PDA

View Full Version : Infected? I'm kinda clueless here.


AlexaSD
2013-02-21, 02:28
List of symptoms: (Sry this is long, but I'm trying to be thorough)
1) When spybot attempts to delete temp files before scanning it always says "39 temp files are in use and cannot be deleted." Don't know if it's because those files are normal or not.
2) PC stopped going into standby/monitor off even though the power settings for the pc haven't changed. This has happened before, then stopped, now is happening again. Could it have to do with ZSNES emulator (its an emulater for SNES roms) settings? Cuz I feel like it happens around the time I play roms, but can't be sure.
3) Avast full system scan showed no current threats, but there are threats in the sandbox, some of which are timestamped for when no one was home to use the computer.
4) Stopped being able to log into EA's POGO website (games website)a couple of months ago. They just told me to download google chrome, which I shouldn't have to do.
5) Weird charge appeared on bank statement after making an online purchace from edible arrangements in december. (I've already called the bank about it, but am treating it as a possible symptom of bigger issues)
6) Startup programs listed by spybot as malware/virus in the startup programs tool. I turned them off, but I don't know how to check if they are actually bad or not. (they were turned off after the pc standby issue started, so I doubt one is causing the other.)
- one of the startup programs listed by spybot as maleware is called Spigot. I've noticed a program in my programs list called "dealio toolbar v6.2 by spigot" and I don't recognize it. I left it alone for now, until I get instructions.
7) i used to use p2p sharing programs and since reading this forums info on them have since deleted them. I didn't know that pdf's and mp3 files could be viruses, but can't they be scanned for such b4 infection?
8) I thought Avast had a firewall, but when I turn off windows firewall, it bugs me that my pc isn't protected so I turned it back on. Do I have 2 firewalls running?

If you need avast or spybot logs, please let me know how to do that.

this should be the attach.txt zip file if I did this right:
10378

And here's DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.4.1
Run by Alexa at 19:15:27 on 2013-02-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6156 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\msiexec.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://duckduckgo.com/
uSearch Bar = Preserve
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Analytics Opt-out Browser Add-on: {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{26EB703D-BC82-47C4-B84A-1FE3FCCA9CEC} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=992732&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Alexa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; gtkgquxzus@gtkgquxzus.org; C:\Users\Alexa\Application Data\Mozilla\Firefox\Profiles\3x41iquo.default\extensions\gtkgquxzus@gtkgquxzus.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-6 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-16 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-16 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-16 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-24 44808]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-10-29 1235968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-11 1255736]
.
=============== Created Last 30 ================
.
2013-02-19 11:01:15 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6383836C-949E-4473-82E2-3BA8BD0F3474}\mpengine.dll
2013-02-14 08:02:57 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:02:57 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:18:54 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 21:18:53 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:18:50 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 21:18:43 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 21:18:40 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 21:18:39 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 21:18:39 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 21:18:39 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 21:18:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 21:18:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 21:18:35 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 21:18:35 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-02-08 04:11:25 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 04:11:25 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-03 15:47:14 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
.
============= FINISH: 19:15:42.73 ===============


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-20 20:00:16
-----------------------------
20:00:16.970 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:16.970 Number of processors: 4 586 0x170A
20:00:16.970 ComputerName: BADDASS UserName: Alexa
20:00:18.202 Initialize success
20:00:21.634 AVAST engine defs: 13022001
20:00:38.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:00:38.919 Disk 0 Vendor: ST31000520AS CC32 Size: 953869MB BusType: 3
20:00:38.935 Disk 0 MBR read successfully
20:00:38.935 Disk 0 MBR scan
20:00:38.935 Disk 0 Windows 7 default MBR code
20:00:38.950 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:00:38.950 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:00:38.966 Disk 0 scanning C:\Windows\system32\drivers
20:00:47.094 Service scanning
20:00:58.466 Modules scanning
20:00:58.466 Disk 0 trace - called modules:
20:00:58.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:00:58.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae7060]
20:00:58.513 3 CLASSPNP.SYS[fffff880018ba43f] -> nt!IofCallDriver -> [0xfffffa800744b520]
20:00:58.513 5 ACPI.sys[fffff88000d777a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800744c680]
20:00:59.371 AVAST engine scan C:\Windows
20:01:01.212 AVAST engine scan C:\Windows\system32
20:02:59.475 AVAST engine scan C:\Windows\system32\drivers
20:03:09.693 AVAST engine scan C:\Users\Alexa
20:08:59.898 AVAST engine scan C:\ProgramData
20:09:49.257 Scan finished successfully
20:23:00.069 Disk 0 MBR has been saved successfully to "C:\Users\Alexa\Desktop\MBR.dat"
20:23:00.069 The log file has been saved successfully to "C:\Users\Alexa\Desktop\aswMBR.txt"


I hope I did all this right. :red:
torreattack
2013-03-02, 14:42
Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi AlexaSD and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
2013-03-02, 15:03
Hi AlexaSD :



1) When spybot attempts to delete temp files before scanning it always says "39 temp files are in use and cannot be deleted." Don't know if it's because those files are normal or not.
In my opinion, it is normal. Windows or opened application always will use some temp files, they will prevent those files from being delete. Otherwise, they will become unstable.


2) PC stopped going into standby/monitor off even though the power settings for the pc haven't changed. This has happened before, then stopped, now is happening again. Could it have to do with ZSNES emulator (its an emulater for SNES roms) settings? Cuz I feel like it happens around the time I play roms, but can't be sure.
Try to ask at the Emulator support forum.


3) Avast full system scan showed no current threats, but there are threats in the sandbox, some of which are timestamped for when no one was home to use the computer.
I will keep an eye on it.


4) Stopped being able to log into EA's POGO website (games website)a couple of months ago. They just told me to download google chrome, which I shouldn't have to do.
Does this happen to all browser? Have you update your JAVA and FLASH PLAYER?


5) Weird charge appeared on bank statement after making an online purchace from edible arrangements in december. (I've already called the bank about it, but am treating it as a possible symptom of bigger issues)
Sound like a victim of Trojan or Keylogger, however, I am not sure about it. If this is the computer that you are using for that online purchase, I prefer format/reset this computer.
However, you may postpone your decision until I ask you to decide.


6) Startup programs listed by spybot as malware/virus in the startup programs tool. I turned them off, but I don't know how to check if they are actually bad or not. (they were turned off after the pc standby issue started, so I doubt one is causing the other.)
- one of the startup programs listed by spybot as maleware is called Spigot. I've noticed a program in my programs list called "dealio toolbar v6.2 by spigot" and I don't recognize it. I left it alone for now, until I get instructions.
Remove it.


7) i used to use p2p sharing programs and since reading this forums info on them have since deleted them. I didn't know that pdf's and mp3 files could be viruses, but can't they be scanned for such b4 infection?
Please read: http://forums.spybot.info/showpost.php?p=1109&postcount=1



8) I thought Avast had a firewall, but when I turn off windows firewall, it bugs me that my pc isn't protected so I turned it back on. Do I have 2 firewalls running?
You are running avast! Free Antivirus which did not have firewall installed, consider to purchase Avast Internet Security if you want to have firewall.
On the other hand, you might try some FREE firewall. However, please install firewall only after we have finish our malware problem.


Please give me more info.

1. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Thank you for your patience.
torreattack
AlexaSD
2013-03-03, 05:21
Thank you so much for getting back to me. I promise I will attempt no fixes or anything unless you say so. I'm not dumb enough to try to pretend like I have a clue what I'm doing. :confused:
Okay, FYI: I don't have an external harddrive to back up to, need to buy one. plan to do so within the next couple of days. I will backup b4 I attempt any fixes you advise.


Quote:
4) Stopped being able to log into EA's POGO website (games website)a couple of months ago. They just told me to download google chrome, which I shouldn't have to do.

Does this happen to all browser? Have you update your JAVA and FLASH PLAYER?

4) Java n flashplayer (adobe) updated, but adobe giving problems, increasingly more websites saying it's not installed, but it was updated a few days ago (this has been going on for like a year). Same issue with silverlight (though I'm not sure what silverlite is, if its a flash player or not). One of the websites you suggested with a video on how to update only said I need silverlight to run it, but I have silverlight.


Have you update your JAVA and FLASH PLAYER?

Have no other browsers. would u like me to install one to find out? I really prefer not chrome, i dislike the "big brother" aspect of google, n don't trust them. I could download mozilla if you want, I used to have it before, but got rid of it as its a little less "newbie friendly" than IE, if you know what I mean.


Quote:
6) Startup programs listed by spybot as malware/virus in the startup programs tool. I turned them off, but I don't know how to check if they are actually bad or not. (they were turned off after the pc standby issue started, so I doubt one is causing the other.)
- one of the startup programs listed by spybot as maleware is called Spigot. I've noticed a program in my programs list called "dealio toolbar v6.2 by spigot" and I don't recognize it. I left it alone for now, until I get instructions.

Remove it.
6) Removed Dealio toolbar via control panel remove programs. should i do the same in spybot system startup? Or will we handle that another way? startup program still has entry in spybot system startup tool.

