Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon-B


  • This topic is locked This topic is locked
42 replies to this topic

#1 bedtimefrog

bedtimefrog

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 03 July 2012 - 08:36 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by becky at 18:14:39 on 2012-07-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2036.1096 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\Explorer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\UTSCSI.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System\w98eject.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mywinnipeg.com/
mStart Page = hxxp://search.gboxapp.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Facebook Update] "c:\users\becky\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "c:\users\becky\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\becky\appdata\local\temp\{759aa010-f436-42cb-9630-81bc7692327a}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\w98eject.lnk - c:\windows\system\w98eject.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Shareaza - c:\program files\morpheus music\RazaWebHook.dll/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Beach%20Party%20Craze/Images/stg_drm.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Beach%20Party%20Craze/Images/armhelper.ocx
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6B67A9A-260D-4704-AABC-2E312ACBAE1B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E293DC91-DDF9-4FDC-8747-97BC79A65185} : DhcpNameServer = 192.168.0.1
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-4 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-27 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-27 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-27 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-3 21504]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\cisco systems\cisco valet connector\CiscoAdapterSvc.exe [2012-4-3 529024]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\am10va.sys [2010-7-30 836384]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2012-6-4 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2012-6-4 509760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-2 257224]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2012-1-10 107904]
.
=============== Created Last 30 ================
.
2012-07-03 06:49:57 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a568c07a-d0a5-46b6-9446-8a918cfec339}\mpengine.dll
2012-07-02 15:32:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 15:32:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 19:40:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-01 06:30:42 -------- d-----w- c:\users\becky\appdata\local\{5DF6C488-F68A-4F7C-8503-8386AD7A3A8E}
2012-07-01 06:30:25 -------- d-----w- c:\users\becky\appdata\local\{5F22A333-45DE-46B0-92EE-0E663DA2B70A}
2012-06-30 15:48:08 -------- d-----w- c:\users\becky\appdata\local\{7B743901-5A87-4573-AE45-0AECFDC24753}
2012-06-30 15:47:56 -------- d-----w- c:\users\becky\appdata\local\{347D4982-47F2-4769-9788-71B27612FDEA}
2012-06-30 03:47:11 -------- d-----w- c:\users\becky\appdata\local\{F45C090C-A81A-48EB-8572-4BA549AEEEF7}
2012-06-30 03:46:33 -------- d-----w- c:\users\becky\appdata\local\{0B9A79B6-C9C4-4F47-8EA0-B74965066160}
2012-06-29 16:29:11 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-29 15:46:00 -------- d-----w- c:\users\becky\appdata\local\{67BF6E9F-9062-415A-A003-96CA7E12533E}
2012-06-29 15:45:43 -------- d-----w- c:\users\becky\appdata\local\{C35F07B7-179F-4B93-B7A2-C4EEAEF4FBD6}
2012-06-27 14:18:00 -------- d-----w- c:\users\becky\appdata\local\{C95C19DB-33C9-4D8F-A7CA-877B6FFE48BC}
2012-06-27 14:17:44 -------- d-----w- c:\users\becky\appdata\local\{05BAF087-3E9B-47D7-BA62-D2D3A5738B0D}
2012-06-26 17:35:35 -------- d-----w- c:\users\becky\appdata\local\{8705BCEB-6F74-4BB5-AFBA-A187560026FD}
2012-06-26 17:35:03 -------- d-----w- c:\users\becky\appdata\local\{C17C6719-9563-4246-9AEA-87D1BE5B23E5}
2012-06-26 17:09:08 -------- d-----w- c:\users\becky\appdata\roaming\SUPERAntiSpyware.com
2012-06-26 17:08:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-25 18:23:06 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2012-06-25 18:11:27 -------- d-----w- c:\users\becky\appdata\roaming\GameHouse
2012-06-25 16:57:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 06:57:07 -------- d-----w- c:\users\becky\appdata\local\{D568273B-1BDC-40F7-91A0-A232D462A789}
2012-06-25 06:57:04 -------- d-----w- c:\users\becky\appdata\local\{5A87911F-1B29-4D02-B184-B03F1DED1A45}
2012-06-24 18:55:06 -------- d-----w- c:\users\becky\appdata\local\{25A63652-0E65-493E-AFF9-6BA76BC31FA6}
2012-06-24 18:54:22 -------- d-----w- c:\users\becky\appdata\local\{038D0B34-5CAF-4622-9916-F18D309B7ADF}
2012-06-22 19:45:53 -------- d-----w- c:\users\becky\appdata\local\{99452DFA-AD69-4E99-B5D1-25EEA73CDF8F}
2012-06-22 19:44:29 -------- d-----w- c:\users\becky\appdata\local\{50F5462C-E61E-4741-853E-19F071A82F13}
2012-06-22 03:46:13 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-22 03:46:13 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-22 03:44:18 -------- d-----w- c:\program files\iPod
2012-06-22 03:44:15 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-22 03:44:15 -------- d-----w- c:\program files\iTunes
2012-06-22 03:38:27 -------- d-----w- c:\program files\Bonjour
2012-06-19 21:08:22 -------- d-----w- c:\users\becky\appdata\local\{F1735578-0705-4699-BF75-ECE9F97A4C16}
2012-06-19 21:08:10 -------- d-----w- c:\users\becky\appdata\local\{4E07F7DD-9DC3-4CEE-A14A-720B98A5AFE1}
2012-06-19 19:52:35 -------- d-----w- c:\users\becky\appdata\roaming\FreezeTag
2012-06-19 14:29:37 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:28:58 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:28:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 14:28:39 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 17:12:18 -------- d-----w- c:\users\becky\appdata\local\{78D4DB8D-A791-42E9-974F-AA4B86C52661}
2012-06-18 05:11:18 -------- d-----w- c:\users\becky\appdata\local\{A61872EF-3CBF-423B-BA7E-7BCD49B802E2}
2012-06-17 17:11:02 -------- d-----w- c:\users\becky\appdata\local\{BD1D5539-19F6-40E0-A5D4-89CC50F5BAC5}
2012-06-16 20:36:52 -------- d-----w- c:\users\becky\appdata\local\{9773EC00-4F32-486A-A299-AB5E13746B88}
2012-06-16 02:27:24 -------- d-----w- c:\users\becky\appdata\local\{A3CE5A7C-B5B1-4ECF-95AC-451521C82FD8}
2012-06-14 15:24:46 -------- d-----w- c:\users\becky\appdata\local\{06633143-330D-4A5E-856C-30D73FADBFBD}
2012-06-14 15:24:43 -------- d-----w- c:\users\becky\appdata\local\{35E40B91-2289-4E6A-8F94-64C84BE7BDEF}
2012-06-13 23:39:46 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:39:46 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:39:46 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:38:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:38:43 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:30:21 -------- d-----w- c:\programdata\PuzzlesByJoe
2012-06-12 23:52:28 -------- d-----w- c:\users\becky\appdata\local\{7AC653A9-8921-43AD-87D7-C730BC2C9637}
2012-06-12 23:51:09 -------- d-----w- c:\users\becky\appdata\local\{EBFCEB08-9F96-45A1-85CD-6C0C49504ED7}
2012-06-11 12:15:55 -------- d-----w- c:\users\becky\appdata\local\{9CFF2485-2EC3-45D6-A170-D1B62E67AD3D}
2012-06-11 12:15:34 -------- d-----w- c:\users\becky\appdata\local\{DFE83C4A-3F82-4E04-8694-EE8B1CFAC9B8}
2012-06-10 23:49:46 -------- d-----w- c:\users\becky\appdata\local\{6F5A6FE2-165F-4581-A8DB-C3941F0FB87A}
2012-06-10 23:48:01 -------- d-----w- c:\users\becky\appdata\local\{89A76269-BC25-4CEE-81E5-3E0BB78E5957}
2012-06-10 11:18:13 -------- d-----w- c:\users\becky\appdata\local\{66AE9566-0B34-46C9-B9CC-391E2BDB7700}
2012-06-10 11:18:10 -------- d-----w- c:\users\becky\appdata\local\{DD993C84-FD28-4EF7-B3AB-ADFE832E4A86}
2012-06-09 23:15:33 -------- d-----w- c:\users\becky\appdata\local\{4A477EE5-F866-4466-AC65-472FCCDAB388}
2012-06-09 23:13:04 -------- d-----w- c:\users\becky\appdata\local\{242F75DB-89B3-4EE7-8417-92B468010D70}
2012-06-07 12:58:06 -------- d-----w- c:\users\becky\appdata\local\{7DF5DF4B-2F36-454B-A956-1C54E558B1E9}
2012-06-07 12:58:04 -------- d-----w- c:\users\becky\appdata\local\{0D66EE56-32E5-4761-82B3-17F75BAB54FE}
2012-06-07 00:57:20 -------- d-----w- c:\users\becky\appdata\local\{020DF096-C40C-42AA-BC1F-BEDDBE17BBAB}
2012-06-07 00:57:12 -------- d-----w- c:\users\becky\appdata\local\{057E13FC-8719-4ABE-AC3C-8B3E2AA3DB91}
2012-06-06 20:04:43 -------- d-----w- c:\programdata\Fugazo
2012-06-06 04:32:17 -------- d-----w- c:\users\becky\appdata\local\{136EF814-2FF9-4777-A907-D56D540B3EC1}
2012-06-06 04:31:11 -------- d-----w- c:\users\becky\appdata\local\{2ADFDF56-91C9-4185-B4C8-1B707D041679}
2012-06-05 22:40:59 -------- d-----w- c:\users\becky\appdata\roaming\Cat's Eye Games
.
==================== Find3M ====================
.
2012-06-29 16:35:22 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-28 12:52:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52:37 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-28 12:52:20 41224 ----a-w- c:\windows\avastSS.scr
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-25 17:11:36 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 17:11:36 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 18:17:55.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 03 July 2012 - 11:41 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 04 July 2012 - 11:33 AM

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Haunted Past: Realm of Ghosts Collector's Edition (remove only)
Rootkit Unhooker LE 3.8 SR 2
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#4 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 04 July 2012 - 12:01 PM

