[2012/05/21 08:46:03 | 000,000,000 | ---D | C] -- C:\temp
[2012/05/21 08:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chromagic
[2012/05/16 06:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/16 06:52:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/15 09:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picaboo Desktop
[2012/05/09 08:00:50 | 000,000,000 | ---D | C] -- C:\Users\Public\M\Documents\Scrapbooking
[2012/05/08 23:59:45 | 000,000,000 | ---D | C] -- C:\Users\Public\M\Documents\PicabooX
[2012/05/08 23:05:27 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2012/05/08 15:55:15 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 15:55:14 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/08 15:55:14 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/08 15:55:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/08 15:55:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/08 15:54:35 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 15:54:33 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/08 15:54:32 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Local\blekkotb
[2012/05/07 00:53:22 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Digital Talking Parrot
[2012/05/07 00:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AV Digital Talking Parrot
[2012/05/07 00:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/05/07 00:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/02 17:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/02 16:02:16 | 016,339,280 | ---- | C] (Mozilla) -- C:\Users\Public\M\Documents\Firefox Setup 12.0.exe
[2012/04/26 12:45:34 | 000,000,000 | ---D | C] -- C:\Users\Public\M\Documents\Gardening

========== Files - Modified Within 30 Days ==========

[2012/05/25 21:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/25 20:59:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Public\M\Documents\OTL.exe
[2012/05/25 07:25:26 | 000,000,512 | ---- | M] () -- C:\Users\Public\M\Documents\MBR.dat
[2012/05/24 23:03:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Public\M\Documents\aswMBR.exe
[2012/05/24 23:00:32 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Public\M\Documents\tdsskiller.exe
[2012/05/24 16:48:50 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 16:48:50 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 16:37:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/24 16:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/24 16:36:59 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 16:23:42 | 004,525,926 | R--- | M] (Swearware) -- C:\Users\Public\M\Documents\ComboFix.exe
[2012/05/24 15:50:14 | 000,051,636 | ---- | M] () -- C:\Users\Public\M\Documents\Bleeping.rtf
[2012/05/24 15:48:28 | 000,852,401 | ---- | M] () -- C:\Users\Public\M\Documents\SecurityCheck.exe
[2012/05/23 13:17:41 | 000,004,645 | ---- | M] () -- C:\Users\Public\M\Documents\End Times.rtf
[2012/05/23 07:21:34 | 168,454,136 | ---- | M] (NVIDIA Corporation) -- C:\Users\Public\M\Documents\301.42-desktop-win7-winvista-64bit-english-whql.exe
[2012/05/18 11:41:50 | 000,289,037 | ---- | M] () -- C:\Users\Public\M\Documents\Joey1.PNG
[2012/05/18 11:33:45 | 017,542,624 | ---- | M] () -- C:\Users\Public\M\Documents\illuminated-keyboard620-001196002403amr.pdf
[2012/05/17 15:43:35 | 000,001,846 | ---- | M] () -- C:\Users\Martha\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee SecurityCenter.lnk
[2012/05/16 09:58:19 | 000,033,718 | ---- | M] () -- C:\Users\Public\M\Documents\Confirmation Page_do.htm
[2012/05/15 15:46:00 | 006,386,085 | ---- | M] () -- C:\Users\Public\M\Documents\Canon Manual.pdf
[2012/05/15 09:38:06 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Picaboo Desktop.lnk
[2012/05/15 06:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/05/15 06:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/05/15 06:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/15 06:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/05/15 06:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/15 06:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/05/15 06:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/05/15 06:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/05/15 06:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/05/15 06:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/15 06:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/05/15 06:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/05/15 06:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/05/15 06:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/15 06:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/15 06:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/05/15 06:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/05/15 06:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/05/15 06:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/15 06:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/15 06:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/15 05:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/05/15 05:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/05/15 05:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/05/15 05:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 03:44:28 | 000,740,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 03:44:28 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 03:44:28 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/09 03:37:51 | 002,421,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/07 18:43:01 | 000,002,516 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/05/07 01:00:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/07 01:00:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/07 01:00:04 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/02 16:02:31 | 016,339,280 | ---- | M] (Mozilla) -- C:\Users\Public\M\Documents\Firefox Setup 12.0.exe