I will have to send the reports in a separate reply, as together they exceed both the character limit and the kb limit allowed for a reply. (please forgive the computer name, I was very impressed with myself when I bought this PC, and didn't know there would ever be an occasion when someone else would see it! :red:).
AlexaSD
2013-03-03, 05:22
22:48:12.0529 5112 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:48:12.0935 5112 ============================================================
22:48:12.0935 5112 Current date / time: 2013/03/02 22:48:12.0935
22:48:12.0935 5112 SystemInfo:
22:48:12.0935 5112
22:48:12.0935 5112 OS Version: 6.1.7601 ServicePack: 1.0
22:48:12.0935 5112 Product type: Workstation
22:48:12.0935 5112 ComputerName: BADDASS
22:48:12.0935 5112 UserName: Alexa
22:48:12.0935 5112 Windows directory: C:\Windows
22:48:12.0935 5112 System windows directory: C:\Windows
22:48:12.0935 5112 Running under WOW64
22:48:12.0935 5112 Processor architecture: Intel x64
22:48:12.0935 5112 Number of processors: 4
22:48:12.0935 5112 Page size: 0x1000
22:48:12.0935 5112 Boot type: Normal boot
22:48:12.0935 5112 ============================================================
22:48:14.0073 5112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x19E0186, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
22:48:14.0073 5112 ============================================================
22:48:14.0073 5112 \Device\Harddisk0\DR0:
22:48:14.0073 5112 MBR partitions:
22:48:14.0073 5112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:48:14.0073 5112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:48:14.0073 5112 ============================================================
22:48:14.0105 5112 C: <-> \Device\Harddisk0\DR0\Partition2
22:48:14.0105 5112 ============================================================
22:48:14.0105 5112 Initialize success
22:48:14.0105 5112 ============================================================
22:48:41.0093 3100 ============================================================
22:48:41.0093 3100 Scan started
22:48:41.0093 3100 Mode: Manual; TDLFS;
22:48:41.0093 3100 ============================================================
22:48:42.0091 3100 ================ Scan system memory ========================
22:48:42.0091 3100 System memory - ok
22:48:42.0091 3100 ================ Scan services =============================
22:48:42.0216 3100 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:48:42.0216 3100 1394ohci - ok
22:48:42.0263 3100 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:48:42.0278 3100 ACPI - ok
22:48:42.0309 3100 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:48:42.0309 3100 AcpiPmi - ok
22:48:42.0450 3100 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:48:42.0450 3100 AdobeFlashPlayerUpdateSvc - ok
22:48:42.0497 3100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:48:42.0497 3100 adp94xx - ok
22:48:42.0512 3100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:48:42.0512 3100 adpahci - ok
22:48:42.0528 3100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:48:42.0543 3100 adpu320 - ok
22:48:42.0559 3100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:48:42.0559 3100 AeLookupSvc - ok
22:48:42.0606 3100 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:48:42.0606 3100 AFD - ok
22:48:42.0653 3100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:48:42.0653 3100 agp440 - ok
22:48:42.0684 3100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:48:42.0684 3100 ALG - ok
22:48:42.0699 3100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:48:42.0699 3100 aliide - ok
22:48:42.0715 3100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:48:42.0715 3100 amdide - ok
22:48:42.0731 3100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:48:42.0731 3100 AmdK8 - ok
22:48:42.0746 3100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:48:42.0746 3100 AmdPPM - ok
22:48:42.0777 3100 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:48:42.0777 3100 amdsata - ok
22:48:42.0793 3100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:48:42.0793 3100 amdsbs - ok
22:48:42.0809 3100 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:48:42.0809 3100 amdxata - ok
22:48:42.0824 3100 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:48:42.0824 3100 AppID - ok
22:48:42.0840 3100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:48:42.0840 3100 AppIDSvc - ok
22:48:42.0887 3100 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:48:42.0887 3100 Appinfo - ok
22:48:42.0965 3100 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:48:42.0965 3100 Apple Mobile Device - ok
22:48:42.0980 3100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:48:42.0980 3100 arc - ok
22:48:42.0980 3100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:48:42.0996 3100 arcsas - ok
22:48:43.0074 3100 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:48:43.0074 3100 aspnet_state - ok
22:48:43.0121 3100 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:48:43.0121 3100 aswFsBlk - ok
22:48:43.0167 3100 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:48:43.0167 3100 aswMonFlt - ok
22:48:43.0214 3100 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:48:43.0214 3100 aswRdr - ok
22:48:43.0261 3100 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:48:43.0277 3100 aswSnx - ok
22:48:43.0292 3100 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:48:43.0292 3100 aswSP - ok
22:48:43.0308 3100 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:48:43.0308 3100 aswTdi - ok
22:48:43.0308 3100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:48:43.0308 3100 AsyncMac - ok
22:48:43.0355 3100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:48:43.0355 3100 atapi - ok
22:48:43.0401 3100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:48:43.0401 3100 AudioEndpointBuilder - ok
22:48:43.0417 3100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:48:43.0417 3100 AudioSrv - ok
22:48:43.0479 3100 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:48:43.0479 3100 avast! Antivirus - ok
22:48:43.0495 3100 avast! Firewall - ok
22:48:43.0542 3100 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:48:43.0542 3100 AxInstSV - ok
22:48:43.0589 3100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:48:43.0589 3100 b06bdrv - ok
22:48:43.0620 3100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:48:43.0620 3100 b57nd60a - ok
22:48:43.0651 3100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:48:43.0651 3100 BDESVC - ok
22:48:43.0667 3100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:48:43.0667 3100 Beep - ok
22:48:43.0698 3100 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:48:43.0713 3100 BFE - ok
22:48:43.0729 3100 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:48:43.0745 3100 BITS - ok
22:48:43.0760 3100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:48:43.0760 3100 blbdrive - ok
22:48:43.0807 3100 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:48:43.0823 3100 Bonjour Service - ok
22:48:43.0854 3100 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:48:43.0854 3100 bowser - ok
22:48:43.0869 3100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:48:43.0869 3100 BrFiltLo - ok
22:48:43.0885 3100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:48:43.0885 3100 BrFiltUp - ok
22:48:43.0916 3100 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:48:43.0916 3100 Browser - ok
22:48:43.0932 3100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:48:43.0932 3100 Brserid - ok
22:48:43.0963 3100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:48:43.0963 3100 BrSerWdm - ok
22:48:43.0963 3100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:48:43.0963 3100 BrUsbMdm - ok
22:48:43.0979 3100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:48:43.0979 3100 BrUsbSer - ok
22:48:43.0994 3100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:48:43.0994 3100 BTHMODEM - ok
22:48:44.0041 3100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:48:44.0041 3100 bthserv - ok
22:48:44.0041 3100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:48:44.0041 3100 cdfs - ok
22:48:44.0072 3100 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:48:44.0072 3100 cdrom - ok
22:48:44.0103 3100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:48:44.0103 3100 CertPropSvc - ok
22:48:44.0119 3100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:48:44.0119 3100 circlass - ok
22:48:44.0135 3100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:48:44.0135 3100 CLFS - ok
22:48:44.0181 3100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:48:44.0181 3100 clr_optimization_v2.0.50727_32 - ok
22:48:44.0213 3100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:48:44.0213 3100 clr_optimization_v2.0.50727_64 - ok
22:48:44.0259 3100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:48:44.0259 3100 clr_optimization_v4.0.30319_32 - ok
22:48:44.0275 3100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:48:44.0275 3100 clr_optimization_v4.0.30319_64 - ok
22:48:44.0291 3100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:48:44.0306 3100 CmBatt - ok
22:48:44.0322 3100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:48:44.0322 3100 cmdide - ok
22:48:44.0384 3100 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:48:44.0384 3100 CNG - ok
22:48:44.0400 3100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:48:44.0400 3100 Compbatt - ok
22:48:44.0431 3100 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:48:44.0431 3100 CompositeBus - ok
22:48:44.0431 3100 COMSysApp - ok
22:48:44.0462 3100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:48:44.0462 3100 crcdisk - ok
22:48:44.0493 3100 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:48:44.0493 3100 CryptSvc - ok
22:48:44.0540 3100 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:48:44.0540 3100 dc3d - ok
22:48:44.0587 3100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:48:44.0587 3100 DcomLaunch - ok
22:48:44.0618 3100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:48:44.0618 3100 defragsvc - ok
22:48:44.0665 3100 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:48:44.0665 3100 DfsC - ok
22:48:44.0696 3100 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:48:44.0696 3100 Dhcp - ok
22:48:44.0712 3100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:48:44.0712 3100 discache - ok
22:48:44.0727 3100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:48:44.0727 3100 Disk - ok
22:48:44.0759 3100 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:48:44.0759 3100 Dnscache - ok
22:48:44.0790 3100 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:48:44.0805 3100 dot3svc - ok
22:48:44.0837 3100 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:48:44.0837 3100 DPS - ok
22:48:44.0868 3100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:48:44.0868 3100 drmkaud - ok
22:48:44.0899 3100 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:48:44.0899 3100 DXGKrnl - ok
22:48:44.0930 3100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:48:44.0930 3100 EapHost - ok
22:48:44.0993 3100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:48:45.0071 3100 ebdrv - ok
22:48:45.0102 3100 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:48:45.0102 3100 EFS - ok
22:48:45.0133 3100 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:48:45.0149 3100 ehRecvr - ok
22:48:45.0164 3100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:48:45.0164 3100 ehSched - ok
22:48:45.0195 3100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:48:45.0195 3100 elxstor - ok
22:48:45.0242 3100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:48:45.0242 3100 ErrDev - ok
22:48:45.0273 3100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:48:45.0273 3100 EventSystem - ok
22:48:45.0289 3100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:48:45.0289 3100 exfat - ok
22:48:45.0305 3100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:48:45.0305 3100 fastfat - ok
22:48:45.0336 3100 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:48:45.0351 3100 Fax - ok
22:48:45.0367 3100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:48:45.0367 3100 fdc - ok
22:48:45.0367 3100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:48:45.0367 3100 fdPHost - ok
22:48:45.0398 3100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:48:45.0398 3100 FDResPub - ok
22:48:45.0414 3100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:48:45.0414 3100 FileInfo - ok
22:48:45.0414 3100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:48:45.0414 3100 Filetrace - ok
22:48:45.0429 3100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:48:45.0429 3100 flpydisk - ok
22:48:45.0445 3100 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:48:45.0445 3100 FltMgr - ok
22:48:45.0492 3100 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:48:45.0523 3100 FontCache - ok
22:48:45.0554 3100 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:48:45.0554 3100 FontCache3.0.0.0 - ok
22:48:45.0570 3100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:48:45.0570 3100 FsDepends - ok
22:48:45.0601 3100 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:48:45.0601 3100 Fs_Rec - ok
22:48:45.0648 3100 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:48:45.0648 3100 fvevol - ok
22:48:45.0663 3100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:48:45.0663 3100 gagp30kx - ok