ComboFix 12-07-04.03 - becky 04/07/2012 11:38:59.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2036.685 [GMT -5:00]
Running from: c:\users\becky\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 16:52 . 2012-07-04 16:55 -------- d-----w- c:\users\becky\AppData\Local\temp
2012-07-04 16:52 . 2012-07-04 16:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-04 16:52 . 2012-07-04 16:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-04 16:52 . 2012-07-04 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 11:49 . 2012-07-04 11:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A568C07A-D0A5-46B6-9446-8A918CFEC339}\offreg.dll
2012-07-03 06:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A568C07A-D0A5-46B6-9446-8A918CFEC339}\mpengine.dll
2012-07-02 15:32 . 2012-07-02 15:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 15:32 . 2012-07-02 15:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 19:40 . 2012-07-01 19:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-29 16:36 . 2012-06-29 16:36 -------- d-----w- c:\program files\Common Files\Java
2012-06-29 16:29 . 2012-06-29 16:35 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-28 15:42 . 2012-06-28 15:42 -------- d-----w- c:\program files\7-Zip
2012-06-26 17:09 . 2012-06-26 17:09 -------- d-----w- c:\users\becky\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 17:08 . 2012-06-26 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-25 18:23 . 2012-06-25 18:23 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2012-06-25 18:11 . 2012-06-25 18:11 -------- d-----w- c:\users\becky\AppData\Roaming\GameHouse
2012-06-25 16:57 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 03:46 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-22 03:46 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-22 03:44 . 2012-06-22 03:44 -------- d-----w- c:\program files\iPod
2012-06-22 03:44 . 2012-06-22 03:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-22 03:44 . 2012-06-22 03:46 -------- d-----w- c:\program files\iTunes
2012-06-22 03:42 . 2012-06-22 03:42 -------- d-----w- c:\program files\Apple Software Update
2012-06-22 03:38 . 2012-06-22 03:38 -------- d-----w- c:\program files\Bonjour
2012-06-19 19:52 . 2012-06-30 03:54 -------- d-----w- c:\users\becky\AppData\Roaming\FreezeTag
2012-06-19 14:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:28 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:28 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 23:39 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:39 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:39 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:38 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:38 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:30 . 2012-06-13 19:30 -------- d-----w- c:\programdata\PuzzlesByJoe
2012-06-09 20:32 . 2012-06-09 20:32 -------- d-----w- c:\program files\Common Files\Skype
2012-06-06 20:04 . 2012-06-06 20:04 -------- d-----w- c:\programdata\Fugazo
2012-06-05 22:40 . 2012-06-05 22:40 -------- d-----w- c:\users\becky\AppData\Roaming\Cat's Eye Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 16:35 . 2010-06-01 04:55 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-28 12:52 . 2010-10-27 14:20 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-10-27 14:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2012-04-04 23:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-10-27 14:20 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-10-27 14:19 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-28 12:52 . 2010-10-27 14:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-10-27 14:19 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-10-27 14:19 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-25 17:11 . 2012-04-25 17:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 17:11 . 2012-04-25 17:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-07 17:00 . 2012-04-07 17:00 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 18:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-27 2937528]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Facebook Update"="c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-08 137536]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-19 880496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
c:\users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\users\becky\AppData\Local\temp\{759AA010-F436-42CB-9630-81BC7692327A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2006-6-5 21504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\System\w98eject.exe [2011-10-23 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 23:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4053380413-3599652072-2352306657-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 15:32]
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
- c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-08 00:23]
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
- c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-08 00:23]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
- c:\users\becky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 00:36]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
- c:\users\becky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 00:36]
.
2012-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-07-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mywinnipeg.com/
mStart Page = hxxp://search.gboxapp.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download with &Shareaza - c:\program files\Morpheus Music\RazaWebHook.dll/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
AddRemove-Clutter II: He Said, She Said - c:\games\iWin.com\Clutter II He Said
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 11:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,26,aa,29,6b,3d,1f,81,27,31,73,e3,20,aa,66,d1,fe,d8,ab,34,bf,cd,75,
05,ea,fc,4f,e0,82,5e,71,4e,7a,0d,b6,6e,c6,1f,35,b4,ed,12,59,64,6c,f8,c0,48,\
"??"=hex:21,5d,8e,ff,8e,69,b5,e7,fc,ed,fc,d6,26,cb,91,d0
.
[HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,c6,35,ab,5d,4f,86,8a,06,ef,2f,4a,06,8c,7f,16,99,88,2c,60,7a,
11,31,0d,0b,de,b1,18,57,04,9f,59,ea,03,4e,a0,2c,62,57,8a,90,20,38,b6,c1,b8,\
"rkeysecu"=hex:45,24,04,1d,12,21,1d,e1,de,b9,a6,8f,35,d1,43,51
.
Completion time: 2012-07-04 11:59:21
ComboFix-quarantined-files.txt 2012-07-04 16:59
ComboFix2.txt 2011-01-02 22:17
ComboFix3.txt 2010-12-30 03:10
ComboFix4.txt 2010-12-28 23:44
ComboFix5.txt 2012-07-04 16:36
.
Pre-Run: 154,749,001,728 bytes free
Post-Run: 156,643,381,248 bytes free
.
- - End Of File - - FDF5627552DC40568A6F6AF45DA0CC17

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 04 July 2012 - 12:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 04 July 2012 - 06:45 PM