========== Files Created - No Company Name ==========

[2012/05/25 07:25:26 | 000,000,512 | ---- | C] () -- C:\Users\Public\M\Documents\MBR.dat
[2012/05/24 21:06:42 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2012/05/24 21:06:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/24 21:06:42 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/05/24 21:06:42 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Picaboo Desktop.lnk
[2012/05/24 21:06:42 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/05/24 21:06:42 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Tunebite.lnk
[2012/05/24 21:06:42 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Replica.lnk
[2012/05/24 21:06:42 | 000,000,395 | ---- | C] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2012/05/24 16:25:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/24 16:25:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/24 16:25:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/24 16:25:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/24 16:25:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/24 15:48:27 | 000,852,401 | ---- | C] () -- C:\Users\Public\M\Documents\SecurityCheck.exe
[2012/05/24 10:42:41 | 000,051,636 | ---- | C] () -- C:\Users\Public\M\Documents\Bleeping.rtf
[2012/05/23 16:48:54 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Desktop\Tunebite.lnk
[2012/05/23 13:17:41 | 000,004,645 | ---- | C] () -- C:\Users\Public\M\Documents\End Times.rtf
[2012/05/18 11:41:49 | 000,289,037 | ---- | C] () -- C:\Users\Public\M\Documents\Joey1.PNG
[2012/05/18 11:33:40 | 017,542,624 | ---- | C] () -- C:\Users\Public\M\Documents\illuminated-keyboard620-001196002403amr.pdf
[2012/05/17 15:43:35 | 000,001,846 | ---- | C] () -- C:\Users\Martha\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee SecurityCenter.lnk
[2012/05/16 09:58:19 | 000,033,718 | ---- | C] () -- C:\Users\Public\M\Documents\Confirmation Page_do.htm
[2012/05/15 15:45:58 | 006,386,085 | ---- | C] () -- C:\Users\Public\M\Documents\Canon Manual.pdf
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/07 00:53:18 | 000,479,232 | ---- | C] () -- C:\Windows\SysWow64\Parrot.scr
[2011/12/24 18:32:32 | 000,013,838 | -HS- | C] () -- C:\Users\Martha\AppData\Local\l33f14671p7lcw2vi6qh847
[2011/12/24 18:32:32 | 000,013,838 | -HS- | C] () -- C:\ProgramData\l33f14671p7lcw2vi6qh847
[2011/03/26 10:44:35 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/11/29 00:58:45 | 000,010,752 | ---- | C] () -- C:\Users\Martha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 19:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/15 13:53:52 | 000,000,094 | ---- | C] () -- C:\Users\Martha\AppData\Local\fusioncache.dat
[2010/09/05 09:11:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 641 bytes -> C:\Users\Public\M\Documents\F1.eml:OECustomProperty

< End of report >

OTL Extras logfile created on: 5/25/2012 9:01:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Public\M\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 63.80% Memory free
12.00 Gb Paging File | 9.36 Gb Available in Paging File | 77.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 716.51 Gb Free Space | 76.93% Space Free | Partition Type: NTFS