22:48:45.0695 3100 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:48:45.0695 3100 GEARAspiWDM - ok
22:48:45.0741 3100 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:48:45.0757 3100 gpsvc - ok
22:48:45.0804 3100 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:48:45.0819 3100 gupdate - ok
22:48:45.0835 3100 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:48:45.0851 3100 gupdatem - ok
22:48:45.0866 3100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:48:45.0866 3100 hcw85cir - ok
22:48:45.0913 3100 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:48:45.0913 3100 HdAudAddService - ok
22:48:45.0944 3100 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:48:45.0944 3100 HDAudBus - ok
22:48:45.0960 3100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:48:45.0960 3100 HidBatt - ok
22:48:45.0975 3100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:48:45.0975 3100 HidBth - ok
22:48:45.0991 3100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:48:45.0991 3100 HidIr - ok
22:48:46.0007 3100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:48:46.0007 3100 hidserv - ok
22:48:46.0053 3100 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:48:46.0053 3100 HidUsb - ok
22:48:46.0100 3100 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:48:46.0100 3100 hkmsvc - ok
22:48:46.0147 3100 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:48:46.0147 3100 HomeGroupListener - ok
22:48:46.0163 3100 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:48:46.0163 3100 HomeGroupProvider - ok
22:48:46.0209 3100 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:48:46.0209 3100 HpSAMD - ok
22:48:46.0241 3100 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:48:46.0256 3100 HTTP - ok
22:48:46.0256 3100 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:48:46.0256 3100 hwpolicy - ok
22:48:46.0287 3100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:48:46.0287 3100 i8042prt - ok
22:48:46.0334 3100 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:48:46.0350 3100 iaStorV - ok
22:48:46.0397 3100 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:48:46.0412 3100 IDriverT - ok
22:48:46.0443 3100 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:48:46.0459 3100 idsvc - ok
22:48:46.0490 3100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:48:46.0490 3100 iirsp - ok
22:48:46.0521 3100 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:48:46.0537 3100 IKEEXT - ok
22:48:46.0553 3100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:48:46.0553 3100 intelide - ok
22:48:46.0568 3100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:48:46.0568 3100 intelppm - ok
22:48:46.0599 3100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:48:46.0599 3100 IPBusEnum - ok
22:48:46.0631 3100 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:48:46.0631 3100 IpFilterDriver - ok
22:48:46.0677 3100 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:48:46.0677 3100 iphlpsvc - ok
22:48:46.0693 3100 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:48:46.0693 3100 IPMIDRV - ok
22:48:46.0709 3100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:48:46.0709 3100 IPNAT - ok
22:48:46.0771 3100 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:48:46.0771 3100 iPod Service - ok
22:48:46.0787 3100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:48:46.0787 3100 IRENUM - ok
22:48:46.0802 3100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:48:46.0802 3100 isapnp - ok
22:48:46.0818 3100 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:48:46.0833 3100 iScsiPrt - ok
22:48:46.0849 3100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:48:46.0849 3100 kbdclass - ok
22:48:46.0865 3100 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:48:46.0865 3100 kbdhid - ok
22:48:46.0880 3100 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:48:46.0880 3100 KeyIso - ok
22:48:46.0927 3100 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:48:46.0927 3100 KSecDD - ok
22:48:46.0958 3100 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:48:46.0958 3100 KSecPkg - ok
22:48:46.0974 3100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:48:46.0974 3100 ksthunk - ok
22:48:47.0005 3100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:48:47.0005 3100 KtmRm - ok
22:48:47.0052 3100 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:48:47.0052 3100 LanmanServer - ok
22:48:47.0099 3100 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:48:47.0099 3100 LanmanWorkstation - ok
22:48:47.0130 3100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:48:47.0130 3100 lltdio - ok
22:48:47.0161 3100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:48:47.0177 3100 lltdsvc - ok
22:48:47.0192 3100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:48:47.0192 3100 lmhosts - ok
22:48:47.0223 3100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:48:47.0223 3100 LSI_FC - ok
22:48:47.0223 3100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:48:47.0239 3100 LSI_SAS - ok
22:48:47.0255 3100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:48:47.0255 3100 LSI_SAS2 - ok
22:48:47.0270 3100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:48:47.0270 3100 LSI_SCSI - ok
22:48:47.0301 3100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:48:47.0301 3100 luafv - ok
22:48:47.0317 3100 lxdn_device - ok
22:48:47.0348 3100 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:48:47.0348 3100 Mcx2Svc - ok
22:48:47.0364 3100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:48:47.0364 3100 megasas - ok
22:48:47.0379 3100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:48:47.0395 3100 MegaSR - ok
22:48:47.0457 3100 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:48:47.0457 3100 Microsoft Office Groove Audit Service - ok
22:48:47.0489 3100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:48:47.0489 3100 MMCSS - ok
22:48:47.0520 3100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:48:47.0520 3100 Modem - ok
22:48:47.0535 3100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:48:47.0535 3100 monitor - ok
22:48:47.0551 3100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:48:47.0551 3100 mouclass - ok
22:48:47.0567 3100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:48:47.0582 3100 mouhid - ok
22:48:47.0582 3100 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:48:47.0582 3100 mountmgr - ok
22:48:47.0598 3100 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:48:47.0598 3100 mpio - ok
22:48:47.0613 3100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:48:47.0613 3100 mpsdrv - ok
22:48:47.0660 3100 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:48:47.0676 3100 MpsSvc - ok
22:48:47.0707 3100 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:48:47.0723 3100 MRxDAV - ok
22:48:47.0738 3100 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:48:47.0754 3100 mrxsmb - ok
22:48:47.0769 3100 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:48:47.0785 3100 mrxsmb10 - ok
22:48:47.0801 3100 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:48:47.0801 3100 mrxsmb20 - ok
22:48:47.0816 3100 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:48:47.0816 3100 msahci - ok
22:48:47.0847 3100 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:48:47.0847 3100 msdsm - ok
22:48:47.0863 3100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:48:47.0879 3100 MSDTC - ok
22:48:47.0894 3100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:48:47.0894 3100 Msfs - ok
22:48:47.0894 3100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:48:47.0910 3100 mshidkmdf - ok
22:48:47.0925 3100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:48:47.0925 3100 msisadrv - ok
22:48:47.0957 3100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:48:47.0957 3100 MSiSCSI - ok
22:48:47.0957 3100 msiserver - ok
22:48:47.0988 3100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:48:47.0988 3100 MSKSSRV - ok
22:48:48.0019 3100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:48:48.0019 3100 MSPCLOCK - ok
22:48:48.0019 3100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:48:48.0035 3100 MSPQM - ok
22:48:48.0050 3100 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:48:48.0066 3100 MsRPC - ok
22:48:48.0081 3100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:48:48.0081 3100 mssmbios - ok
22:48:48.0081 3100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:48:48.0097 3100 MSTEE - ok
22:48:48.0097 3100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:48:48.0097 3100 MTConfig - ok
22:48:48.0128 3100 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:48:48.0128 3100 MTsensor - ok
22:48:48.0144 3100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:48:48.0144 3100 Mup - ok
22:48:48.0175 3100 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:48:48.0191 3100 napagent - ok
22:48:48.0222 3100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:48:48.0222 3100 NativeWifiP - ok
22:48:48.0253 3100 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:48:48.0269 3100 NDIS - ok
22:48:48.0300 3100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:48:48.0300 3100 NdisCap - ok
22:48:48.0300 3100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:48:48.0300 3100 NdisTapi - ok
22:48:48.0347 3100 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:48:48.0347 3100 Ndisuio - ok
22:48:48.0378 3100 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:48:48.0393 3100 NdisWan - ok
22:48:48.0425 3100 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:48:48.0440 3100 NDProxy - ok
22:48:48.0440 3100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:48:48.0440 3100 NetBIOS - ok
22:48:48.0471 3100 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:48:48.0471 3100 NetBT - ok
22:48:48.0487 3100 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:48:48.0487 3100 Netlogon - ok
22:48:48.0518 3100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:48:48.0518 3100 Netman - ok
22:48:48.0581 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0581 3100 NetMsmqActivator - ok
22:48:48.0612 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0612 3100 NetPipeActivator - ok
22:48:48.0627 3100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:48:48.0643 3100 netprofm - ok
22:48:48.0643 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0643 3100 NetTcpActivator - ok
22:48:48.0659 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0659 3100 NetTcpPortSharing - ok
22:48:48.0674 3100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:48:48.0674 3100 nfrd960 - ok
22:48:48.0705 3100 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:48:48.0721 3100 NlaSvc - ok
22:48:48.0721 3100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:48:48.0721 3100 Npfs - ok
22:48:48.0752 3100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:48:48.0752 3100 nsi - ok
22:48:48.0768 3100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:48:48.0768 3100 nsiproxy - ok
22:48:48.0830 3100 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:48:48.0861 3100 Ntfs - ok
22:48:48.0908 3100 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:48:48.0908 3100 NuidFltr - ok
22:48:48.0924 3100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:48:48.0924 3100 Null - ok
22:48:49.0111 3100 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:48:49.0189 3100 nvlddmkm - ok
22:48:49.0220 3100 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:48:49.0220 3100 nvraid - ok
22:48:49.0236 3100 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:48:49.0236 3100 nvstor - ok
22:48:49.0298 3100 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
22:48:49.0298 3100 nvsvc - ok
22:48:49.0392 3100 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:48:49.0407 3100 nvUpdatusService - ok
22:48:49.0423 3100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:48:49.0423 3100 nv_agp - ok
22:48:49.0485 3100 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:48:49.0485 3100 odserv - ok
22:48:49.0501 3100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:48:49.0501 3100 ohci1394 - ok
22:48:49.0517 3100 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:48:49.0517 3100 ose - ok
22:48:49.0548 3100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:48:49.0548 3100 p2pimsvc - ok
22:48:49.0579 3100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:48:49.0579 3100 p2psvc - ok
22:48:49.0595 3100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:48:49.0610 3100 Parport - ok
22:48:49.0626 3100 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:48:49.0626 3100 partmgr - ok
22:48:49.0641 3100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:48:49.0641 3100 PcaSvc - ok
22:48:49.0657 3100 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:48:49.0657 3100 pci - ok
22:48:49.0688 3100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:48:49.0688 3100 pciide - ok
22:48:49.0719 3100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:48:49.0719 3100 pcmcia - ok
22:48:49.0735 3100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:48:49.0735 3100 pcw - ok
22:48:49.0751 3100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:48:49.0766 3100 PEAUTH - ok
22:48:49.0813 3100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:48:49.0829 3100 PerfHost - ok
22:48:49.0875 3100 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:48:49.0907 3100 pla - ok
22:48:49.0938 3100 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:48:49.0953 3100 PlugPlay - ok