18:42:14.0579 4712 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:42:15.0064 4712 ============================================================
18:42:15.0064 4712 Current date / time: 2012/07/04 18:42:15.0064
18:42:15.0064 4712 SystemInfo:
18:42:15.0064 4712
18:42:15.0064 4712 OS Version: 6.0.6002 ServicePack: 2.0
18:42:15.0064 4712 Product type: Workstation
18:42:15.0065 4712 ComputerName: BECKY-PC
18:42:15.0065 4712 UserName: becky
18:42:15.0065 4712 Windows directory: C:\Windows
18:42:15.0065 4712 System windows directory: C:\Windows
18:42:15.0065 4712 Processor architecture: Intel x86
18:42:15.0065 4712 Number of processors: 2
18:42:15.0065 4712 Page size: 0x1000
18:42:15.0065 4712 Boot type: Normal boot
18:42:15.0065 4712 ============================================================
18:42:16.0121 4712 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:42:16.0171 4712 Drive \Device\Harddisk1\DR1 - Size: 0x7C00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:42:16.0172 4712 ============================================================
18:42:16.0172 4712 \Device\Harddisk0\DR0:
18:42:16.0172 4712 MBR partitions:
18:42:16.0172 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
18:42:16.0172 4712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000
18:42:16.0172 4712 \Device\Harddisk1\DR1:
18:42:16.0173 4712 MBR partitions:
18:42:16.0173 4712 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DFE0
18:42:16.0173 4712 ============================================================
18:42:16.0220 4712 C: <-> \Device\Harddisk0\DR0\Partition1
18:42:16.0248 4712 D: <-> \Device\Harddisk0\DR0\Partition0
18:42:16.0281 4712 ============================================================
18:42:16.0281 4712 Initialize success
18:42:16.0281 4712 ============================================================
18:42:22.0762 5436 ============================================================
18:42:22.0762 5436 Scan started
18:42:22.0762 5436 Mode: Manual;
18:42:22.0763 5436 ============================================================
18:42:24.0560 5436 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:42:24.0574 5436 !SASCORE - ok
18:42:25.0887 5436 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:42:25.0897 5436 ACPI - ok
18:42:26.0130 5436 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:42:26.0149 5436 AdobeARMservice - ok
18:42:26.0813 5436 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:42:26.0822 5436 AdobeFlashPlayerUpdateSvc - ok
18:42:26.0871 5436 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:42:26.0888 5436 adp94xx - ok
18:42:26.0917 5436 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:42:26.0927 5436 adpahci - ok
18:42:26.0947 5436 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:42:26.0954 5436 adpu160m - ok
18:42:26.0973 5436 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:42:26.0979 5436 adpu320 - ok
18:42:27.0019 5436 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:42:27.0021 5436 AeLookupSvc - ok
18:42:27.0058 5436 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
18:42:27.0061 5436 AERTFilters - ok
18:42:27.0116 5436 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:42:27.0135 5436 AFD - ok
18:42:27.0161 5436 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
18:42:27.0163 5436 agp440 - ok
18:42:27.0185 5436 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:42:27.0187 5436 aic78xx - ok
18:42:27.0241 5436 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:42:27.0244 5436 ALG - ok
18:42:27.0268 5436 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
18:42:27.0269 5436 aliide - ok
18:42:27.0478 5436 AM10 (5efe06456dbc5cd87cadc42af8d31cd9) C:\Windows\system32\DRIVERS\am10va.sys
18:42:27.0512 5436 AM10 - ok
18:42:27.0550 5436 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
18:42:27.0553 5436 amdagp - ok
18:42:27.0567 5436 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
18:42:27.0569 5436 amdide - ok
18:42:27.0603 5436 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:42:27.0605 5436 AmdK7 - ok
18:42:27.0630 5436 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:42:27.0632 5436 AmdK8 - ok
18:42:27.0698 5436 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:42:27.0706 5436 Appinfo - ok
18:42:27.0871 5436 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:27.0874 5436 Apple Mobile Device - ok
18:42:27.0911 5436 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:42:27.0913 5436 arc - ok
18:42:27.0944 5436 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:42:27.0947 5436 arcsas - ok
18:42:27.0973 5436 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
18:42:27.0975 5436 ASPI32 - ok
18:42:28.0013 5436 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
18:42:28.0015 5436 aswFsBlk - ok
18:42:28.0046 5436 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
18:42:28.0049 5436 aswMonFlt - ok
18:42:28.0069 5436 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\aswRdr.sys
18:42:28.0071 5436 aswRdr - ok
18:42:28.0170 5436 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
18:42:28.0204 5436 aswSnx - ok
18:42:28.0250 5436 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
18:42:28.0270 5436 aswSP - ok
18:42:28.0293 5436 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
18:42:28.0296 5436 aswTdi - ok
18:42:28.0333 5436 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:28.0334 5436 AsyncMac - ok
18:42:28.0368 5436 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:42:28.0369 5436 atapi - ok
18:42:28.0427 5436 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:42:28.0439 5436 AudioEndpointBuilder - ok
18:42:28.0447 5436 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:42:28.0452 5436 Audiosrv - ok
18:42:28.0815 5436 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:42:28.0817 5436 avast! Antivirus - ok
18:42:28.0856 5436 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:42:28.0858 5436 Beep - ok
18:42:28.0918 5436 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:42:28.0938 5436 BFE - ok
18:42:29.0033 5436 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:42:29.0068 5436 BITS - ok
18:42:29.0161 5436 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:42:29.0175 5436 Bonjour Service - ok
18:42:29.0246 5436 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:42:29.0248 5436 bowser - ok
18:42:29.0291 5436 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:42:29.0292 5436 BrFiltLo - ok
18:42:29.0310 5436 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:42:29.0311 5436 BrFiltUp - ok
18:42:29.0339 5436 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:42:29.0343 5436 Browser - ok
18:42:29.0361 5436 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:42:29.0364 5436 Brserid - ok
18:42:29.0378 5436 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:42:29.0380 5436 BrSerWdm - ok
18:42:29.0400 5436 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:42:29.0401 5436 BrUsbMdm - ok
18:42:29.0420 5436 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:42:29.0423 5436 BrUsbSer - ok
18:42:29.0435 5436 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:42:29.0437 5436 BTHMODEM - ok
18:42:29.0597 5436 catchme - ok
18:42:29.0659 5436 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:29.0662 5436 cdfs - ok
18:42:29.0690 5436 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:42:29.0693 5436 cdrom - ok
18:42:29.0735 5436 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:42:29.0737 5436 CertPropSvc - ok
18:42:29.0759 5436 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:42:29.0761 5436 circlass - ok
18:42:29.0804 5436 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:42:29.0823 5436 CLFS - ok
18:42:29.0909 5436 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:29.0912 5436 clr_optimization_v2.0.50727_32 - ok
18:42:30.0019 5436 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:30.0042 5436 clr_optimization_v4.0.30319_32 - ok
18:42:30.0064 5436 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
18:42:30.0066 5436 cmdide - ok
18:42:30.0078 5436 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:42:30.0079 5436 Compbatt - ok
18:42:30.0088 5436 COMSysApp - ok
18:42:30.0109 5436 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:42:30.0110 5436 crcdisk - ok
18:42:30.0127 5436 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:42:30.0128 5436 Crusoe - ok
18:42:30.0197 5436 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:42:30.0210 5436 CryptSvc - ok
18:42:30.0277 5436 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:42:30.0314 5436 DcomLaunch - ok
18:42:30.0347 5436 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:42:30.0350 5436 DfsC - ok
18:42:30.0450 5436 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:42:30.0509 5436 DFSR - ok
18:42:30.0637 5436 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:42:30.0650 5436 Dhcp - ok
18:42:30.0719 5436 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:42:30.0721 5436 disk - ok
18:42:30.0756 5436 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:42:30.0763 5436 Dnscache - ok
18:42:30.0796 5436 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:42:30.0812 5436 dot3svc - ok
18:42:30.0855 5436 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:42:30.0869 5436 DPS - ok
18:42:30.0903 5436 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:42:30.0905 5436 drmkaud - ok
18:42:30.0966 5436 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
18:42:30.0969 5436 DSBrokerService - ok
18:42:30.0987 5436 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:42:30.0990 5436 DSproct - ok
18:42:31.0014 5436 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
18:42:31.0016 5436 dsunidrv - ok
18:42:31.0069 5436 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:31.0108 5436 DXGKrnl - ok
18:42:31.0161 5436 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
18:42:31.0173 5436 e1express - ok
18:42:31.0196 5436 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:42:31.0203 5436 E1G60 - ok
18:42:31.0230 5436 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:42:31.0233 5436 EapHost - ok
18:42:31.0276 5436 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:42:31.0283 5436 Ecache - ok
18:42:31.0338 5436 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:42:31.0351 5436 ehRecvr - ok
18:42:31.0375 5436 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:42:31.0382 5436 ehSched - ok
18:42:31.0390 5436 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:42:31.0392 5436 ehstart - ok
18:42:31.0431 5436 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:42:31.0441 5436 elxstor - ok
18:42:31.0495 5436 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:42:31.0518 5436 EMDMgmt - ok
18:42:31.0574 5436 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:42:31.0586 5436 EventSystem - ok
18:42:31.0624 5436 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:42:31.0631 5436 exfat - ok
18:42:31.0677 5436 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:42:31.0683 5436 fastfat - ok
18:42:31.0705 5436 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:42:31.0707 5436 fdc - ok
18:42:31.0734 5436 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:42:31.0738 5436 fdPHost - ok
18:42:31.0759 5436 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:42:31.0766 5436 FDResPub - ok
18:42:31.0808 5436 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:42:31.0811 5436 FileInfo - ok
18:42:31.0844 5436 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:42:31.0846 5436 Filetrace - ok
18:42:31.0868 5436 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:31.0871 5436 flpydisk - ok
18:42:31.0914 5436 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:42:31.0927 5436 FltMgr - ok
18:42:32.0017 5436 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:42:32.0059 5436 FontCache - ok
18:42:32.0131 5436 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:42:32.0134 5436 FontCache3.0.0.0 - ok
18:42:32.0191 5436 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
18:42:32.0193 5436 fssfltr - ok
18:42:32.0329 5436 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:42:32.0393 5436 fsssvc - ok
18:42:32.0487 5436 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:32.0489 5436 Fs_Rec - ok
18:42:32.0510 5436 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:42:32.0513 5436 gagp30kx - ok
18:42:32.0586 5436 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:32.0588 5436 GEARAspiWDM - ok
18:42:32.0640 5436 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:42:32.0689 5436 gpsvc - ok
18:42:32.0772 5436 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:32.0830 5436 HDAudBus - ok
18:42:32.0850 5436 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:42:32.0853 5436 HidBth - ok
18:42:32.0864 5436 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:42:32.0866 5436 HidIr - ok
18:42:32.0946 5436 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:42:32.0951 5436 hidserv - ok
18:42:32.0962 5436 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:32.0964 5436 HidUsb - ok
18:42:32.0994 5436 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:42:33.0003 5436 hkmsvc - ok
18:42:33.0020 5436 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:42:33.0022 5436 HpCISSs - ok
18:42:33.0067 5436 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:42:33.0086 5436 HTTP - ok
18:42:33.0103 5436 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:42:33.0106 5436 i2omp - ok
18:42:33.0151 5436 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:42:33.0154 5436 i8042prt - ok
18:42:33.0193 5436 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
18:42:33.0205 5436 iaStor - ok
18:42:33.0228 5436 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:42:33.0240 5436 iaStorV - ok
18:42:33.0324 5436 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:42:33.0328 5436 IDriverT - ok
18:42:33.0415 5436 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:42:33.0447 5436 idsvc - ok
18:42:33.0637 5436 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:42:33.0693 5436 igfx - ok
18:42:33.0760 5436 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:42:33.0762 5436 iirsp - ok
18:42:33.0862 5436 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
18:42:33.0869 5436 IJPLMSVC - ok
18:42:33.0913 5436 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:42:33.0939 5436 IKEEXT - ok
18:42:34.0044 5436 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
18:42:34.0105 5436 IntcAzAudAddService - ok
18:42:34.0223 5436 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
18:42:34.0225 5436 intelide - ok
18:42:34.0256 5436 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:34.0258 5436 intelppm - ok
18:42:34.0304 5436 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:42:34.0309 5436 IPBusEnum - ok
18:42:34.0336 5436 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:34.0338 5436 IpFilterDriver - ok
18:42:34.0369 5436 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:42:34.0391 5436 iphlpsvc - ok
18:42:34.0415 5436 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:42:34.0417 5436 IPMIDRV - ok
18:42:34.0448 5436 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:42:34.0455 5436 IPNAT - ok
18:42:34.0555 5436 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
18:42:34.0583 5436 iPod Service - ok
18:42:34.0611 5436 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:42:34.0613 5436 IRENUM - ok
18:42:34.0648 5436 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
18:42:34.0651 5436 isapnp - ok
18:42:34.0680 5436 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:42:34.0686 5436 iScsiPrt - ok
18:42:34.0701 5436 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:42:34.0703 5436 iteatapi - ok
18:42:34.0720 5436 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:42:34.0722 5436 iteraid - ok
18:42:34.0789 5436 iWinTrusted (fe1a970e7ce330bb844e333c374c6599) C:\Program Files\iWin Games\iWinTrusted.exe
18:42:34.0799 5436 iWinTrusted - ok
18:42:34.0832 5436 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:34.0834 5436 kbdclass - ok
18:42:34.0861 5436 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:34.0863 5436 kbdhid - ok
18:42:34.0884 5436 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:42:34.0890 5436 KeyIso - ok
18:42:34.0950 5436 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:42:34.0993 5436 KSecDD - ok
18:42:35.0043 5436 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:42:35.0062 5436 KtmRm - ok
18:42:35.0096 5436 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:42:35.0112 5436 LanmanServer - ok
18:42:35.0148 5436 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:42:35.0171 5436 LanmanWorkstation - ok
18:42:35.0201 5436 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:35.0204 5436 lltdio - ok
18:42:35.0244 5436 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:42:35.0259 5436 lltdsvc - ok
18:42:35.0303 5436 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:42:35.0307 5436 lmhosts - ok
18:42:35.0336 5436 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:42:35.0338 5436 LSI_FC - ok
18:42:35.0352 5436 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:42:35.0355 5436 LSI_SAS - ok
18:42:35.0366 5436 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:42:35.0369 5436 LSI_SCSI - ok
18:42:35.0400 5436 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:42:35.0407 5436 luafv - ok
18:42:35.0426 5436 lxcz_device - ok
18:42:35.0454 5436 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:42:35.0459 5436 Mcx2Svc - ok
18:42:35.0481 5436 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:42:35.0483 5436 megasas - ok
18:42:35.0496 5436 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:42:35.0503 5436 MMCSS - ok
18:42:35.0532 5436 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:42:35.0534 5436 Modem - ok
18:42:35.0567 5436 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:42:35.0569 5436 monitor - ok
18:42:35.0594 5436 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:35.0596 5436 mouclass - ok
18:42:35.0606 5436 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:35.0608 5436 mouhid - ok
18:42:35.0713 5436 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:42:35.0721 5436 MountMgr - ok
18:42:35.0746 5436 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:42:35.0750 5436 mpio - ok
18:42:35.0768 5436 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:42:35.0771 5436 mpsdrv - ok
18:42:35.0824 5436 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:42:35.0847 5436 MpsSvc - ok
18:42:35.0895 5436 mr97310c (721a2b4d1a23d078db95702d47e7ac6d) C:\Windows\system32\DRIVERS\mr97310c.sys
18:42:35.0911 5436 mr97310c - ok
18:42:35.0952 5436 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:42:35.0954 5436 Mraid35x - ok
18:42:35.0970 5436 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:42:35.0977 5436 MRxDAV - ok
18:42:36.0006 5436 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:36.0013 5436 mrxsmb - ok
18:42:36.0038 5436 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:36.0051 5436 mrxsmb10 - ok
18:42:36.0070 5436 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:36.0073 5436 mrxsmb20 - ok
18:42:36.0099 5436 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
18:42:36.0101 5436 msahci - ok
18:42:36.0132 5436 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:42:36.0135 5436 msdsm - ok
18:42:36.0165 5436 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:42:36.0180 5436 MSDTC - ok
18:42:36.0219 5436 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:42:36.0221 5436 Msfs - ok
18:42:36.0266 5436 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:42:36.0268 5436 msisadrv - ok
18:42:36.0303 5436 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:42:36.0319 5436 MSiSCSI - ok
18:42:36.0339 5436 msiserver - ok
18:42:36.0364 5436 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:36.0367 5436 MSKSSRV - ok
18:42:36.0402 5436 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:36.0403 5436 MSPCLOCK - ok
18:42:36.0419 5436 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:42:36.0421 5436 MSPQM - ok
18:42:36.0451 5436 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:42:36.0463 5436 MsRPC - ok
18:42:36.0483 5436 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:36.0485 5436 mssmbios - ok
18:42:36.0509 5436 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:42:36.0511 5436 MSTEE - ok
18:42:36.0527 5436 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:42:36.0530 5436 Mup - ok
18:42:36.0573 5436 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:42:36.0593 5436 napagent - ok
18:42:36.0637 5436 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:36.0644 5436 NativeWifiP - ok
18:42:36.0685 5436 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:42:36.0703 5436 NDIS - ok
18:42:36.0727 5436 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:36.0729 5436 NdisTapi - ok
18:42:36.0762 5436 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:36.0764 5436 Ndisuio - ok
18:42:36.0803 5436 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:36.0816 5436 NdisWan - ok
18:42:36.0850 5436 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:42:36.0852 5436 NDProxy - ok
18:42:36.0866 5436 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:42:36.0868 5436 NetBIOS - ok
18:42:36.0924 5436 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:42:36.0939 5436 netbt - ok