Computer Name: MARTHA-PC | User Name: Martha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0963B64F-CC5C-45C2-8F48-D4CE22F70563}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{12E31F8F-6816-47D4-9D4F-6A46365D7E41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24DBF41E-507E-41CE-B63F-8B4C5A19D454}" = lport=139 | protocol=6 | dir=in | app=system |
"{2559AAED-A1C8-4A75-94CD-FE047A27C2FF}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{2FBBDBDF-22BD-4075-B991-07D7FEA6AE14}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4502881E-28A1-4936-A480-AD126E84CC03}" = lport=445 | protocol=6 | dir=in | app=system |
"{50F92396-199A-4B86-B132-9E9923DAD627}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59130F12-FD27-42BA-9EEA-F32374C36B60}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{594EA1C1-98D7-416A-9FBA-7F1357EDC90B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67A335DE-F6A9-4556-9A27-D8996CCC2407}" = rport=138 | protocol=17 | dir=out | app=system |
"{7861029F-E89F-4191-A7CA-3B96521E4F63}" = rport=445 | protocol=6 | dir=out | app=system |
"{80D8EF45-17E2-4A8A-9333-D08D95BB3546}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{810CCB06-392D-4362-B64C-ABD814E86E2F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{821A0898-5E27-4059-8983-6B8FD4AEA3F0}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8414453C-D2D2-4903-855B-4D7F38D8CEDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85BE8F13-3E6E-49F9-93F9-50A258F9CD92}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{95FFD064-558D-4A86-B491-692057DDB040}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98571E31-4408-46D2-A12B-9EC48185D488}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{A0214240-BF2C-4980-ADBE-E991E7C48F65}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0B48CA9-9707-47AB-BB7D-0C2789D8C1AB}" = lport=137 | protocol=17 | dir=in | app=system |
"{B86BA3D5-F39D-4514-99AE-66F6C69DA0AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C383F94E-0462-45E9-B48C-D091F6C70B6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C836195F-91D5-4564-8D62-AB02F755008C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C908098C-A139-41D6-BD29-BDEA87CB2365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAB83BB7-20A0-42C5-8D64-70D9C4457240}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE539639-B4D2-458D-A6D8-60488EEFC031}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB5A0140-B7E2-4FEF-847D-6E6C112009D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBD65E3F-84ED-4B0A-9632-CF8792478FEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{FBEE9E13-AA7A-42F0-A2EC-D74992D4FC02}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F227D5-A9C4-46B0-97BC-9AFEBE8E774C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{0990A489-6CCF-443D-9E90-51DD36884EB5}" = protocol=58 | dir=in | app=system |
"{0B6CFC43-7657-4194-AB2F-39C25D408F58}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E5A4291-DE9C-43A3-92AE-24565084A168}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{18828C19-945D-4A6F-ACDB-9546F14BA8D4}" = protocol=6 | dir=out | app=system |
"{291AEF64-94CD-4EA3-9290-185B54DDC58B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2A0F5EC0-C370-489A-9A3D-97C0A2F018CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E4B25A8-A742-42CC-9923-51B0ADEAF0C7}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{2ED829FC-9864-4520-AFEF-EE65577726C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FCD0E20-A9EB-4507-9B2E-522C5441E0AA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{33C92AFB-0039-45F0-A3A6-828117FE1348}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{380A8764-6772-4FB3-99C8-6531CA2267C9}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{39B89B35-217C-41B3-A32B-C4F5480474C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3EBB92B3-1B08-417A-8F9E-9234812A9F46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42B02E83-8242-4B23-AC50-FBD778C1EB04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47E1E1A4-4EFE-4A7D-A912-63DB8E107214}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A91425F-B4C9-4243-A4A2-927C83FAC3DF}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{4B8668D0-3497-4F5B-9224-9A584A0AEBE3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54225C14-8856-4E6A-BD76-AE321AE26B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{54878984-0BF7-4E36-9356-04A27BCD5391}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B99C09B-7422-48FA-B77C-3B5246E31577}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{616DE0F2-10B4-44C2-B0AD-BCB379004743}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FEF4CA3-F038-4558-A4AB-4C9977D987A7}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{74887DF8-07CF-4533-A9EC-3B78426FDC1C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{74A00E18-B082-47BF-B784-5353FB09AEF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EB25C0C-9BBD-418B-AE09-9B9C06963D08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{822D56C0-A347-4834-B66A-F503A2811CD8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{871E68BF-0F3B-4F40-BB8D-9EE3A6BDF735}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8B48CF77-9DFD-486C-92B7-6DFE2371F00B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BCDD213-678B-4748-88E0-2D3B7551F835}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BDE3D960-3A03-4F53-B6E7-310A9168221B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C050D123-9472-4708-818E-3B249A3F4E63}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C5F3C391-4D09-4E25-95D4-729656F4B6A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6DCD3BF-7F82-4CB5-A64A-91F200FB04A2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EE63E57F-71C0-42B5-9E70-FF1D5D26C940}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EF78BCC6-8336-4196-903F-6BACD1E0E269}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFFB943E-A9EC-460F-9020-9530915BB9AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1F11038-9556-4F54-B655-A1A20F514D15}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{F3EB465A-6295-4418-BA66-14525A86B12E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SP6" = Logitech SetPoint 6.15