22:48:49.0969 3100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:48:49.0969 3100 PNRPAutoReg - ok
22:48:49.0985 3100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:48:49.0985 3100 PNRPsvc - ok
22:48:50.0031 3100 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:48:50.0031 3100 Point64 - ok
22:48:50.0047 3100 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:48:50.0047 3100 PolicyAgent - ok
22:48:50.0078 3100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:48:50.0078 3100 Power - ok
22:48:50.0109 3100 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:48:50.0125 3100 PptpMiniport - ok
22:48:50.0141 3100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:48:50.0141 3100 Processor - ok
22:48:50.0187 3100 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:48:50.0187 3100 ProfSvc - ok
22:48:50.0203 3100 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:48:50.0203 3100 ProtectedStorage - ok
22:48:50.0234 3100 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:48:50.0234 3100 Psched - ok
22:48:50.0281 3100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:48:50.0328 3100 ql2300 - ok
22:48:50.0343 3100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:48:50.0343 3100 ql40xx - ok
22:48:50.0359 3100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:48:50.0375 3100 QWAVE - ok
22:48:50.0390 3100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:48:50.0390 3100 QWAVEdrv - ok
22:48:50.0390 3100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:48:50.0390 3100 RasAcd - ok
22:48:50.0421 3100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:48:50.0421 3100 RasAgileVpn - ok
22:48:50.0437 3100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:48:50.0437 3100 RasAuto - ok
22:48:50.0453 3100 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:48:50.0453 3100 Rasl2tp - ok
22:48:50.0484 3100 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:48:50.0484 3100 RasMan - ok
22:48:50.0499 3100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:48:50.0499 3100 RasPppoe - ok
22:48:50.0531 3100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:48:50.0531 3100 RasSstp - ok
22:48:50.0546 3100 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:48:50.0546 3100 rdbss - ok
22:48:50.0562 3100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:48:50.0577 3100 rdpbus - ok
22:48:50.0593 3100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:48:50.0593 3100 RDPCDD - ok
22:48:50.0609 3100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:48:50.0609 3100 RDPENCDD - ok
22:48:50.0609 3100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:48:50.0609 3100 RDPREFMP - ok
22:48:50.0640 3100 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:48:50.0655 3100 RDPWD - ok
22:48:50.0687 3100 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:48:50.0687 3100 rdyboost - ok
22:48:50.0702 3100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:48:50.0702 3100 RemoteAccess - ok
22:48:50.0718 3100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:48:50.0733 3100 RemoteRegistry - ok
22:48:50.0765 3100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:48:50.0765 3100 RpcEptMapper - ok
22:48:50.0796 3100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:48:50.0796 3100 RpcLocator - ok
22:48:50.0827 3100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:48:50.0843 3100 RpcSs - ok
22:48:50.0843 3100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:48:50.0843 3100 rspndr - ok
22:48:50.0889 3100 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:48:50.0889 3100 RTL8167 - ok
22:48:50.0905 3100 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:48:50.0905 3100 SamSs - ok
22:48:50.0936 3100 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:48:50.0936 3100 sbp2port - ok
22:48:51.0014 3100 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:48:51.0030 3100 SBSDWSCService - ok
22:48:51.0045 3100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:48:51.0045 3100 SCardSvr - ok
22:48:51.0061 3100 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:48:51.0061 3100 scfilter - ok
22:48:51.0108 3100 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:48:51.0123 3100 Schedule - ok
22:48:51.0155 3100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:48:51.0155 3100 SCPolicySvc - ok
22:48:51.0201 3100 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:48:51.0201 3100 SDRSVC - ok
22:48:51.0217 3100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:48:51.0217 3100 secdrv - ok
22:48:51.0233 3100 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:48:51.0233 3100 seclogon - ok
22:48:51.0248 3100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:48:51.0264 3100 SENS - ok
22:48:51.0264 3100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:48:51.0279 3100 SensrSvc - ok
22:48:51.0279 3100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:48:51.0279 3100 Serenum - ok
22:48:51.0295 3100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:48:51.0295 3100 Serial - ok
22:48:51.0326 3100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:48:51.0326 3100 sermouse - ok
22:48:51.0357 3100 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:48:51.0357 3100 SessionEnv - ok
22:48:51.0389 3100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:48:51.0389 3100 sffdisk - ok
22:48:51.0404 3100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:48:51.0404 3100 sffp_mmc - ok
22:48:51.0420 3100 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:48:51.0420 3100 sffp_sd - ok
22:48:51.0420 3100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:48:51.0435 3100 sfloppy - ok
22:48:51.0467 3100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:48:51.0467 3100 SharedAccess - ok
22:48:51.0482 3100 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:48:51.0498 3100 ShellHWDetection - ok
22:48:51.0513 3100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:48:51.0513 3100 SiSRaid2 - ok
22:48:51.0545 3100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:48:51.0545 3100 SiSRaid4 - ok
22:48:51.0576 3100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:48:51.0576 3100 Smb - ok
22:48:51.0607 3100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:48:51.0607 3100 SNMPTRAP - ok
22:48:51.0623 3100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:48:51.0623 3100 spldr - ok
22:48:51.0654 3100 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:48:51.0669 3100 Spooler - ok
22:48:51.0732 3100 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:48:51.0794 3100 sppsvc - ok
22:48:51.0810 3100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:48:51.0810 3100 sppuinotify - ok
22:48:51.0841 3100 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:48:51.0841 3100 srv - ok
22:48:51.0872 3100 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:48:51.0872 3100 srv2 - ok
22:48:51.0888 3100 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:48:51.0888 3100 srvnet - ok
22:48:51.0919 3100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:48:51.0919 3100 SSDPSRV - ok
22:48:51.0935 3100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:48:51.0935 3100 SstpSvc - ok
22:48:52.0013 3100 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:48:52.0028 3100 Stereo Service - ok
22:48:52.0044 3100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:48:52.0044 3100 stexstor - ok
22:48:52.0091 3100 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:48:52.0106 3100 stisvc - ok
22:48:52.0169 3100 [ 42FEF84684D217870F3C8813B6F58276 ] SupportSoft RemoteAssist C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
22:48:52.0169 3100 SupportSoft RemoteAssist - ok
22:48:52.0184 3100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:48:52.0184 3100 swenum - ok
22:48:52.0215 3100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:48:52.0215 3100 swprv - ok
22:48:52.0278 3100 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:48:52.0340 3100 SysMain - ok
22:48:52.0356 3100 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:48:52.0356 3100 TabletInputService - ok
22:48:52.0387 3100 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:48:52.0403 3100 TapiSrv - ok
22:48:52.0418 3100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:48:52.0418 3100 TBS - ok
22:48:52.0481 3100 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:48:52.0512 3100 Tcpip - ok
22:48:52.0559 3100 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:48:52.0574 3100 TCPIP6 - ok
22:48:52.0605 3100 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:48:52.0605 3100 tcpipreg - ok
22:48:52.0605 3100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:48:52.0621 3100 TDPIPE - ok
22:48:52.0652 3100 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:48:52.0652 3100 TDTCP - ok
22:48:52.0668 3100 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:48:52.0668 3100 tdx - ok
22:48:52.0683 3100 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:48:52.0683 3100 TermDD - ok
22:48:52.0699 3100 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:48:52.0715 3100 TermService - ok
22:48:52.0715 3100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:48:52.0715 3100 Themes - ok
22:48:52.0730 3100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:48:52.0746 3100 THREADORDER - ok
22:48:52.0746 3100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:48:52.0761 3100 TrkWks - ok
22:48:52.0808 3100 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:48:52.0824 3100 TrustedInstaller - ok
22:48:52.0855 3100 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:48:52.0855 3100 tssecsrv - ok
22:48:52.0871 3100 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:48:52.0871 3100 TsUsbFlt - ok
22:48:52.0933 3100 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:48:52.0933 3100 tunnel - ok
22:48:52.0949 3100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:48:52.0949 3100 uagp35 - ok
22:48:52.0980 3100 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:48:52.0980 3100 udfs - ok
22:48:52.0995 3100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:48:52.0995 3100 UI0Detect - ok
22:48:53.0011 3100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:48:53.0027 3100 uliagpkx - ok
22:48:53.0058 3100 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:48:53.0058 3100 umbus - ok
22:48:53.0073 3100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:48:53.0073 3100 UmPass - ok
22:48:53.0089 3100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:48:53.0105 3100 upnphost - ok
22:48:53.0136 3100 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:48:53.0136 3100 USBAAPL64 - ok
22:48:53.0151 3100 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:48:53.0151 3100 usbccgp - ok
22:48:53.0183 3100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:48:53.0183 3100 usbcir - ok
22:48:53.0198 3100 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:48:53.0198 3100 usbehci - ok
22:48:53.0214 3100 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:48:53.0214 3100 usbhub - ok
22:48:53.0245 3100 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:48:53.0245 3100 usbohci - ok
22:48:53.0261 3100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:48:53.0261 3100 usbprint - ok
22:48:53.0292 3100 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:48:53.0307 3100 usbscan - ok
22:48:53.0307 3100 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:48:53.0307 3100 USBSTOR - ok
22:48:53.0323 3100 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:48:53.0323 3100 usbuhci - ok
22:48:53.0339 3100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:48:53.0339 3100 UxSms - ok
22:48:53.0339 3100 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:48:53.0339 3100 VaultSvc - ok
22:48:53.0370 3100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:48:53.0370 3100 vdrvroot - ok
22:48:53.0401 3100 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:48:53.0417 3100 vds - ok
22:48:53.0432 3100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:48:53.0432 3100 vga - ok
22:48:53.0448 3100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:48:53.0448 3100 VgaSave - ok
22:48:53.0479 3100 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:48:53.0479 3100 vhdmp - ok
22:48:53.0557 3100 [ 574B29F436C4C63D37020C6E570A7528 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:48:53.0573 3100 VIAHdAudAddService - ok
22:48:53.0588 3100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:48:53.0588 3100 viaide - ok
22:48:53.0619 3100 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:48:53.0619 3100 volmgr - ok
22:48:53.0635 3100 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:48:53.0651 3100 volmgrx - ok
22:48:53.0651 3100 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:48:53.0666 3100 volsnap - ok
22:48:53.0682 3100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:48:53.0682 3100 vsmraid - ok
22:48:53.0729 3100 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:48:53.0760 3100 VSS - ok
22:48:53.0775 3100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:48:53.0775 3100 vwifibus - ok
22:48:53.0807 3100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:48:53.0807 3100 W32Time - ok
22:48:53.0822 3100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:48:53.0838 3100 WacomPen - ok
22:48:53.0853 3100 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:48:53.0853 3100 WANARP - ok
22:48:53.0869 3100 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:48:53.0869 3100 Wanarpv6 - ok