18:42:36.0955 5436 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:42:36.0961 5436 Netlogon - ok
18:42:37.0000 5436 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:42:37.0020 5436 Netman - ok
18:42:37.0055 5436 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:42:37.0072 5436 netprofm - ok
18:42:37.0140 5436 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:37.0147 5436 NetTcpPortSharing - ok
18:42:37.0189 5436 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:42:37.0191 5436 nfrd960 - ok
18:42:37.0227 5436 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:42:37.0241 5436 NlaSvc - ok
18:42:37.0257 5436 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:42:37.0260 5436 Npfs - ok
18:42:37.0299 5436 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:42:37.0305 5436 nsi - ok
18:42:37.0330 5436 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:42:37.0332 5436 nsiproxy - ok
18:42:37.0405 5436 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:42:37.0432 5436 Ntfs - ok
18:42:37.0442 5436 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:42:37.0445 5436 ntrigdigi - ok
18:42:37.0458 5436 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:42:37.0460 5436 Null - ok
18:42:37.0486 5436 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:42:37.0494 5436 nvraid - ok
18:42:37.0510 5436 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:42:37.0513 5436 nvstor - ok
18:42:37.0542 5436 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
18:42:37.0550 5436 nv_agp - ok
18:42:37.0575 5436 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:42:37.0578 5436 ohci1394 - ok
18:42:37.0631 5436 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:42:37.0655 5436 p2pimsvc - ok
18:42:37.0668 5436 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:42:37.0681 5436 p2psvc - ok
18:42:37.0776 5436 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:42:37.0781 5436 Parport - ok
18:42:37.0825 5436 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:42:37.0827 5436 partmgr - ok
18:42:37.0844 5436 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:42:37.0847 5436 Parvdm - ok
18:42:37.0879 5436 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:42:37.0887 5436 PcaSvc - ok
18:42:37.0939 5436 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:42:37.0947 5436 pci - ok
18:42:37.0981 5436 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:42:37.0983 5436 pciide - ok
18:42:38.0007 5436 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:42:38.0022 5436 pcmcia - ok
18:42:38.0080 5436 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:42:38.0105 5436 PEAUTH - ok
18:42:38.0201 5436 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS
18:42:38.0219 5436 PID_0928 - ok
18:42:38.0310 5436 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:42:38.0357 5436 pla - ok
18:42:38.0464 5436 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:42:38.0485 5436 PlugPlay - ok
18:42:38.0531 5436 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe
18:42:38.0547 5436 PnkBstrA - ok
18:42:38.0600 5436 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:42:38.0613 5436 PNRPAutoReg - ok
18:42:38.0626 5436 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:42:38.0639 5436 PNRPsvc - ok
18:42:38.0678 5436 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:42:38.0698 5436 PolicyAgent - ok
18:42:38.0755 5436 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:38.0758 5436 PptpMiniport - ok
18:42:38.0789 5436 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:42:38.0791 5436 Processor - ok
18:42:38.0832 5436 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:42:38.0846 5436 ProfSvc - ok
18:42:38.0874 5436 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:42:38.0879 5436 ProtectedStorage - ok
18:42:38.0912 5436 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:42:38.0915 5436 PSched - ok
18:42:38.0962 5436 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
18:42:38.0964 5436 PxHelp20 - ok
18:42:39.0025 5436 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:42:39.0061 5436 ql2300 - ok
18:42:39.0081 5436 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:42:39.0087 5436 ql40xx - ok
18:42:39.0125 5436 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:42:39.0147 5436 QWAVE - ok
18:42:39.0188 5436 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:42:39.0191 5436 QWAVEdrv - ok
18:42:39.0314 5436 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:39.0398 5436 R300 - ok
18:42:39.0501 5436 RaAutoInstSrv_AM10 (8ecdb19bcf338a0798d798143f51e228) C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
18:42:39.0520 5436 RaAutoInstSrv_AM10 - ok
18:42:39.0639 5436 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:39.0641 5436 RasAcd - ok
18:42:39.0675 5436 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:42:39.0691 5436 RasAuto - ok
18:42:39.0729 5436 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:39.0732 5436 Rasl2tp - ok
18:42:39.0770 5436 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:42:39.0783 5436 RasMan - ok
18:42:39.0816 5436 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:39.0818 5436 RasPppoe - ok
18:42:39.0849 5436 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:39.0851 5436 RasSstp - ok
18:42:39.0902 5436 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:39.0916 5436 rdbss - ok
18:42:39.0935 5436 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:39.0937 5436 RDPCDD - ok
18:42:39.0974 5436 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
18:42:39.0987 5436 rdpdr - ok
18:42:39.0994 5436 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:42:39.0997 5436 RDPENCDD - ok
18:42:40.0060 5436 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:42:40.0075 5436 RDPWD - ok
18:42:40.0110 5436 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:42:40.0115 5436 RemoteAccess - ok
18:42:40.0149 5436 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:42:40.0165 5436 RemoteRegistry - ok
18:42:40.0203 5436 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
18:42:40.0205 5436 RimUsb - ok
18:42:40.0336 5436 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:42:40.0370 5436 RoxMediaDB9 - ok
18:42:40.0401 5436 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:42:40.0416 5436 RoxWatch9 - ok
18:42:40.0439 5436 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:42:40.0444 5436 RpcLocator - ok
18:42:40.0494 5436 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
18:42:40.0507 5436 RpcSs - ok
18:42:40.0558 5436 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:40.0561 5436 rspndr - ok
18:42:40.0579 5436 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:42:40.0585 5436 SamSs - ok
18:42:40.0681 5436 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:42:40.0683 5436 SASDIFSV - ok
18:42:40.0700 5436 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:42:40.0703 5436 SASKUTIL - ok
18:42:40.0748 5436 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:42:40.0751 5436 sbp2port - ok
18:42:40.0791 5436 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:42:40.0807 5436 SCardSvr - ok
18:42:40.0857 5436 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:42:40.0882 5436 Schedule - ok
18:42:40.0912 5436 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:42:40.0914 5436 SCPolicySvc - ok
18:42:40.0943 5436 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:42:40.0957 5436 SDRSVC - ok
18:42:40.0970 5436 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:42:40.0972 5436 secdrv - ok
18:42:41.0007 5436 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:42:41.0024 5436 seclogon - ok
18:42:41.0039 5436 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:42:41.0055 5436 SENS - ok
18:42:41.0068 5436 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:42:41.0070 5436 Serenum - ok
18:42:41.0095 5436 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:42:41.0102 5436 Serial - ok
18:42:41.0137 5436 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:42:41.0140 5436 sermouse - ok
18:42:41.0183 5436 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:42:41.0199 5436 SessionEnv - ok
18:42:41.0217 5436 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
18:42:41.0219 5436 sffdisk - ok
18:42:41.0241 5436 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
18:42:41.0244 5436 sffp_mmc - ok
18:42:41.0255 5436 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
18:42:41.0258 5436 sffp_sd - ok
18:42:41.0267 5436 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:42:41.0270 5436 sfloppy - ok
18:42:41.0298 5436 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:42:41.0310 5436 SharedAccess - ok
18:42:41.0350 5436 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:42:41.0371 5436 ShellHWDetection - ok
18:42:41.0402 5436 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
18:42:41.0405 5436 sisagp - ok
18:42:41.0421 5436 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:42:41.0423 5436 SiSRaid2 - ok
18:42:41.0444 5436 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:42:41.0448 5436 SiSRaid4 - ok
18:42:41.0655 5436 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:42:41.0740 5436 Skype C2C Service - ok
18:42:41.0838 5436 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
18:42:41.0844 5436 SkypeUpdate - ok
18:42:42.0082 5436 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:42:42.0217 5436 slsvc - ok
18:42:42.0305 5436 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:42:42.0321 5436 SLUINotify - ok
18:42:42.0379 5436 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:42:42.0382 5436 Smb - ok
18:42:42.0417 5436 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:42:42.0434 5436 SNMPTRAP - ok
18:42:42.0460 5436 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:42:42.0463 5436 spldr - ok
18:42:42.0503 5436 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:42:42.0518 5436 Spooler - ok
18:42:42.0594 5436 sprtsvc_dellsupportcenter - ok
18:42:42.0643 5436 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:42:42.0656 5436 srv - ok
18:42:42.0689 5436 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:42:42.0704 5436 srv2 - ok
18:42:42.0720 5436 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:42.0728 5436 srvnet - ok
18:42:42.0759 5436 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:42:42.0780 5436 SSDPSRV - ok
18:42:42.0830 5436 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:42:42.0845 5436 SstpSvc - ok
18:42:42.0883 5436 Steam Client Service - ok
18:42:42.0971 5436 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:42:42.0997 5436 stisvc - ok
18:42:43.0039 5436 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:42:43.0043 5436 stllssvr - ok
18:42:43.0077 5436 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:42:43.0079 5436 swenum - ok
18:42:43.0116 5436 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:42:43.0136 5436 swprv - ok
18:42:43.0170 5436 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:42:43.0173 5436 Symc8xx - ok
18:42:43.0195 5436 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:42:43.0197 5436 Sym_hi - ok
18:42:43.0218 5436 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:42:43.0220 5436 Sym_u3 - ok
18:42:43.0272 5436 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:42:43.0295 5436 SysMain - ok
18:42:43.0320 5436 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:42:43.0336 5436 TabletInputService - ok
18:42:43.0371 5436 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:42:43.0393 5436 TapiSrv - ok
18:42:43.0420 5436 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:42:43.0431 5436 TBS - ok
18:42:43.0511 5436 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:42:43.0541 5436 Tcpip - ok
18:42:43.0560 5436 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:43.0571 5436 Tcpip6 - ok
18:42:43.0606 5436 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:42:43.0609 5436 tcpipreg - ok
18:42:43.0637 5436 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:42:43.0640 5436 TDPIPE - ok
18:42:43.0657 5436 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:42:43.0659 5436 TDTCP - ok
18:42:43.0689 5436 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:42:43.0692 5436 tdx - ok
18:42:43.0783 5436 TeamViewer5 (d827a50cec8a16180eec4f1951b7a842) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
18:42:43.0797 5436 TeamViewer5 - ok
18:42:43.0834 5436 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:42:43.0837 5436 TermDD - ok
18:42:43.0894 5436 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:42:43.0918 5436 TermService - ok
18:42:43.0965 5436 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:42:43.0975 5436 Themes - ok
18:42:44.0008 5436 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:42:44.0014 5436 THREADORDER - ok
18:42:44.0031 5436 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:42:44.0045 5436 TrkWks - ok
18:42:44.0095 5436 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:42:44.0097 5436 TrustedInstaller - ok
18:42:44.0182 5436 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:44.0240 5436 tssecsrv - ok
18:42:44.0299 5436 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:42:44.0301 5436 tunmp - ok
18:42:44.0331 5436 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:44.0333 5436 tunnel - ok
18:42:44.0358 5436 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:42:44.0362 5436 uagp35 - ok
18:42:44.0399 5436 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:42:44.0412 5436 udfs - ok
18:42:44.0455 5436 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:42:44.0464 5436 UI0Detect - ok
18:42:44.0493 5436 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
18:42:44.0496 5436 uliagpkx - ok
18:42:44.0526 5436 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:42:44.0538 5436 uliahci - ok
18:42:44.0594 5436 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:42:44.0601 5436 UlSata - ok
18:42:44.0616 5436 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:42:44.0632 5436 ulsata2 - ok
18:42:44.0663 5436 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:42:44.0665 5436 umbus - ok
18:42:44.0707 5436 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:42:44.0728 5436 upnphost - ok
18:42:44.0766 5436 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:42:44.0769 5436 USBAAPL - ok
18:42:44.0817 5436 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:42:44.0821 5436 usbaudio - ok
18:42:44.0856 5436 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:44.0859 5436 usbccgp - ok
18:42:44.0884 5436 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:42:44.0887 5436 usbcir - ok
18:42:44.0917 5436 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:44.0920 5436 usbehci - ok
18:42:44.0960 5436 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:44.0973 5436 usbhub - ok
18:42:44.0984 5436 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:42:44.0988 5436 usbohci - ok
18:42:45.0018 5436 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:45.0021 5436 usbprint - ok
18:42:45.0061 5436 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:42:45.0064 5436 usbscan - ok
18:42:45.0084 5436 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:45.0087 5436 USBSTOR - ok
18:42:45.0120 5436 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:45.0123 5436 usbuhci - ok
18:42:45.0165 5436 UTSCSI (8afffda081cff3057391fedbbb483601) C:\Windows\system32\UTSCSI.EXE
18:42:45.0174 5436 UTSCSI - ok
18:42:45.0209 5436 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:42:45.0218 5436 UxSms - ok
18:42:45.0255 5436 V0230Vfx (a0c643d5f8c60f12faa6e3454dfe9c32) C:\Windows\system32\DRIVERS\V0230Vfx.sys
18:42:45.0258 5436 V0230Vfx - ok
18:42:45.0314 5436 V0230VID (ab3a762b624ec835c1c7bb665b04ed41) C:\Windows\system32\DRIVERS\V0230VID.sys
18:42:45.0333 5436 V0230VID - ok
18:42:45.0376 5436 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:42:45.0395 5436 vds - ok
18:42:45.0427 5436 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:45.0430 5436 vga - ok
18:42:45.0462 5436 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:42:45.0465 5436 VgaSave - ok
18:42:45.0489 5436 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
18:42:45.0491 5436 viaagp - ok
18:42:45.0506 5436 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:42:45.0509 5436 ViaC7 - ok
18:42:45.0535 5436 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
18:42:45.0538 5436 viaide - ok
18:42:45.0572 5436 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:42:45.0574 5436 volmgr - ok
18:42:45.0614 5436 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:42:45.0627 5436 volmgrx - ok
18:42:45.0666 5436 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:42:45.0680 5436 volsnap - ok
18:42:45.0702 5436 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:42:45.0710 5436 vsmraid - ok
18:42:45.0777 5436 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:42:45.0815 5436 VSS - ok
18:42:45.0839 5436 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:42:45.0861 5436 W32Time - ok
18:42:45.0900 5436 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:42:45.0903 5436 WacomPen - ok
18:42:45.0940 5436 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:45.0943 5436 Wanarp - ok
18:42:45.0953 5436 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:45.0956 5436 Wanarpv6 - ok
18:42:45.0986 5436 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:42:46.0007 5436 wcncsvc - ok
18:42:46.0030 5436 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:42:46.0040 5436 WcsPlugInService - ok
18:42:46.0059 5436 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:42:46.0061 5436 Wd - ok
18:42:46.0115 5436 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:42:46.0133 5436 Wdf01000 - ok
18:42:46.0164 5436 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:42:46.0175 5436 WdiServiceHost - ok
18:42:46.0182 5436 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:42:46.0195 5436 WdiSystemHost - ok
18:42:46.0230 5436 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:42:46.0253 5436 WebClient - ok
18:42:46.0294 5436 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:42:46.0350 5436 Wecsvc - ok
18:42:46.0388 5436 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:42:46.0403 5436 wercplsupport - ok
18:42:46.0436 5436 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:42:46.0452 5436 WerSvc - ok
18:42:46.0525 5436 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:42:46.0539 5436 WinDefend - ok
18:42:46.0547 5436 WinHttpAutoProxySvc - ok
18:42:46.0616 5436 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:42:46.0622 5436 Winmgmt - ok
18:42:46.0691 5436 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:42:46.0785 5436 WinRM - ok
18:42:46.0842 5436 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:42:46.0869 5436 Wlansvc - ok
18:42:46.0950 5436 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:42:46.0953 5436 wlcrasvc - ok
18:42:47.0081 5436 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:42:47.0138 5436 wlidsvc - ok
18:42:47.0257 5436 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:42:47.0260 5436 WmiAcpi - ok
18:42:47.0332 5436 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:42:47.0338 5436 wmiApSrv - ok
18:42:47.0424 5436 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:42:47.0452 5436 WMPNetworkSvc - ok
18:42:47.0476 5436 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:42:47.0500 5436 WPCSvc - ok
18:42:47.0531 5436 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:42:47.0555 5436 WPDBusEnum - ok
18:42:47.0614 5436 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:42:47.0618 5436 WpdUsb - ok
18:42:47.0750 5436 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:42:47.0775 5436 WPFFontCache_v0400 - ok
18:42:47.0806 5436 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:47.0809 5436 ws2ifsl - ok
18:42:47.0837 5436 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:42:47.0848 5436 wscsvc - ok
18:42:47.0855 5436 WSearch - ok
18:42:47.0989 5436 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:42:48.0058 5436 wuauserv - ok
18:42:48.0215 5436 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:48.0227 5436 WUDFRd - ok
18:42:48.0259 5436 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:42:48.0275 5436 wudfsvc - ok
18:42:48.0374 5436 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:42:48.0392 5436 YahooAUService - ok
18:42:48.0430 5436 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:42:48.0849 5436 \Device\Harddisk0\DR0 - ok
18:42:48.0857 5436 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
18:42:48.0864 5436 \Device\Harddisk1\DR1 - ok
18:42:48.0888 5436 Boot (0x1200) (480c2e359bc4106fcf43c76b2a4c51ff) \Device\Harddisk0\DR0\Partition0
18:42:48.0890 5436 \Device\Harddisk0\DR0\Partition0 - ok
18:42:48.0894 5436 Boot (0x1200) (0c205cdef4f54bf22dc26e36cb2e4bea) \Device\Harddisk0\DR0\Partition1
18:42:48.0897 5436 \Device\Harddisk0\DR0\Partition1 - ok
18:42:48.0905 5436 Boot (0x1200) (60abf702d72ea71ead9f3f707408f6c6) \Device\Harddisk1\DR1\Partition0
18:42:48.0908 5436 \Device\Harddisk1\DR1\Partition0 - ok
18:42:48.0909 5436 ============================================================
18:42:48.0909 5436 Scan finished
18:42:48.0909 5436 ============================================================
18:42:48.0928 4368 Detected object count: 0
18:42:48.0928 4368 Actual detected object count: 0
18:44:07.0377 0260 Deinitialize success