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{077A8CAB-8B4D-4A15-93CF-FA0F8EFA5F0C}" = Tunebite
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ACE2B50-E2E7-4D61-BB49-08162A38FCF2}" = Buzz 3D Media Converter
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = ArcSoft PhotoStudio 5.5
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B2DACD1-BAB5-4760-BF4C-3DC9054A751C}" = Living Cookbook 2008
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}" = Manual CanoScan LiDE 35
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C6EA225-7170-4891-A04A-46BEC72EB58E}" = Tunebite
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853DEC95-42DD-953D-6FEC-9DF7E96B5568}" = Picaboo Desktop
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BA1DF0E6-68B1-4f8e-865A-A75D62FC282F_is1" = Seagate Replica v3.0.1801.8554
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo Desktop
"doubleTwist" = doubleTwist
"Legacy 7.5" = Legacy 7.5
"Living Cookbook 2008" = Living Cookbook 2008
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Parrot 1.0.19(Screen Saver ability)" = Parrot 1.0.19(Screen Saver ability)
"Photodex Presenter" = Photodex Presenter
"PlayerScore" = PlayerScore
"ProShow Gold" = ProShow Gold
"Rhapsody" = Rhapsody
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2012 12:08:43 PM | Computer Name = Martha-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/24/2012 4:04:41 PM | Computer Name = Martha-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 5/24/2012 4:04:41 PM | Computer Name = Martha-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 5/24/2012 4:41:19 PM | Computer Name = Martha-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 5/24/2012 4:41:20 PM | Computer Name = Martha-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 5/24/2012 8:50:29 PM | Computer Name = Martha-PC | Source = VSS | ID = 8193
Description =

Error - 5/24/2012 9:05:26 PM | Computer Name = Martha-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Bridge.exe, version: 2.1.1.9, time stamp:
0x472fecc7 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp:
0x4ec49d10 Exception code: 0xc0000005 Fault offset: 0x0002defe Faulting process id:
0x1734 Faulting application start time: 0x01cd39ffd78b80a0 Faulting application path:
C:\Program Files (x86)\Adobe\Adobe Bridge CS3\Bridge.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: b5c42f04-a605-11e1-92b9-0021704c8327

Error - 5/25/2012 12:38:09 AM | Computer Name = Martha-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/25/2012 3:19:36 AM | Computer Name = Martha-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/25/2012 4:14:28 AM | Computer Name = Martha-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 5/24/2012 4:31:38 PM | Computer Name = Martha-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/24/2012 4:35:55 PM | Computer Name = Martha-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/24/2012 4:37:14 PM | Computer Name = Martha-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 5/24/2012 4:37:20 PM | Computer Name = Martha-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 5/24/2012 4:43:38 PM | Computer Name = Martha-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 5/25/2012 5:39:02 PM | Computer Name = Martha-PC | Source = bowser | ID = 8003
Description =

Error - 5/25/2012 5:51:04 PM | Computer Name = Martha-PC | Source = bowser | ID = 8003
Description =

Error - 5/25/2012 6:03:06 PM | Computer Name = Martha-PC | Source = bowser | ID = 8003
Description =

Error - 5/25/2012 6:15:09 PM | Computer Name = Martha-PC | Source = bowser | ID = 8003
Description =

Error - 5/25/2012 6:27:12 PM | Computer Name = Martha-PC | Source = bowser | ID = 8003
Description =


< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 PM

Posted 26 May 2012 - 01:22 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O4 - HKU\S-1-5-21-2050827228-4175137052-466423314-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 641 bytes -> C:\Users\Public\M\Documents\F1.eml:OECustomProperty  
    IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=7B894BD297E1E8B430B47D62&q={searchTerms}
    IE - HKU\S-1-5-21-2050827228-4175137052-466423314-1001\..\SearchScopes\{9C2F76C3-1BD4-4B29-8D23-67AA599FDDEC}: "URL" = http://www.ask.com/web?q={searchTerms}&search=search&qsrc=0&o=0&l=dir
    FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    [2012/05/07 00:53:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com
    [2011/03/01 12:04:58 | 000,002,273 | ---- | M] () -- C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\searchplugins\ask.xml
    [2012/05/07 00:53:18 | 000,002,119 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
    [2012/05/08 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\Martha\AppData\Local\blekkotb
    [2012/05/07 00:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
    [2011/12/24 18:32:32 | 000,013,838 | -HS- | C] () -- C:\Users\Martha\AppData\Local\l33f14671p7lcw2vi6qh847
    [2011/12/24 18:32:32 | 000,013,838 | -HS- | C] () -- C:\ProgramData\l33f14671p7lcw2vi6qh847
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 26 May 2012 - 07:46 PM