22:48:53.0916 3100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:48:53.0931 3100 WatAdminSvc - ok
22:48:53.0963 3100 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:48:53.0994 3100 wbengine - ok
22:48:54.0025 3100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:48:54.0025 3100 WbioSrvc - ok
22:48:54.0056 3100 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:48:54.0056 3100 wcncsvc - ok
22:48:54.0072 3100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:48:54.0087 3100 WcsPlugInService - ok
22:48:54.0087 3100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:48:54.0087 3100 Wd - ok
22:48:54.0134 3100 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:48:54.0150 3100 Wdf01000 - ok
22:48:54.0165 3100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:48:54.0165 3100 WdiServiceHost - ok
22:48:54.0165 3100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:48:54.0165 3100 WdiSystemHost - ok
22:48:54.0181 3100 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:48:54.0197 3100 WebClient - ok
22:48:54.0212 3100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:48:54.0212 3100 Wecsvc - ok
22:48:54.0228 3100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:48:54.0228 3100 wercplsupport - ok
22:48:54.0259 3100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:48:54.0259 3100 WerSvc - ok
22:48:54.0275 3100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:48:54.0275 3100 WfpLwf - ok
22:48:54.0306 3100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:48:54.0306 3100 WIMMount - ok
22:48:54.0306 3100 WinDefend - ok
22:48:54.0321 3100 WinHttpAutoProxySvc - ok
22:48:54.0353 3100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:48:54.0368 3100 Winmgmt - ok
22:48:54.0415 3100 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:48:54.0446 3100 WinRM - ok
22:48:54.0493 3100 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\drivers\WinUSB.SYS
22:48:54.0509 3100 winusb - ok
22:48:54.0540 3100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:48:54.0555 3100 Wlansvc - ok
22:48:54.0587 3100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:48:54.0587 3100 WmiAcpi - ok
22:48:54.0602 3100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:48:54.0602 3100 wmiApSrv - ok
22:48:54.0618 3100 WMPNetworkSvc - ok
22:48:54.0633 3100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:48:54.0649 3100 WPCSvc - ok
22:48:54.0680 3100 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:48:54.0680 3100 WPDBusEnum - ok
22:48:54.0696 3100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:48:54.0696 3100 ws2ifsl - ok
22:48:54.0711 3100 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:48:54.0711 3100 wscsvc - ok
22:48:54.0711 3100 WSearch - ok
22:48:54.0789 3100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:48:54.0836 3100 wuauserv - ok
22:48:54.0852 3100 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:48:54.0867 3100 WudfPf - ok
22:48:54.0883 3100 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:48:54.0883 3100 WUDFRd - ok
22:48:54.0930 3100 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:48:54.0930 3100 wudfsvc - ok
22:48:54.0945 3100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:48:54.0945 3100 WwanSvc - ok
22:48:54.0977 3100 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:48:54.0977 3100 xusb21 - ok
22:48:54.0992 3100 ================ Scan global ===============================
22:48:55.0008 3100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:48:55.0023 3100 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:48:55.0039 3100 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:48:55.0055 3100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:48:55.0070 3100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:48:55.0070 3100 [Global] - ok
22:48:55.0070 3100 ================ Scan MBR ==================================
22:48:55.0086 3100 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:48:55.0273 3100 \Device\Harddisk0\DR0 - ok
22:48:55.0273 3100 ================ Scan VBR ==================================
22:48:55.0273 3100 [ 816BE88948E56B507E4868A86DFC15F2 ] \Device\Harddisk0\DR0\Partition1
22:48:55.0273 3100 \Device\Harddisk0\DR0\Partition1 - ok
22:48:55.0304 3100 [ E50A364B65BAC3EFAA60FE2CC5796299 ] \Device\Harddisk0\DR0\Partition2
22:48:55.0304 3100 \Device\Harddisk0\DR0\Partition2 - ok
22:48:55.0304 3100 ============================================================
22:48:55.0304 3100 Scan finished
22:48:55.0304 3100 ============================================================
22:48:55.0320 4400 Detected object count: 0
22:48:55.0320 4400 Actual detected object count: 0
AlexaSD
2013-03-03, 05:22
OTL logfile created on: 3/2/2013 10:51:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free
16.00 Gb Paging File | 14.19 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 778.74 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BADDASS | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alexa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe File not found
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com/
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes,DefaultScope = {0F923AD5-AF75-4CEC-BD1F-3168790A63CD}
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes\{0F923AD5-AF75-4CEC-BD1F-3168790A63CD}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=992732&ilc=12"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=992732&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alexa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/24 17:21:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 21:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/05 17:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Extensions
[2013/02/20 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions
[1637/07/27 01:35:21 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions\gtkgquxzus@gtkgquxzus.org.xpi
[2012/03/31 03:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/31 03:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/16 19:25:20 | 000,445,763 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15307 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ghostery Add-On) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: pogo.com ([games3] http in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-games.pogo.com/online2/pogo/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EB703D-BC82-47C4-B84A-1FE3FCCA9CEC}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\text/html {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:1 (MyUB - Your personal portal to the UB Web) - http://myub.buffalo.edu/
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/15 23:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{f9160a88-bd95-11df-b335-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9160a88-bd95-11df-b335-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 22:46:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/02 22:46:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alexa\Desktop\tdsskiller.exe
[2013/03/01 23:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/26 14:23:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 14:23:41 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 14:23:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 14:23:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 14:23:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 14:23:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 14:23:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 14:23:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 14:23:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 14:23:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 14:23:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 14:23:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 14:23:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 14:23:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 14:23:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 14:23:28 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 14:23:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 14:23:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 14:23:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 14:23:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 14:23:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 14:23:25 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 14:23:25 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 14:23:25 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 14:23:25 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 14:23:25 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 14:23:25 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 14:23:24 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 14:23:24 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 14:23:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 14:23:23 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 14:23:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 14:23:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 14:23:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/22 23:01:27 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Documents\Acct Info
[2013/02/22 16:40:23 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Statements
[2013/02/20 18:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/02/20 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/02/20 18:38:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/02/14 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 03:00:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 03:00:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 03:00:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 03:00:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 03:00:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 03:00:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 03:00:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/13 16:18:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 16:18:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 16:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 16:18:40 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 16:18:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 16:18:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 16:18:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 16:18:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 16:18:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 16:18:35 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/02 22:46:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/02 22:46:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alexa\Desktop\tdsskiller.exe
[2013/03/02 22:25:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 22:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 22:23:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 11:31:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 00:10:57 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 00:10:57 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 00:07:47 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/02 00:07:47 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/02 00:07:47 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/02 00:03:25 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/01 23:31:28 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/28 21:50:55 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 21:50:55 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 14:51:40 | 000,421,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/20 20:23:00 | 000,000,512 | ---- | M] () -- C:\Users\Alexa\Desktop\MBR.dat
[2013/02/20 19:52:00 | 000,003,238 | ---- | M] () -- C:\Users\Alexa\Desktop\attach.zip
[2013/02/16 19:25:20 | 000,445,763 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/14 12:15:34 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/02/05 22:23:38 | 000,008,192 | ---- | M] () -- C:\Users\Alexa\Desktop\SHINING FORCE CD.brm
[2013/02/05 20:55:58 | 000,004,885 | ---- | M] () -- C:\Users\Alexa\Desktop\Documents\graph paper.pdf
[2013/02/04 23:37:17 | 000,008,192 | ---- | M] () -- C:\Users\Alexa\Desktop\Fusion_Unknown.brm
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/20 20:23:00 | 000,000,512 | ---- | C] () -- C:\Users\Alexa\Desktop\MBR.dat
[2013/02/20 19:52:00 | 000,003,238 | ---- | C] () -- C:\Users\Alexa\Desktop\attach.zip
[2013/02/05 20:55:58 | 000,004,885 | ---- | C] () -- C:\Users\Alexa\Desktop\Documents\graph paper.pdf
[2013/02/04 23:20:38 | 000,008,192 | ---- | C] () -- C:\Users\Alexa\Desktop\Fusion_Unknown.brm
[2013/02/04 23:18:38 | 000,008,192 | ---- | C] () -- C:\Users\Alexa\Desktop\SHINING FORCE CD.brm
[2012/08/14 21:02:43 | 000,004,109 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/19 22:59:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/01/19 22:59:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/01/19 22:59:13 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/19 22:45:48 | 000,039,869 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/05/16 09:02:57 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/05/05 17:09:02 | 000,007,604 | ---- | C] () -- C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg
[2011/03/24 10:06:22 | 000,000,857 | ---- | C] () -- C:\Windows\eReg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1901337E