#7 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 04 July 2012 - 07:01 PM

today before running the tdsskiller and mbr scans my computer shut itself down three times. It was still freezing the pages I was on and taking a very long time to load a page if it ever did load. Some pages loaded faster then others and even refreshing the page didnt help. I am running the mbr scan right now so hopefully something will change if not I will definately let you know!! Thanx for all your help so far.

#8 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 04 July 2012 - 07:32 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 18:48:36
-----------------------------
18:48:36.850 OS Version: Windows 6.0.6002 Service Pack 2
18:48:36.851 Number of processors: 2 586 0xF0D
18:48:36.852 ComputerName: BECKY-PC UserName: becky
18:48:57.402 Initialize success
18:49:00.894 AVAST engine defs: 12070400
18:49:06.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:49:06.619 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
18:49:06.655 Disk 0 MBR read successfully
18:49:06.660 Disk 0 MBR scan
18:49:06.665 Disk 0 Windows VISTA default MBR code
18:49:06.681 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:49:06.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
18:49:06.769 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
18:49:06.796 Disk 0 scanning sectors +625139712
18:49:06.861 Disk 0 scanning C:\Windows\system32\drivers
18:49:20.928 Service scanning
18:49:43.003 Modules scanning
18:49:50.293 Disk 0 trace - called modules:
18:49:50.672 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:49:50.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e06ac8]
18:49:50.689 3 CLASSPNP.SYS[88ba58b3] -> nt!IofCallDriver -> [0x85bfd408]
18:49:50.697 5 acpi.sys[8329c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e2b528]
18:49:51.474 AVAST engine scan C:\Windows
18:49:55.607 AVAST engine scan C:\Windows\system32
18:52:56.197 AVAST engine scan C:\Windows\system32\drivers
18:53:08.946 AVAST engine scan C:\Users\becky
18:58:01.389 Disk 0 MBR has been saved successfully to "C:\Users\becky\Desktop\MBR.dat"
18:58:01.412 The log file has been saved successfully to "C:\Users\becky\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 18:48:36
-----------------------------
18:48:36.850 OS Version: Windows 6.0.6002 Service Pack 2
18:48:36.851 Number of processors: 2 586 0xF0D
18:48:36.852 ComputerName: BECKY-PC UserName: becky
18:48:57.402 Initialize success
18:49:00.894 AVAST engine defs: 12070400
18:49:06.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:49:06.619 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
18:49:06.655 Disk 0 MBR read successfully
18:49:06.660 Disk 0 MBR scan
18:49:06.665 Disk 0 Windows VISTA default MBR code
18:49:06.681 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:49:06.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
18:49:06.769 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
18:49:06.796 Disk 0 scanning sectors +625139712
18:49:06.861 Disk 0 scanning C:\Windows\system32\drivers
18:49:20.928 Service scanning
18:49:43.003 Modules scanning
18:49:50.293 Disk 0 trace - called modules:
18:49:50.672 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:49:50.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e06ac8]
18:49:50.689 3 CLASSPNP.SYS[88ba58b3] -> nt!IofCallDriver -> [0x85bfd408]
18:49:50.697 5 acpi.sys[8329c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e2b528]
18:49:51.474 AVAST engine scan C:\Windows
18:49:55.607 AVAST engine scan C:\Windows\system32
18:52:56.197 AVAST engine scan C:\Windows\system32\drivers
18:53:08.946 AVAST engine scan C:\Users\becky
18:58:01.389 Disk 0 MBR has been saved successfully to "C:\Users\becky\Desktop\MBR.dat"
18:58:01.412 The log file has been saved successfully to "C:\Users\becky\Desktop\aswMBR.txt"
19:17:15.513 AVAST engine scan C:\ProgramData
19:29:45.040 Disk 0 MBR has been saved successfully to "C:\Users\becky\Desktop\MBR.dat"
19:29:45.102 The log file has been saved successfully to "C:\Users\becky\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 18:48:36
-----------------------------
18:48:36.850 OS Version: Windows 6.0.6002 Service Pack 2
18:48:36.851 Number of processors: 2 586 0xF0D
18:48:36.852 ComputerName: BECKY-PC UserName: becky
18:48:57.402 Initialize success
18:49:00.894 AVAST engine defs: 12070400
18:49:06.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:49:06.619 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
18:49:06.655 Disk 0 MBR read successfully
18:49:06.660 Disk 0 MBR scan
18:49:06.665 Disk 0 Windows VISTA default MBR code
18:49:06.681 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:49:06.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
18:49:06.769 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
18:49:06.796 Disk 0 scanning sectors +625139712
18:49:06.861 Disk 0 scanning C:\Windows\system32\drivers
18:49:20.928 Service scanning
18:49:43.003 Modules scanning
18:49:50.293 Disk 0 trace - called modules:
18:49:50.672 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:49:50.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e06ac8]
18:49:50.689 3 CLASSPNP.SYS[88ba58b3] -> nt!IofCallDriver -> [0x85bfd408]
18:49:50.697 5 acpi.sys[8329c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e2b528]
18:49:51.474 AVAST engine scan C:\Windows
18:49:55.607 AVAST engine scan C:\Windows\system32
18:52:56.197 AVAST engine scan C:\Windows\system32\drivers
18:53:08.946 AVAST engine scan C:\Users\becky
18:58:01.389 Disk 0 MBR has been saved successfully to "C:\Users\becky\Desktop\MBR.dat"
18:58:01.412 The log file has been saved successfully to "C:\Users\becky\Desktop\aswMBR.txt"
19:17:15.513 AVAST engine scan C:\ProgramData
19:29:45.040 Disk 0 MBR has been saved successfully to "C:\Users\becky\Desktop\MBR.dat"
19:29:45.102 The log file has been saved successfully to "C:\Users\becky\Desktop\aswMBR.txt"
19:30:21.433 Scan finished successfully
19:30:50.106 Disk 0 MBR has been saved successfully to "C:\Users\becky\Desktop\MBR.dat"
19:30:50.106 The log file has been saved successfully to "C:\Users\becky\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 04 July 2012 - 07:54 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 05 July 2012 - 01:04 AM

OTL logfile created on: 05/07/2012 12:02:32 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\becky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.88% Memory free
4.21 Gb Paging File | 2.68 Gb Available in Paging File | 63.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 145.67 Gb Free Space | 50.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.27 Gb Free Space | 62.65% Space Free | Partition Type: NTFS
Drive E: | 5.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 122.03 Mb Total Space | 1.36 Mb Free Space | 1.12% Space Free | Partition Type: FAT32