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\Users\Public\M\Documents\F1.eml:OECustomProperty deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9C2F76C3-1BD4-4B29-8D23-67AA599FDDEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C2F76C3-1BD4-4B29-8D23-67AA599FDDEC}\ not found.
Prefs.js: "WiseConvert Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Blekko" removed from browser.search.selectedEngine
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\searchplugins\ask.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml moved successfully.
C:\Users\Martha\AppData\Local\blekkotb\data folder moved successfully.
C:\Users\Martha\AppData\Local\blekkotb folder moved successfully.
C:\Program Files (x86)\Yontoo folder moved successfully.
C:\Users\Martha\AppData\Local\l33f14671p7lcw2vi6qh847 moved successfully.
C:\ProgramData\l33f14671p7lcw2vi6qh847 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Public\M\Documents\cmd.bat deleted successfully.
C:\Users\Public\M\Documents\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Martha
->Java cache emptied: 511956 bytes

User: Public

User: TEMP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Martha
->Flash cache emptied: 2011240 bytes

User: Public

User: TEMP
->Flash cache emptied: 56466 bytes

Total Flash Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05262012_193118

Thank-you yet once again....

So far everything is fast and doesn't freeze or get hung and the programs I have worked with so far are working perfectly! You are amazing!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 PM

Posted 26 May 2012 - 08:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 marirw

marirw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 27 May 2012 - 08:13 AM