< End of report >
AlexaSD
2013-03-03, 05:23
OTL Extras logfile created on: 3/2/2013 10:51:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free
16.00 Gb Paging File | 14.19 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 778.74 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BADDASS | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0117D324-5B0E-46C8-B34C-F00BE38B207C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0BD4C50B-3E0E-4125-B6AA-8407B6F8D53B}" = rport=445 | protocol=6 | dir=out | app=system |
"{10A49818-4D4C-4F1B-B8B7-90D516EACEC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{185A5F16-3550-4E46-9BEB-7AFF8D37D572}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20CA9E96-1E28-42B4-B117-AA1D20504C37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22B9E873-4149-4470-B81C-74F2909893BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3167B6E6-A8DA-4AFF-B737-136375D2E733}" = lport=1624 | protocol=17 | dir=in | name=charbuilderfull |
"{328D8D1C-97B3-463E-B0A5-8A18D683F61D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3694BE54-C337-47ED-8BFF-7A0A4E5BE0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53D9E519-7645-4BC0-959E-EFBF1EBD4CEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{548F0F86-4C3C-4A43-9193-DB8DBF55126A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60CF8623-125D-485A-B0C9-D7D78A6CD6B4}" = lport=1624 | protocol=6 | dir=in | name=charbuilderfull |
"{640415CE-4F6F-46B8-A0E0-4C28122454A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{64C901EF-C561-4AFF-B45A-E0DEE46E1E31}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C0B3A5E-20CC-4232-9F94-E1B7377025A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{766BB29D-2555-4134-925E-F7DA06FC38A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AFFDDCD-5993-4B17-80B7-B9861484D807}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F476454-6784-4E8C-98F8-EDB4D0A80CC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{812C60DF-B63E-497C-AFCF-47C77C59A749}" = rport=139 | protocol=6 | dir=out | app=system |
"{97A37EDF-F8B2-4051-9418-1A9690E1E467}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D929D84-5408-47D0-BC76-8CCAA905B631}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE792102-28BB-4927-8E92-2513DD2E84D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3AA60F3-79AB-4F4A-8A3B-1CDEAE69F441}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFA8DAC1-410E-4B16-A802-DDD106DCED72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3F6A820-0342-41FC-A054-DBC41602BFCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCE70DDC-6125-4A62-8341-F336FED06B69}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF6BB7A-2BF7-4259-A028-1B2A349A553C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1702179C-C085-4425-9B3E-8C66A3C9068B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E1C6747-2DEC-4618-91E7-FEDF9709C7E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2278E0E1-2E82-4E8A-8700-B4A96262401D}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{269DC9FC-2A87-416F-81E0-F2B3FF656AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{29AB0E76-8350-4B8F-B01D-05162A7B7639}" = protocol=17 | dir=in | app=c:\users\alexa\appdata\local\temp\character builder\tempelevator.exe |
"{306080F2-6559-44FD-9ACA-F7C1F94C3D85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{35A5F9B0-544B-4E79-ACE2-64F70A1E79DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3834B1A4-F5CA-4C5C-9643-37005B34FBEB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3D154CC1-B75E-4AA5-A767-6AE09001F8AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62AD3F77-EDAB-488B-9AD4-22FB907E45FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64A0F70C-5964-4D4D-A585-86056AE898FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6B47EDAE-8544-445C-B659-66223EAA3094}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6CBE8CC5-3363-4B3F-A05A-9208FCA82D35}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe |
"{6EABD021-61F0-47BE-BE57-F85434E16CB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D6D99D8-03D5-4BD7-B126-8E474530CC7C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86743C91-2FCB-422B-9BBB-8D7052EAEE02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8AE206BA-6E2B-4881-AFD6-BEADCC7B4EC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C8F1EF5-2C4D-4643-BBE9-2443FA516B17}" = protocol=6 | dir=out | app=system |
"{8E1B0893-EBE0-4463-BFFD-6C1AC07AF46F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E266720-4B34-406B-993B-B41E8E11B0A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94B223BC-9A23-495B-8975-5174597A3760}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96D5702D-4015-402C-9686-1DD087040FCF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A94A40A5-C71A-4150-9FA9-8636B9DF8DA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B17C18C9-CEC8-46AD-B3EE-66E72993D96E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B6DCA917-5CFC-41F3-BF72-B260E579855D}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe |
"{B83876DE-057D-4CC5-AE99-30801B76450D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B867D0AD-E9FC-4617-A31A-53A56E03C166}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe |
"{BB9E7EEC-5BF4-4799-8BFD-2AB948ECE143}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{BBA6CA69-7C3F-4742-B0C0-2B40FEE09C90}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C4B7D41E-DFD8-4F55-B3E8-79E8B334B4E7}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe |
"{C8CE90EE-37CD-4C3D-9DCE-33CAAE5B36FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D65DB710-62F6-4167-8105-59B337905A24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D736B097-3D3A-4F7B-A592-FB73C6C3EC87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC8CBEA8-098B-48E6-B26F-476EA991D92C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E0669AA8-7392-4EE5-8206-D9E377E7EC51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9FB9D97-D6FE-4BC0-96E8-13D1CE0463B7}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{F0F5037E-A12D-4114-8938-B62378A7D02F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{F4711698-C9DB-4961-9B7F-D3300AC27090}" = protocol=6 | dir=in | app=c:\users\alexa\appdata\local\temp\character builder\tempelevator.exe |
"{F6508446-A294-4BF0-96C7-5B8DEFB6A099}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA4FE299-96E1-4784-8EEE-7C5F3CE933D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{28989DAF-6683-47AC-9DEC-20BB1B5E735F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5A54875A-8A87-493E-9253-948C0E2D0A04}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"TCP Query User{805BEB75-1E9E-44E5-9436-2971F6209296}C:\users\alexa\downloads\ddi_cb.exe" = protocol=6 | dir=in | app=c:\users\alexa\downloads\ddi_cb.exe |
"TCP Query User{C2FAD7B4-41A2-4A3E-924F-E0F6736181AB}C:\users\alexa\downloads\adventuretoolsdownloader.exe" = protocol=6 | dir=in | app=c:\users\alexa\downloads\adventuretoolsdownloader.exe |
"TCP Query User{D27BF3E7-351E-4835-8D5D-D4E634EBCB9F}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{EDB40D32-911A-4EF8-8846-F989822E0D2C}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{F9A693A9-AAFD-474A-A141-2C43A3E4B7E0}C:\program files (x86)\dosbox-0.61\dosbox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dosbox-0.61\dosbox.exe |
"UDP Query User{1819206A-924E-4D34-AB07-EDD2851BB3B6}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{3F253D44-96D9-4839-AC99-854649936C82}C:\program files (x86)\dosbox-0.61\dosbox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dosbox-0.61\dosbox.exe |
"UDP Query User{8A0F48BF-AE28-4FBC-B563-ED87437761CE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C70E6425-3B6C-41FE-963F-33C7A93CCF2E}C:\users\alexa\downloads\adventuretoolsdownloader.exe" = protocol=17 | dir=in | app=c:\users\alexa\downloads\adventuretoolsdownloader.exe |
"UDP Query User{D4BA7719-BF6B-4DB3-ACC0-300E3E87FA7B}C:\users\alexa\downloads\ddi_cb.exe" = protocol=17 | dir=in | app=c:\users\alexa\downloads\ddi_cb.exe |
"UDP Query User{E557AACB-26BF-4AAD-A8A7-9CAE2296B031}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{E72B8F8C-D606-41DF-A86B-92F61584C9A8}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm)
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Emperor: Rise of the Middle Kingdom
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117601840}" = Farm Frenzy 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{CE6F9778-35DE-42D1-8C61-C5C69DCF8927}" = Google Analytics Opt-out Browser Add-on
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = AI RoboForm (All Users)
"avast" = avast! Free Antivirus
"CameraUserGuide-PSSX210IS" = Canon PowerShot SX210 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstall)
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Galactic Civilizations II - Gold Edition" = Galactic Civilizations II - Gold Edition
"Ghostery IE Plugin_is1" = Ghostery IE Plugin
"house" = house Screen Saver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MS Access 97 SP2" = MS Access 97 SP2
"MyCamera" = Canon Utilities MyCamera
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Shockwave" = Shockwave
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Stardock Central" = Stardock Central
"The Weather Channel App" = The Weather Channel App
"Two Worlds" = Two Worlds
"Vampire: The Masquerade - Bloodlines" = Vampire: The Masquerade - Bloodlines
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2012 2:19:12 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022