Computer Name: BECKY-PC | User Name: becky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\becky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\UTSCSI.EXE ()
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe (Cisco Consumer Products LLC)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\lxczcoms.exe ( )
PRC - C:\Windows\system\w98eject.exe (Sigmatel)
PRC - C:\Windows\V0230Mon.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (UTSCSI) -- C:\Windows\System32\UTSCSI.EXE ()
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (RaAutoInstSrv_AM10) -- C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe (Cisco Consumer Products LLC)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\becky\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\becky\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AM10) -- C:\Windows\System32\drivers\am10va.sys (Ralink Technology Corp.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (mr97310c) -- C:\Windows\System32\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (V0230VID) -- C:\Windows\System32\drivers\V0230VID.sys (Creative Technology Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (V0230Vfx) -- C:\Windows\System32\drivers\V0230Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope = {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DACA
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mywinnipeg.com/
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60196
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DDCA_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=vmn&type=egames&q={searchTerms}
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{BB622412-7DB8-4AFD-B084-E5065BAE464B}: "URL" = http://search.imgag.com/?appid=kwapp&c=&sbs=2&sc=2&f=web&vernum=1.0&uid=&did=%7bBB622412-7DB8-4AFD-B084-E5065BAE464B%7d&component=&q={searchTerms}
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80154&lng=en
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb6?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\Bing: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&mkt=en-CA&FORM=IE0001
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\becky\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\becky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\becky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\becky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker

[2010/06/21 15:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\becky\AppData\Roaming\Mozilla\Extensions
[2010/11/01 14:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/01 14:47:25 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\becky\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\becky\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\becky\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\becky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\becky\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\becky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: avast! WebRep = C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Skype Click to Call = C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/04 11:55:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000..\Run: [Facebook Update] C:\Users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Morpheus Music\RazaWebHook.dll/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Beach%20Party%20Craze/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Beach%20Party%20Craze/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6B67A9A-260D-4704-AABC-2E312ACBAE1B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E293DC91-DDF9-4FDC-8747-97BC79A65185}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\becky\Pictures\Alexis\034.JPG
O24 - Desktop BackupWallPaper: C:\Users\becky\Pictures\Alexis\034.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/08 01:09:23 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/07/08 01:17:56 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/07/08 01:17:57 | 000,711,744 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/07/08 01:17:51 | 000,000,164 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/29 15:15:10 | 000,000,224 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 00:01:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\becky\Desktop\OTL.exe
[2012/07/04 18:45:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\becky\Desktop\aswMBR.exe
[2012/07/04 18:41:12 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\becky\Desktop\TDSSKiller.exe
[2012/07/04 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{5CE09212-9A14-4BAC-BE40-4C7A2A528A37}
[2012/07/04 13:16:54 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{7136CDCB-8CC4-4FAF-9224-995803B55FEC}
[2012/07/04 12:01:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/04 11:59:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/04 11:59:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/04 11:59:24 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\temp
[2012/07/04 11:36:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/04 11:35:41 | 004,571,084 | R--- | C] (Swearware) -- C:\Users\becky\Desktop\ComboFix.exe
[2012/07/03 18:14:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\becky\Desktop\dds.scr
[2012/07/02 10:32:49 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/02 10:32:48 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/01 14:40:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/01 01:30:42 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{5DF6C488-F68A-4F7C-8503-8386AD7A3A8E}
[2012/07/01 01:30:25 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{5F22A333-45DE-46B0-92EE-0E663DA2B70A}
[2012/06/30 10:48:08 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{7B743901-5A87-4573-AE45-0AECFDC24753}
[2012/06/30 10:47:56 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{347D4982-47F2-4769-9788-71B27612FDEA}
[2012/06/29 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{F45C090C-A81A-48EB-8572-4BA549AEEEF7}
[2012/06/29 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{0B9A79B6-C9C4-4F47-8EA0-B74965066160}
[2012/06/29 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/29 11:35:46 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/29 11:35:37 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/29 11:35:37 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/29 11:29:11 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/29 10:46:00 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{67BF6E9F-9062-415A-A003-96CA7E12533E}
[2012/06/29 10:45:43 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{C35F07B7-179F-4B93-B7A2-C4EEAEF4FBD6}
[2012/06/28 10:53:52 | 000,000,000 | ---D | C] -- C:\Users\becky\Desktop\tdsskiller
[2012/06/28 10:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/28 10:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/06/27 09:18:00 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{C95C19DB-33C9-4D8F-A7CA-877B6FFE48BC}
[2012/06/27 09:17:44 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{05BAF087-3E9B-47D7-BA62-D2D3A5738B0D}
[2012/06/26 12:35:35 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{8705BCEB-6F74-4BB5-AFBA-A187560026FD}
[2012/06/26 12:35:03 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{C17C6719-9563-4246-9AEA-87D1BE5B23E5}
[2012/06/26 12:09:08 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/26 12:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/26 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/25 13:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9
[2012/06/25 13:11:27 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Roaming\GameHouse
[2012/06/25 11:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/25 01:57:07 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{D568273B-1BDC-40F7-91A0-A232D462A789}
[2012/06/25 01:57:04 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{5A87911F-1B29-4D02-B184-B03F1DED1A45}
[2012/06/24 13:55:06 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{25A63652-0E65-493E-AFF9-6BA76BC31FA6}
[2012/06/24 13:54:22 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{038D0B34-5CAF-4622-9916-F18D309B7ADF}
[2012/06/22 14:45:53 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{99452DFA-AD69-4E99-B5D1-25EEA73CDF8F}
[2012/06/22 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{50F5462C-E61E-4741-853E-19F071A82F13}
[2012/06/21 22:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/21 22:46:13 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/06/21 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/21 22:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/21 22:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/21 22:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/21 22:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/19 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{F1735578-0705-4699-BF75-ECE9F97A4C16}
[2012/06/19 16:08:10 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{4E07F7DD-9DC3-4CEE-A14A-720B98A5AFE1}
[2012/06/19 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RealDetectives
[2012/06/19 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Roaming\FreezeTag
[2012/06/19 09:29:37 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 09:29:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 09:28:58 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 09:28:58 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 09:28:58 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 09:28:39 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 09:28:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 12:12:18 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{78D4DB8D-A791-42E9-974F-AA4B86C52661}
[2012/06/18 00:11:18 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{A61872EF-3CBF-423B-BA7E-7BCD49B802E2}
[2012/06/17 12:11:02 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{BD1D5539-19F6-40E0-A5D4-89CC50F5BAC5}
[2012/06/16 15:36:52 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{9773EC00-4F32-486A-A299-AB5E13746B88}
[2012/06/15 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{A3CE5A7C-B5B1-4ECF-95AC-451521C82FD8}
[2012/06/14 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{06633143-330D-4A5E-856C-30D73FADBFBD}
[2012/06/14 10:24:43 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{35E40B91-2289-4E6A-8F94-64C84BE7BDEF}
[2012/06/14 03:03:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 03:03:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 03:03:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 03:03:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 03:03:12 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 03:03:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 03:03:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 18:38:43 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PuzzlesByJoe
[2012/06/12 18:52:28 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{7AC653A9-8921-43AD-87D7-C730BC2C9637}
[2012/06/12 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{EBFCEB08-9F96-45A1-85CD-6C0C49504ED7}
[2012/06/11 07:15:55 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{9CFF2485-2EC3-45D6-A170-D1B62E67AD3D}
[2012/06/11 07:15:34 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{DFE83C4A-3F82-4E04-8694-EE8B1CFAC9B8}
[2012/06/10 18:49:46 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{6F5A6FE2-165F-4581-A8DB-C3941F0FB87A}
[2012/06/10 18:48:01 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{89A76269-BC25-4CEE-81E5-3E0BB78E5957}
[2012/06/10 06:18:13 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{66AE9566-0B34-46C9-B9CC-391E2BDB7700}
[2012/06/10 06:18:10 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{DD993C84-FD28-4EF7-B3AB-ADFE832E4A86}
[2012/06/09 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{4A477EE5-F866-4466-AC65-472FCCDAB388}
[2012/06/09 18:13:04 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{242F75DB-89B3-4EE7-8417-92B468010D70}
[2012/06/09 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/09 15:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/08 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/07 07:58:06 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{7DF5DF4B-2F36-454B-A956-1C54E558B1E9}
[2012/06/07 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{0D66EE56-32E5-4761-82B3-17F75BAB54FE}
[2012/06/06 19:57:20 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{020DF096-C40C-42AA-BC1F-BEDDBE17BBAB}
[2012/06/06 19:57:12 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{057E13FC-8719-4ABE-AC3C-8B3E2AA3DB91}
[2012/06/06 15:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2012/06/05 23:32:17 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{136EF814-2FF9-4777-A907-D56D540B3EC1}
[2012/06/05 23:31:11 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Local\{2ADFDF56-91C9-4185-B4C8-1B707D041679}
[2012/06/05 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\becky\AppData\Roaming\Cat's Eye Games

========== Files - Modified Within 30 Days ==========

[2012/07/05 00:01:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\becky\Desktop\OTL.exe
[2012/07/04 23:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
[2012/07/04 23:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/04 22:48:56 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 22:48:56 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 22:28:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
[2012/07/04 19:42:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
[2012/07/04 19:30:50 | 000,000,512 | ---- | M] () -- C:\Users\becky\Desktop\MBR.dat
[2012/07/04 19:28:09 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
[2012/07/04 18:47:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\becky\Desktop\aswMBR.exe
[2012/07/04 18:41:38 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\becky\Desktop\TDSSKiller.exe
[2012/07/04 14:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 14:19:39 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/04 12:03:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/04 11:55:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/04 11:35:51 | 004,571,084 | R--- | M] (Swearware) -- C:\Users\becky\Desktop\ComboFix.exe
[2012/07/04 11:19:10 | 000,881,475 | ---- | M] () -- C:\Users\becky\Desktop\SecurityCheck.exe
[2012/07/03 19:58:15 | 000,024,576 | ---- | M] () -- C:\Users\becky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 18:21:50 | 000,302,592 | ---- | M] () -- C:\Users\becky\Desktop\7cp3wrtk.exe
[2012/07/03 18:14:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\becky\Desktop\dds.scr
[2012/07/03 18:11:01 | 000,000,000 | ---- | M] () -- C:\Users\becky\defogger_reenable
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/02 10:32:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/02 10:32:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/29 22:51:38 | 000,000,192 | ---- | M] () -- C:\Users\becky\Desktop\Google+.url
[2012/06/29 22:51:25 | 000,000,213 | ---- | M] () -- C:\Users\becky\Desktop\ui=2&view=bsp&ver=ohhl4rw8mbn4.url
[2012/06/29 14:04:31 | 000,000,680 | ---- | M] () -- C:\Users\becky\AppData\Local\d3d9caps.dat
[2012/06/29 11:35:22 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/29 11:35:22 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/29 11:35:22 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/29 11:35:22 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/29 11:35:22 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/27 09:14:24 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/26 12:08:52 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/25 13:11:31 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Doggie Dash.lnk
[2012/06/25 13:11:31 | 000,000,122 | ---- | M] () -- C:\Users\Public\Desktop\More Games at GameHouse.com.url
[2012/06/25 11:57:26 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 22:47:11 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/19 17:07:04 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 University Life Collection.lnk
[2012/06/19 17:07:04 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2012/06/16 15:37:55 | 000,612,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/16 15:37:55 | 000,110,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 04:03:08 | 000,324,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 14:21:57 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Clutter II He Said, She Said.lnk
[2012/06/08 15:20:09 | 000,000,198 | ---- | M] () -- C:\Users\becky\Desktop\Play Free Online Games Pogo.com®.url