ComboFix 12-05-26.02 - Administrator 05/26/2012 23:36:04.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4631 [GMT -4:00]
Running from: c:\users\Public\M\Documents\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 03:44 . 2012-05-27 03:44 -------- d-----w- c:\users\Martha\AppData\Local\temp
2012-05-27 03:44 . 2012-05-27 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 03:27 . 2012-05-27 03:27 -------- d-----w- c:\users\TEMP
2012-05-27 03:01 . 2012-05-27 03:01 -------- d-----w- c:\program files\Logitech
2012-05-27 02:32 . 2012-05-27 02:35 -------- d-----w- c:\users\Administrator
2012-05-26 23:31 . 2012-05-26 23:31 -------- d-----w- C:\_OTL
2012-05-23 21:24 . 2012-05-23 21:24 -------- d-----w- c:\users\Martha\AppData\Roaming\Dell
2012-05-23 21:24 . 2012-05-23 21:24 -------- d-----w- c:\programdata\PCDr
2012-05-23 21:24 . 2012-05-23 21:24 -------- d-----w- c:\programdata\Dell
2012-05-23 21:23 . 2012-05-23 21:24 -------- d-----w- c:\program files\Dell Support Center
2012-05-23 21:22 . 2012-05-23 21:22 -------- d-----w- c:\users\Martha\AppData\Roaming\PCDr
2012-05-23 18:23 . 2012-05-23 18:23 -------- d-----w- c:\users\Martha\AppData\Roaming\NVIDIA
2012-05-23 17:36 . 2012-05-23 17:39 -------- d-----w- c:\users\Public\M
2012-05-23 17:06 . 2012-05-23 17:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-23 14:28 . 2012-05-23 14:28 -------- d-----w- c:\windows\system32\SPReview
2012-05-23 11:24 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-23 11:24 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-23 11:24 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-23 11:24 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-23 11:24 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-23 11:24 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-23 11:24 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-23 11:24 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-23 11:24 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-23 11:24 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-23 11:24 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-22 22:05 . 2012-05-22 22:05 -------- d-----w- c:\users\Martha\AppData\Roaming\Malwarebytes
2012-05-22 22:04 . 2012-05-22 22:04 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 22:04 . 2012-05-23 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-21 12:52 . 2012-05-23 00:14 -------- d-----w- c:\program files (x86)\Gimp-2.0
2012-05-21 12:46 . 2012-05-21 12:46 -------- d-----w- C:\temp
2012-05-16 10:52 . 2012-05-23 00:14 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 13:38 . 2012-05-15 13:38 -------- d-----w- c:\program files (x86)\Picaboo Desktop
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-09 03:05 . 2012-05-09 03:05 -------- d-----w- c:\users\Martha\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
2012-05-08 19:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 19:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 19:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-08 19:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-08 19:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-08 19:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-08 19:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-08 19:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-08 19:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-08 19:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-08 19:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 19:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 19:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 19:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 19:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 19:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 19:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 19:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 19:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-07 04:53 . 2012-03-19 20:02 479232 ----a-w- c:\windows\SysWow64\Parrot.scr
2012-05-07 04:53 . 2012-05-07 04:53 -------- d-----w- c:\program files (x86)\AV Digital Talking Parrot
2012-05-07 04:52 . 2012-05-08 12:51 -------- d-----w- c:\programdata\Tarma Installer
2012-05-02 21:38 . 2012-05-02 21:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 21:38 . 2012-05-02 21:38 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 21:38 . 2012-05-02 21:38 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 03:02 . 2010-10-21 23:36 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-15 10:48 . 2012-02-22 20:50 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 20:50 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 20:50 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-11-11 22:12 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-11 22:12 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-11-11 22:11 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-05-21 11:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 11:01 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-07-13 21:59 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 09:29 . 2011-11-11 20:24 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-11-11 20:24 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-11-11 20:24 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-11-11 20:24 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-11-11 20:24 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-07 05:00 . 2012-04-12 13:51 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-07 05:00 . 2011-05-31 17:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 05:00 . 2012-04-12 14:00 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-07 19:26 . 2012-03-07 19:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 19:26 . 2012-03-07 19:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 19:26 . 2012-03-07 19:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 19:26 . 2012-03-07 19:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 19:26 . 2012-03-07 19:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 19:26 . 2012-03-07 19:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 19:26 . 2012-03-07 19:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 19:26 . 2012-03-07 19:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 19:26 . 2012-03-07 19:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 19:26 . 2012-03-07 19:26 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 19:26 . 2012-03-07 19:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 19:26 . 2012-03-07 19:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 19:26 . 2012-03-07 19:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 19:26 . 2012-03-07 19:26 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 19:26 . 2012-03-07 19:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 19:26 . 2012-03-07 19:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 19:26 . 2012-03-07 19:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 19:26 . 2012-03-07 19:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 19:26 . 2012-03-07 19:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 19:26 . 2012-03-07 19:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 19:26 . 2012-03-07 19:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 19:26 . 2012-03-07 19:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 19:26 . 2012-03-07 19:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 19:26 . 2012-03-07 19:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 19:26 . 2012-03-07 19:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 19:26 . 2012-03-07 19:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 19:26 . 2012-03-07 19:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 19:26 . 2012-03-07 19:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 19:26 . 2012-03-07 19:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 19:26 . 2012-03-07 19:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 19:26 . 2012-03-07 19:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 19:26 . 2012-03-07 19:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 19:26 . 2012-03-07 19:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 19:26 . 2012-03-07 19:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 06:54 . 2012-04-12 07:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 07:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 07:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_20.37.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 14:24 . 2012-05-27 03:47 65578 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-27 03:47 31508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-23 21:49 . 2012-05-27 02:55 23538 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2050827228-4175137052-466423314-1001_UserData.bin