Error - 12/12/2012 2:19:12 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

Error - 12/12/2012 2:19:13 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:13 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020

Error - 12/12/2012 2:19:13 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - 12/12/2012 2:19:14 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:14 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - 12/12/2012 2:19:14 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

Error - 12/12/2012 2:19:15 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:15 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017

Error - 12/12/2012 2:19:15 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017

Error - 12/12/2012 2:19:16 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:16 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10015

Error - 12/12/2012 2:19:16 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015

[ System Events ]
Error - 2/28/2013 11:02:39 PM | Computer Name = Baddass | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/28/2013 11:02:39 PM | Computer Name = Baddass | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 3/2/2013 12:27:34 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/2/2013 12:28:04 AM | Computer Name = Baddass | Source = DCOM | ID = 10010
Description =

Error - 3/2/2013 12:29:18 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/2/2013 12:29:32 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/2/2013 12:30:32 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 3/2/2013 1:05:50 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 3/2/2013 1:05:50 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 3/2/2013 11:23:32 PM | Computer Name = Baddass | Source = DCOM | ID = 10010
Description =


< End of report >
AlexaSD
2013-03-03, 05:36
*sigh. I found Mozilla Firefox, turns out I do still have it (man I feel like a dummy!:red:) Okay, I can log into pogo via firefox, AND IE now too! But most games still won't work, in either browser. I'm not sure if my Java is currently updated, but I know I did so when I first started having problems with Pogo, because that is what they suggested I do.

Also, my computer went to stand by on its own a few days ago, but has refused to do so since.

Why do these things come and go?

In many of the reports I sent you, I saw a program I uninstalled a while ago called "character builder." why am I still seeing it there?

Sorry if I'm overloading you with questions. I appreciate your patience.
torreattack
2013-03-03, 11:50
Hi AlexaSD :


Sorry if I'm overloading you with questions. I appreciate your patience.
It's okay. I will try to answer each, but just those I know the answer.


Also, my computer went to stand by on its own a few days ago, but has refused to do so since.
You may check your hardware setting in the Control Panel ==> Power Options.


Why do these things come and go?
Really no idea about it, might cause by Windows Update, User Interaction, malware, improper coding software and many other reason.


In many of the reports I sent you, I saw a program I uninstalled a while ago called "character builder." why am I still seeing it there?
Might be leftover in the registry or improper uninstaller.


Removed Dealio toolbar via control panel remove programs. should i do the same in spybot system startup? Or will we handle that another way? startup program still has entry in spybot system startup tool.
Yes, you may. However, I will remove the leftover if I see it in your logs.


We will leave the POGO problem aside for a while, we will check whether any malware in your computer first.


Weird charge appeared on bank statement after making an online purchace from edible arrangements in december.
1. Is this the computer that you used for the online payment before the suspected payment happened?

2. Does the weird charges are from the company that you have purchase something or a different company?

3. Did you scan your computer after the incident? Any malware found? Can you recall the name of the malware?


While waiting for me to research your logs, let's run another test.

4. Security Check
Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe) ... by screen317. Save it to your desktop.
Alternate download site: Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Right click the SecurityCheck.exe icon and select "run as administrator" to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.


5. Search with AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Right click on adwcleaner.exe and select " Run as administrator " to run it.
Click on Search.
A logfile will automatically open after the scan has finished.
Close the adwCleaner window, click ok to the prompt.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.



Thank you for your patience.
torreattack
AlexaSD
2013-03-05, 05:23
Bear with me, life happened and I still don't have that external harddrive for pc backup. Working on it, sorry for being a pain.

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.0
Java(TM) 6 Update 31
Java(TM) 7 Update 4
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


# AdwCleaner v2.114 - Logfile created 03/04/2013 at 23:20:04
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alexa - BADDASS
# Boot Mode : Normal
# Running from : C:\Users\Alexa\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Alexa\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Brandon\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Brandon\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Found : HKLM\Software\GamesBarSetup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1193 octets] - [04/03/2013 23:20:04]

########## EOF - C:\AdwCleaner[R1].txt - [1253 octets] ##########
torreattack
2013-03-05, 15:27
Hi AlexaSD :

No problem for the backup. Take you time.