========== Files Created - No Company Name ==========

[2012/07/04 18:58:01 | 000,000,512 | ---- | C] () -- C:\Users\becky\Desktop\MBR.dat
[2012/07/04 11:19:09 | 000,881,475 | ---- | C] () -- C:\Users\becky\Desktop\SecurityCheck.exe
[2012/07/03 18:21:50 | 000,302,592 | ---- | C] () -- C:\Users\becky\Desktop\7cp3wrtk.exe
[2012/07/03 18:11:01 | 000,000,000 | ---- | C] () -- C:\Users\becky\defogger_reenable
[2012/07/02 10:32:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 22:51:38 | 000,000,192 | ---- | C] () -- C:\Users\becky\Desktop\Google+.url
[2012/06/29 22:51:25 | 000,000,213 | ---- | C] () -- C:\Users\becky\Desktop\ui=2&view=bsp&ver=ohhl4rw8mbn4.url
[2012/06/26 12:08:52 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/25 13:11:31 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Doggie Dash.lnk
[2012/06/25 13:11:31 | 000,000,122 | ---- | C] () -- C:\Users\Public\Desktop\More Games at GameHouse.com.url
[2012/06/25 11:57:26 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 22:47:11 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/19 17:07:03 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 University Life Collection.lnk
[2012/06/13 14:21:57 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Clutter II He Said, She Said.lnk
[2012/06/08 19:37:22 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
[2012/06/08 19:37:08 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
[2012/06/08 15:20:09 | 000,000,198 | ---- | C] () -- C:\Users\becky\Desktop\Play Free Online Games Pogo.com®.url
[2012/06/04 10:14:28 | 000,003,716 | ---- | C] () -- C:\Windows\System32\drivers\V0230FwH.bin
[2012/06/04 10:14:28 | 000,003,716 | ---- | C] () -- C:\Windows\System32\drivers\V0230FwF.bin
[2012/02/24 22:29:27 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/06 20:26:34 | 000,001,103 | ---- | C] () -- C:\Users\becky\Recent Items - Shortcut.lnk
[2011/06/28 10:35:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UTSCSI.EXE
[2011/05/08 08:24:19 | 001,372,841 | ---- | C] () -- C:\Users\becky\AppData\Roaming\UserTile.png
[2010/12/27 16:10:16 | 000,024,576 | ---- | C] () -- C:\Users\becky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 21:47:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/22 21:47:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/22 21:47:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/22 21:47:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/22 21:47:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/21 21:00:22 | 000,000,552 | ---- | C] () -- C:\Users\becky\AppData\Local\d3d8caps.dat
[2010/12/21 18:34:16 | 000,000,112 | ---- | C] () -- C:\ProgramData\UMdsyGU7.dat
[2010/12/15 15:55:03 | 000,000,680 | ---- | C] () -- C:\Users\becky\AppData\Local\d3d9caps.dat
[2010/11/20 09:51:01 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/11/20 09:51:01 | 000,138,056 | ---- | C] () -- C:\Users\becky\AppData\Roaming\PnkBstrK.sys
[2010/11/20 09:50:48 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/11/20 09:50:39 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010/11/20 09:50:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/06 22:58:04 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/07/01 14:43:29 | 000,000,373 | ---- | C] () -- C:\Users\becky\Documents - Shortcut.lnk
[2010/06/21 23:14:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/20 14:05:25 | 000,000,924 | ---- | C] () -- C:\Users\becky\AppData\Roaming\wklnhst.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\Slingo Supreme Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\SightSpeed Recordings:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\PassionFruit Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\MySpaceIM Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\My Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\Morpheus Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\ForceField Shared Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\Call of Atlantis:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky\Desktop\messengers:Roxio EMC Stream
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A99C1C81
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DF2C953B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3DB251F0
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:08660BC0
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6A37FCC3
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F2B0ABCC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EBDA021F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:78B923B2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4A2289A6
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F24AD862
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9F222B60
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:389C1BAE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1AC2B366
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0FC57F99
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F71B881A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7198E1D2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F00A953B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:05F547A9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7E239580
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:14AD1C14
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CE63AEF4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2966D3A0
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E7BA7168
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A93A1878
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FCD3A761
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A43443E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:24386795
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07A0D262
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:72830084
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B6C1A5F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3FF2B6F1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDFD169D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA21CA80
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:05F9CFF2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80D975A5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0B7C7BAE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F8B49EF2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C8033E19
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA2A4FE5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6638AEDF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A798AA1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0824CCE8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:50E7393E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:81D77061
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:04826ECB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1D657D4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F76441C8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:40464012
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1F0F3115
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F10C2DA8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7D371AB2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:23FA878E

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 05 July 2012 - 10:09 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime File not found
    O4 - Startup: C:\Users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Morpheus Music\RazaWebHook.dll/3000 File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\Slingo Supreme Documents:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\SightSpeed Recordings:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\PassionFruit Games:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\MySpaceIM Pics:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\My Received Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\My Projects:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\Morpheus Music:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\ForceField Shared Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Documents\Call of Atlantis:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky\Desktop\messengers:Roxio EMC Stream
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:273A8657
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A99C1C81
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DF2C953B
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FC70A22A
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3DB251F0
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:08660BC0
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6A37FCC3
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F2B0ABCC
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EBDA021F
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:78B923B2
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4A2289A6
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F24AD862
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9F222B60
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:389C1BAE
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1AC2B366
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0FC57F99
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F71B881A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7198E1D2
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F00A953B
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:05F547A9
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7E239580
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:14AD1C14
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CE63AEF4
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2966D3A0
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E7BA7168
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A93A1878
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4A966CC2
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FCD3A761
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FF8F1AE3
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E36F5B57
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A43443E9
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:24386795
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07A0D262
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:72830084
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B6C1A5F4
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3FF2B6F1
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:09B77012
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDFD169D
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA21CA80
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:05F9CFF2
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80D975A5
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0B7C7BAE
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F8B49EF2
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C8033E19
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA2A4FE5
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6638AEDF
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A798AA1A
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0824CCE8
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:50E7393E
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:81D77061
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:04826ECB
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1D657D4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AED4FFF5
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F76441C8
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3B3A35EC
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:40464012
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1F0F3115
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F10C2DA8
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7D371AB2
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8E5EA40F
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:23FA878E  
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
    IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60196
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{BB622412-7DB8-4AFD-B084-E5065BAE464B}: "URL" = http://search.imgag.com/?appid=kwapp&c=&sbs=2&sc=2&f=web&vernum=1.0&uid=&did=%7bBB622412-7DB8-4AFD-B084-E5065BAE464B%7d&component=&q={searchTerms}
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80154&lng=en
    IE - HKU\S-1-5-21-4053380413-3599652072-2352306657-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb6?search={searchTerms}&loc=search_box_im2_test_v2
    [2010/11/01 14:47:25 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    [2012/06/29 22:51:25 | 000,000,213 | ---- | M] () -- C:\Users\becky\Desktop\ui=2&view=bsp&ver=ohhl4rw8mbn4.url
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 05 July 2012 - 07:35 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
C:\Users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Shareaza\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\Users\becky\Documents\Slingo Supreme Documents:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\SightSpeed Recordings:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\PassionFruit Games:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\MySpaceIM Pics:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\My Received Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\My Projects:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\Morpheus Music:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\ForceField Shared Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\Call of Atlantis:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Desktop\messengers:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:273A8657 deleted successfully.
ADS C:\ProgramData\TEMP:A99C1C81 deleted successfully.
ADS C:\ProgramData\TEMP:DF2C953B deleted successfully.
ADS C:\ProgramData\TEMP:FC70A22A deleted successfully.
ADS C:\ProgramData\TEMP:3DB251F0 deleted successfully.
ADS C:\ProgramData\TEMP:08660BC0 deleted successfully.
ADS C:\ProgramData\TEMP:6A37FCC3 deleted successfully.
ADS C:\ProgramData\TEMP:F2B0ABCC deleted successfully.
ADS C:\ProgramData\TEMP:EBDA021F deleted successfully.
ADS C:\ProgramData\TEMP:78B923B2 deleted successfully.
ADS C:\ProgramData\TEMP:4A2289A6 deleted successfully.
ADS C:\ProgramData\TEMP:F24AD862 deleted successfully.
ADS C:\ProgramData\TEMP:9F222B60 deleted successfully.
ADS C:\ProgramData\TEMP:389C1BAE deleted successfully.
ADS C:\ProgramData\TEMP:1AC2B366 deleted successfully.
ADS C:\ProgramData\TEMP:0FC57F99 deleted successfully.
ADS C:\ProgramData\TEMP:F71B881A deleted successfully.
ADS C:\ProgramData\TEMP:7198E1D2 deleted successfully.
ADS C:\ProgramData\TEMP:F00A953B deleted successfully.
ADS C:\ProgramData\TEMP:05F547A9 deleted successfully.
ADS C:\ProgramData\TEMP:7E239580 deleted successfully.
ADS C:\ProgramData\TEMP:14AD1C14 deleted successfully.
ADS C:\ProgramData\TEMP:CE63AEF4 deleted successfully.
ADS C:\ProgramData\TEMP:2966D3A0 deleted successfully.
ADS C:\ProgramData\TEMP:EF258AD5 deleted successfully.
ADS C:\ProgramData\TEMP:E7BA7168 deleted successfully.
ADS C:\ProgramData\TEMP:A93A1878 deleted successfully.
ADS C:\ProgramData\TEMP:4A966CC2 deleted successfully.
ADS C:\ProgramData\TEMP:3C6E4889 deleted successfully.
ADS C:\ProgramData\TEMP:FCD3A761 deleted successfully.
ADS C:\ProgramData\TEMP:FF8F1AE3 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:A43443E9 deleted successfully.
ADS C:\ProgramData\TEMP:24386795 deleted successfully.
ADS C:\ProgramData\TEMP:07A0D262 deleted successfully.
ADS C:\ProgramData\TEMP:72830084 deleted successfully.
ADS C:\ProgramData\TEMP:B6C1A5F4 deleted successfully.
ADS C:\ProgramData\TEMP:3FF2B6F1 deleted successfully.
ADS C:\ProgramData\TEMP:09B77012 deleted successfully.
ADS C:\ProgramData\TEMP:FDFD169D deleted successfully.
ADS C:\ProgramData\TEMP:EA21CA80 deleted successfully.
ADS C:\ProgramData\TEMP:05F9CFF2 deleted successfully.
ADS C:\ProgramData\TEMP:80D975A5 deleted successfully.
ADS C:\ProgramData\TEMP:0B7C7BAE deleted successfully.
ADS C:\ProgramData\TEMP:F8B49EF2 deleted successfully.
ADS C:\ProgramData\TEMP:C8033E19 deleted successfully.
ADS C:\ProgramData\TEMP:AA2A4FE5 deleted successfully.
ADS C:\ProgramData\TEMP:6638AEDF deleted successfully.
ADS C:\ProgramData\TEMP:A798AA1A deleted successfully.
ADS C:\ProgramData\TEMP:0824CCE8 deleted successfully.
ADS C:\ProgramData\TEMP:50E7393E deleted successfully.
ADS C:\ProgramData\TEMP:81D77061 deleted successfully.
ADS C:\ProgramData\TEMP:04826ECB deleted successfully.
ADS C:\ProgramData\TEMP:D1D657D4 deleted successfully.
ADS C:\ProgramData\TEMP:AED4FFF5 deleted successfully.
ADS C:\ProgramData\TEMP:2A6BF249 deleted successfully.
ADS C:\ProgramData\TEMP:F76441C8 deleted successfully.
ADS C:\ProgramData\TEMP:ED9B661E deleted successfully.
ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.
ADS C:\ProgramData\TEMP:40464012 deleted successfully.
ADS C:\ProgramData\TEMP:1F0F3115 deleted successfully.
ADS C:\ProgramData\TEMP:F10C2DA8 deleted successfully.
ADS C:\ProgramData\TEMP:7D371AB2 deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\ProgramData\TEMP:23FA878E deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB622412-7DB8-4AFD-B084-E5065BAE464B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB622412-7DB8-4AFD-B084-E5065BAE464B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ deleted successfully.
C:\Program Files\egamestoolbar\egamestoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ not found.
File C:\Program Files\egamestoolbar\egamestoolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
C:\Users\becky\Desktop\ui=2&view=bsp&ver=ohhl4rw8mbn4.url moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\becky\Desktop\cmd.bat deleted successfully.
C:\Users\becky\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: becky
->Java cache emptied: 18852568 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: becky
->Flash cache emptied: 60642 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07052012_193318