+ 2011-09-02 06:30 . 2011-09-02 06:30 55064 c:\windows\system32\LMouFiltCoInst.dll
+ 2009-07-14 05:30 . 2012-05-27 03:02 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-05-23 11:28 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-09-02 06:30 . 2011-09-02 06:30 55064 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_12000fce12220350\LMouFiltCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 60696 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_12000fce12220350\LMouFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 66840 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_12000fce12220350\LHidFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 66840 c:\windows\system32\DriverStore\FileRepository\lfkbdhid.inf_amd64_neutral_99503c6390c9346a\LHidFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 42776 c:\windows\system32\DriverStore\FileRepository\lfhidusb.inf_amd64_neutral_6d6ec350722ee849\LUsbFilt.sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 66840 c:\windows\system32\DriverStore\FileRepository\lfhidhid.inf_amd64_neutral_67db93f52e33f460\LHidFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 15128 c:\windows\system32\DriverStore\FileRepository\lfhideqd.inf_amd64_neutral_f82f5301e4a99eb5\LHidEqd.sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 76056 c:\windows\system32\DriverStore\FileRepository\lfeqdusb.inf_amd64_neutral_c33b2f7768fc3d46\LEqdUsb.sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 52504 c:\windows\system32\DriverStore\FileRepository\lbtcoins.inf_amd64_neutral_cbd347b8acf5ddfe\LBTCoIns.DLL
+ 2011-09-02 06:30 . 2011-09-02 06:30 60696 c:\windows\system32\drivers\LMouFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 66840 c:\windows\system32\drivers\LHidFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 15128 c:\windows\system32\drivers\LHidEqd.sys
+ 2011-09-02 06:30 . 2011-09-02 06:30 76056 c:\windows\system32\drivers\LEqdUsb.sys
- 2010-02-24 00:26 . 2012-05-24 20:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-24 00:26 . 2012-05-27 03:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-24 00:26 . 2012-05-24 20:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-24 00:26 . 2012-05-27 03:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 03:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-27 02:33 . 2012-05-27 03:47 2754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2050827228-4175137052-466423314-500_UserData.bin
- 2012-05-24 20:37 . 2012-05-24 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-27 03:45 . 2012-05-27 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-24 20:37 . 2012-05-24 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-27 03:45 . 2012-05-27 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-26 06:07 632930 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 07:44 632930 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 07:44 110564 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-26 06:07 110564 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-05-27 03:02 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-23 11:28 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-23 11:28 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-05-27 03:01 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-05-27 03:44 510320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-24 20:36 510320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-11-16 18:10 . 2009-11-16 18:10 889344 c:\windows\Installer\2e4b7.msi
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\LkmdfCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_12000fce12220350\LkmdfCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\DriverStore\FileRepository\lfkbdhid.inf_amd64_neutral_99503c6390c9346a\LkmdfCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\DriverStore\FileRepository\lfhidusb.inf_amd64_neutral_6d6ec350722ee849\LkmdfCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\DriverStore\FileRepository\lfhidhid.inf_amd64_neutral_67db93f52e33f460\LkmdfCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\DriverStore\FileRepository\lfhideqd.inf_amd64_neutral_f82f5301e4a99eb5\LkmdfCoInst.dll
+ 2011-09-02 06:30 . 2011-09-02 06:30 1845528 c:\windows\system32\DriverStore\FileRepository\lfeqdusb.inf_amd64_neutral_c33b2f7768fc3d46\LkmdfCoInst.dll
+ 2012-05-27 02:51 . 2012-05-27 03:44 2566906 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2050827228-4175137052-466423314-500-12288.dat
- 2009-07-14 02:34 . 2012-05-24 20:16 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-27 03:38 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-12-25 03:46 . 2012-05-27 02:58 34443448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2050827228-4175137052-466423314-1001-8192.dat
- 2011-03-02 21:35 . 2012-05-22 23:58 23757938 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2050827228-4175137052-466423314-1001-4096.dat
+ 2011-03-02 21:35 . 2012-05-27 02:30 23757938 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2050827228-4175137052-466423314-1001-4096.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-26 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2011-11-11 738776]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-23 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files (x86)\Seagate Replica\bin\ReplicaSysMon.exe [2010-06-08 416208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe [2010-06-08 1947600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\8zqpkieo.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - prefs.js: network.proxy.type - 2
FF - user.js: extentions.y2layers.installId - cd26d667-9f32-485f-8d36-5095e1b1947a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Seagate-Replica-Svc]
"ImagePath"="c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2050827228-4175137052-466423314-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PSIService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe
c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Tray.exe
.
**************************************************************************
.
Completion time: 2012-05-26 23:53:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 03:53
ComboFix2.txt 2012-05-27 02:41
ComboFix3.txt 2012-05-24 20:45
.
Pre-Run: 774,444,716,032 bytes free
Post-Run: 774,378,344,448 bytes free
.
- - End Of File - - E811DA9778649E87AA379D35D29FB0AE


For some reason, I am having issues with the administrator on this computer. I have tried to fix it myself as we have gone through this computer and I am continuing to have issues. I first began to "fix" it when I realized I could not save anything to the desktop. That has made doing these tests a bit more of a challenge and have saved everything to "My Documents". I am the sole user of this machine and it used to work such that I did not log on and was administrator under Martha. Now I have an administrator log in and a Martha log in and the administrator has no history of preferences on the computer. I have old files from a prior computer, public files and now I have a new administrator. That has confused me greatly as we do these tests.

As the computer would reboot during this last test, the above was my biggest problem.

I also still have Yahoo Spigot Search.

I so greatly appreciate your help with my computer and feel you have spent an enormous amount of time helping me. I cannot thank-you enough.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users