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
C:\Users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Shareaza\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\Users\becky\Documents\Slingo Supreme Documents:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\SightSpeed Recordings:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\PassionFruit Games:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\MySpaceIM Pics:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\My Received Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\My Projects:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\Morpheus Music:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\ForceField Shared Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Documents\Call of Atlantis:Roxio EMC Stream deleted successfully.
ADS C:\Users\becky\Desktop\messengers:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:273A8657 deleted successfully.
ADS C:\ProgramData\TEMP:A99C1C81 deleted successfully.
ADS C:\ProgramData\TEMP:DF2C953B deleted successfully.
ADS C:\ProgramData\TEMP:FC70A22A deleted successfully.
ADS C:\ProgramData\TEMP:3DB251F0 deleted successfully.
ADS C:\ProgramData\TEMP:08660BC0 deleted successfully.
ADS C:\ProgramData\TEMP:6A37FCC3 deleted successfully.
ADS C:\ProgramData\TEMP:F2B0ABCC deleted successfully.
ADS C:\ProgramData\TEMP:EBDA021F deleted successfully.
ADS C:\ProgramData\TEMP:78B923B2 deleted successfully.
ADS C:\ProgramData\TEMP:4A2289A6 deleted successfully.
ADS C:\ProgramData\TEMP:F24AD862 deleted successfully.
ADS C:\ProgramData\TEMP:9F222B60 deleted successfully.
ADS C:\ProgramData\TEMP:389C1BAE deleted successfully.
ADS C:\ProgramData\TEMP:1AC2B366 deleted successfully.
ADS C:\ProgramData\TEMP:0FC57F99 deleted successfully.
ADS C:\ProgramData\TEMP:F71B881A deleted successfully.
ADS C:\ProgramData\TEMP:7198E1D2 deleted successfully.
ADS C:\ProgramData\TEMP:F00A953B deleted successfully.
ADS C:\ProgramData\TEMP:05F547A9 deleted successfully.
ADS C:\ProgramData\TEMP:7E239580 deleted successfully.
ADS C:\ProgramData\TEMP:14AD1C14 deleted successfully.
ADS C:\ProgramData\TEMP:CE63AEF4 deleted successfully.
ADS C:\ProgramData\TEMP:2966D3A0 deleted successfully.
ADS C:\ProgramData\TEMP:EF258AD5 deleted successfully.
ADS C:\ProgramData\TEMP:E7BA7168 deleted successfully.
ADS C:\ProgramData\TEMP:A93A1878 deleted successfully.
ADS C:\ProgramData\TEMP:4A966CC2 deleted successfully.
ADS C:\ProgramData\TEMP:3C6E4889 deleted successfully.
ADS C:\ProgramData\TEMP:FCD3A761 deleted successfully.
ADS C:\ProgramData\TEMP:FF8F1AE3 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:A43443E9 deleted successfully.
ADS C:\ProgramData\TEMP:24386795 deleted successfully.
ADS C:\ProgramData\TEMP:07A0D262 deleted successfully.
ADS C:\ProgramData\TEMP:72830084 deleted successfully.
ADS C:\ProgramData\TEMP:B6C1A5F4 deleted successfully.
ADS C:\ProgramData\TEMP:3FF2B6F1 deleted successfully.
ADS C:\ProgramData\TEMP:09B77012 deleted successfully.
ADS C:\ProgramData\TEMP:FDFD169D deleted successfully.
ADS C:\ProgramData\TEMP:EA21CA80 deleted successfully.
ADS C:\ProgramData\TEMP:05F9CFF2 deleted successfully.
ADS C:\ProgramData\TEMP:80D975A5 deleted successfully.
ADS C:\ProgramData\TEMP:0B7C7BAE deleted successfully.
ADS C:\ProgramData\TEMP:F8B49EF2 deleted successfully.
ADS C:\ProgramData\TEMP:C8033E19 deleted successfully.
ADS C:\ProgramData\TEMP:AA2A4FE5 deleted successfully.
ADS C:\ProgramData\TEMP:6638AEDF deleted successfully.
ADS C:\ProgramData\TEMP:A798AA1A deleted successfully.
ADS C:\ProgramData\TEMP:0824CCE8 deleted successfully.
ADS C:\ProgramData\TEMP:50E7393E deleted successfully.
ADS C:\ProgramData\TEMP:81D77061 deleted successfully.
ADS C:\ProgramData\TEMP:04826ECB deleted successfully.
ADS C:\ProgramData\TEMP:D1D657D4 deleted successfully.
ADS C:\ProgramData\TEMP:AED4FFF5 deleted successfully.
ADS C:\ProgramData\TEMP:2A6BF249 deleted successfully.
ADS C:\ProgramData\TEMP:F76441C8 deleted successfully.
ADS C:\ProgramData\TEMP:ED9B661E deleted successfully.
ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.
ADS C:\ProgramData\TEMP:40464012 deleted successfully.
ADS C:\ProgramData\TEMP:1F0F3115 deleted successfully.
ADS C:\ProgramData\TEMP:F10C2DA8 deleted successfully.
ADS C:\ProgramData\TEMP:7D371AB2 deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\ProgramData\TEMP:23FA878E deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB622412-7DB8-4AFD-B084-E5065BAE464B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB622412-7DB8-4AFD-B084-E5065BAE464B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\becky\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ deleted successfully.
C:\Program Files\egamestoolbar\egamestoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ not found.
File C:\Program Files\egamestoolbar\egamestoolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
C:\Users\becky\Desktop\ui=2&view=bsp&ver=ohhl4rw8mbn4.url moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\becky\Desktop\cmd.bat deleted successfully.
C:\Users\becky\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: becky
->Java cache emptied: 18852568 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: becky
->Flash cache emptied: 60642 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07052012_193318

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 05 July 2012 - 08:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 05 July 2012 - 11:42 PM

ComboFix 12-07-04.03 - becky 05/07/2012 22:28:57.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2036.1044 [GMT -5:00]
Running from: c:\users\becky\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 03:42 . 2012-07-06 03:42 -------- d-----w- c:\users\becky\AppData\Local\temp
2012-07-06 03:42 . 2012-07-06 03:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-06 03:42 . 2012-07-06 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 00:33 . 2012-07-06 00:33 -------- d-----w- C:\_OTL
2012-07-03 06:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A568C07A-D0A5-46B6-9446-8A918CFEC339}\mpengine.dll
2012-07-02 15:32 . 2012-07-05 08:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 15:32 . 2012-07-05 08:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 19:40 . 2012-07-01 19:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-29 16:36 . 2012-06-29 16:36 -------- d-----w- c:\program files\Common Files\Java
2012-06-29 16:29 . 2012-06-29 16:35 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-28 15:42 . 2012-06-28 15:42 -------- d-----w- c:\program files\7-Zip
2012-06-26 17:09 . 2012-06-26 17:09 -------- d-----w- c:\users\becky\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 17:08 . 2012-06-26 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-25 18:23 . 2012-06-25 18:23 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2012-06-25 18:11 . 2012-06-25 18:11 -------- d-----w- c:\users\becky\AppData\Roaming\GameHouse
2012-06-25 16:57 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 03:46 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-22 03:46 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-22 03:44 . 2012-06-22 03:44 -------- d-----w- c:\program files\iPod
2012-06-22 03:44 . 2012-06-22 03:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-22 03:44 . 2012-06-22 03:46 -------- d-----w- c:\program files\iTunes
2012-06-22 03:42 . 2012-06-22 03:42 -------- d-----w- c:\program files\Apple Software Update
2012-06-22 03:38 . 2012-06-22 03:38 -------- d-----w- c:\program files\Bonjour
2012-06-19 19:52 . 2012-06-30 03:54 -------- d-----w- c:\users\becky\AppData\Roaming\FreezeTag
2012-06-19 14:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:28 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:28 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 23:39 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:39 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:39 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:38 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:38 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:30 . 2012-06-13 19:30 -------- d-----w- c:\programdata\PuzzlesByJoe
2012-06-09 20:32 . 2012-06-09 20:32 -------- d-----w- c:\program files\Common Files\Skype
2012-06-06 20:04 . 2012-06-06 20:04 -------- d-----w- c:\programdata\Fugazo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2010-10-27 14:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-04-04 23:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-10-27 14:20 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-10-27 14:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-10-27 14:20 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-10-27 14:19 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-10-27 14:19 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-10-27 14:19 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 16:35 . 2010-06-01 04:55 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-25 17:11 . 2012-04-25 17:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 17:11 . 2012-04-25 17:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-07 17:00 . 2012-04-07 17:00 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-27 2937528]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Facebook Update"="c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-08 137536]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-19 880496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
c:\users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2006-6-5 21504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\System\w98eject.exe [2011-10-23 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 23:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4053380413-3599652072-2352306657-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
- c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-08 00:23]
.
2012-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
- c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-08 00:23]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
- c:\users\becky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 00:36]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
- c:\users\becky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 00:36]
.
2012-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-07-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mywinnipeg.com/
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-05 22:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,26,aa,29,6b,3d,1f,81,27,31,73,e3,20,aa,66,d1,fe,d8,ab,34,bf,cd,75,
05,ea,fc,4f,e0,82,5e,71,4e,7a,0d,b6,6e,c6,1f,35,b4,ed,12,59,64,6c,f8,c0,48,\
"??"=hex:21,5d,8e,ff,8e,69,b5,e7,fc,ed,fc,d6,26,cb,91,d0
.
[HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,58,db,0d,cf,2e,d4,c9,df,3d,fd,78,85,37,4f,95,11,67,1a,dd,7f,
05,5b,83,db,3f,1d,c7,7a,14,c0,43,56,e3,e0,3a,f5,46,0c,f1,b5,11,7d,1d,12,9b,\
"rkeysecu"=hex:5d,40,15,05,16,b5,15,2a,81,2e,c0,2c,ad,4a,c4,55
.
Completion time: 2012-07-05 22:46:08
ComboFix-quarantined-files.txt 2012-07-06 03:46
ComboFix2.txt 2012-07-04 16:59
ComboFix3.txt 2011-01-02 22:17
ComboFix4.txt 2010-12-30 03:10
ComboFix5.txt 2012-07-06 03:27
.
Pre-Run: 153,894,555,648 bytes free
Post-Run: 153,904,865,280 bytes free
.
- - End Of File - - 479523A668DB4C178F4DA8CE699BC68C

#15 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:01:26 PM

Posted 05 July 2012 - 11:44 PM

the computer is taking longer and longer to load programs such as internet explorer, facebook, and even bleeping computer it took me 10 min for it to load before I could post the previous scan...The page freezes as its loading and takes long times to even load if it even does. Most of the time I am giving up trying to load a program, game or even watch youtube videos...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users