1. Fix with AdwCleaner
AdwCleaner
Close all open programs and internet browsers.
Right click on adwcleaner.exe and select " Run as administrator " to run it.
Click on Delete.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


2. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
Click start>> Control Panel >> Under Programs, click on Uninstall a program.
Locate the following program(s):

Ghostery IE Plugin
Java(TM) 6 Update 31
Adobe Reader 9

Select the program above and click on Uninstall to uninstall it.NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


3. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:OTL
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com/
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes,DefaultScope = {0F923AD5-AF75-4CEC-BD1F-3168790A63CD}
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes\{0F923AD5-AF75-4CEC-BD1F-3168790A63CD}: "URL" = http://duckduckgo.com/?q={searchTerms}
[1637/07/27 01:35:21 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions\gtkgquxzus@gtkgquxzus.org.xpi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ghostery Add-On) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: pogo.com ([games3] http in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/gho...0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-games.pogo.com/onlin...g.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O18 - Protocol\Filter\text/html {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll ()
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1901337E


:Files
C:\program files (x86)\ares
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


4.re-scan with OTL
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop. Disable you antivirus if needed.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of OTL.txt ONLY in your next reply.


5. How do you obtain this software: Microsoft Office Enterprise 2007 ?


6. Checklist
Please post:
AdwCleaner[S1].txt
OTL fix log
new OTL.txt only
Answer about Microsoft Office Enterprise 2007
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
2013-03-07, 23:08
Hi AlexaSD

3 Day Response Rule
It has been 3 days since my last post to you.
Do you still need help with this problem?
Do you need more time?
Are you having problems understanding or following my instructions?

thanks,
torreattack
AlexaSD
2013-03-08, 04:21
Sorry about the wait, didn't mean to be rude. I got the backup done, but it came back with these errors concerning certain files. I don't know what those folders are for, but I figured it might matter, so I posted them below. After posting this I will begin on your previous instructions. Thank you so much for your patience.

Backup encountered a problem while backing up file C:\Users\Administrator\Desktop\Documents. Error:(The system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\Administrator\AppData\LocalLow. Error:(The system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\Administrator\Contacts. Error:(The system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\Administrator\Desktop\Documents\Searches. Error:(The system cannot find the path specified. (0x80070003))
AlexaSD
2013-03-08, 04:42
# AdwCleaner v2.114 - Logfile created 03/07/2013 at 22:36:37
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alexa - BADDASS
# Boot Mode : Normal
# Running from : C:\Users\Alexa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Alexa\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Brandon\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Brandon\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1322 octets] - [04/03/2013 23:20:04]
AdwCleaner[S1].txt - [1267 octets] - [07/03/2013 22:36:37]

########## EOF - C:\AdwCleaner[S1].txt - [1327 octets] ##########
AlexaSD
2013-03-08, 05:03
1) Should I redownload adobe reader? I kinda need it.

2) Why did I delete Ghostery? I thought it would help prevent ads from getting my info, is it bad?

3) Upon rebooting IE after OTL fix I was asked to choose a search provider. Is Duck Duck Go bad? They claim to do no tracking like google. If there is nothing wrong with it I would like to continue using it.

All processes killed
========== OTL ==========
HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0F923AD5-AF75-4CEC-BD1F-3168790A63CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F923AD5-AF75-4CEC-BD1F-3168790A63CD}\ not found.
C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions\gtkgquxzus@gtkgquxzus.org.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}\ not found.
File C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll not found.
Registry value HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}\ not found.
File C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll not found.
Registry key HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\oas.support\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\oas.support\ not found.
Registry key HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\support\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pogo.com\games3\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pogo.com\www\ deleted successfully.
Starting removal of ActiveX control {10000000-1000-1000-1000-100000000000}
C:\Windows\Downloaded Program Files\WebInstallRunner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-1000-1000-100000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10000000-1000-1000-1000-100000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
Starting removal of ActiveX control {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}
C:\Windows\Downloaded Program Files\ddfotg.1.0.0.33.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4459DC76-1FDE-4B16-BAD0-E4F8E7647555}\ not found.
File C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll not found.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:CBEB737E deleted successfully.
ADS C:\ProgramData\TEMP:1901337E deleted successfully.
========== FILES ==========
File\Folder C:\program files (x86)\ares not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alexa\Desktop\cmd.bat deleted successfully.
C:\Users\Alexa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Alexa
->Temp folder emptied: 250519881 bytes
->Temporary Internet Files folder emptied: 599311151 bytes
->Java cache emptied: 9939381 bytes
->FireFox cache emptied: 229871520 bytes
->Flash cache emptied: 57003 bytes

User: All Users

User: Brandon
->Temp folder emptied: 14827686 bytes
->Temporary Internet Files folder emptied: 356232503 bytes
->Java cache emptied: 395428 bytes
->Flash cache emptied: 121857 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 147469 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
RecycleBin emptied: 751221092 bytes

Total Files Cleaned = 2,110.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03072013_224851

Files\Folders moved on Reboot...
C:\Users\Alexa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
AlexaSD
2013-03-08, 05:22
Microsoft Office 2007 suite is offered by University of Buffalo to it's students and alumni free of charge. I am the latter. I don't know what Enterprise is but I assume it must have come with the suite from UB. Why?

I recently updated avast, and after the reboot 2 files appeared on the desktop called "desktop.ini" One has a little lock in the icon, and both look see through. What does this mean?

OTL logfile created on: 3/7/2013 11:11:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.18% Memory free
16.00 Gb Paging File | 14.52 Gb Available in Paging File | 90.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 782.49 Gb Free Space | 84.01% Space Free | Partition Type: NTFS
Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BADDASS | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Alexa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 9B F2 C0 B0 1B CE 01 [binary data]
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=992732&ilc=12"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: gtkgquxzus@gtkgquxzus.org:2.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=992732&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alexa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/03/07 23:06:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 21:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/05 17:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Extensions
[2013/03/07 22:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions
[2012/03/31 03:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:06:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
File not found (No name found) -- C:\USERS\ALEXA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3X41IQUO.DEFAULT\EXTENSIONS\GTKGQUXZUS@GTKGQUXZUS.ORG.XPI
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/16 19:25:20 | 000,445,763 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15307 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EB703D-BC82-47C4-B84A-1FE3FCCA9CEC}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:1 (MyUB - Your personal portal to the UB Web) - http://myub.buffalo.edu/
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/15 23:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{f9160a88-bd95-11df-b335-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9160a88-bd95-11df-b335-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/07 22:48:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/04 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/04 23:30:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/04 23:29:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/04 23:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/03/02 22:46:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/02 22:46:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alexa\Desktop\tdsskiller.exe
[2013/03/01 23:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/26 14:23:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 14:23:41 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 14:23:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 14:23:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 14:23:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 14:23:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 14:23:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 14:23:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 14:23:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 14:23:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 14:23:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 14:23:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 14:23:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 14:23:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 14:23:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 14:23:28 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 14:23:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 14:23:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 14:23:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 14:23:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 14:23:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 14:23:25 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 14:23:25 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 14:23:25 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 14:23:25 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 14:23:25 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 14:23:25 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 14:23:24 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 14:23:24 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 14:23:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 14:23:23 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 14:23:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 14:23:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 14:23:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/22 23:01:27 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Documents\Acct Info
[2013/02/20 18:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/02/20 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/02/20 18:38:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/02/14 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 03:00:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 03:00:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 03:00:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 03:00:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 03:00:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 03:00:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 03:00:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/13 16:18:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 16:18:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 16:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 16:18:40 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 16:18:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 16:18:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 16:18:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 16:18:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 16:18:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 16:18:35 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files - Modified Within 30 Days ==========

[2013/03/07 23:13:30 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/07 23:13:30 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/07 23:13:30 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/07 23:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 23:08:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/07 23:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/07 23:08:29 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/07 23:06:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/07 23:01:08 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 23:01:08 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 22:25:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/06 18:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/06 18:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/06 18:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/04 23:29:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/04 23:29:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/04 23:29:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/04 23:29:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/04 23:29:50 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/04 23:29:50 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/04 23:15:12 | 000,597,667 | ---- | M] () -- C:\Users\Alexa\Desktop\adwcleaner.exe
[2013/03/04 23:14:57 | 000,881,950 | ---- | M] () -- C:\Users\Alexa\Desktop\SecurityCheck.exe
[2013/03/02 22:46:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/02 22:46:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alexa\Desktop\tdsskiller.exe
[2013/03/01 23:31:28 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/28 21:50:55 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 21:50:55 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 14:51:40 | 000,421,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/20 20:23:00 | 000,000,512 | ---- | M] () -- C:\Users\Alexa\Desktop\MBR.dat
[2013/02/16 19:25:20 | 000,445,763 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/14 12:15:34 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk

========== Files Created - No Company Name ==========

[2013/03/07 23:06:50 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/07 23:06:50 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/04 23:15:12 | 000,597,667 | ---- | C] () -- C:\Users\Alexa\Desktop\adwcleaner.exe
[2013/03/04 23:14:57 | 000,881,950 | ---- | C] () -- C:\Users\Alexa\Desktop\SecurityCheck.exe
[2013/02/20 20:23:00 | 000,000,512 | ---- | C] () -- C:\Users\Alexa\Desktop\MBR.dat
[2012/08/14 21:02:43 | 000,004,109 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/19 22:59:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/01/19 22:59:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/01/19 22:59:13 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/19 22:45:48 | 000,039,869 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/05/16 09:02:57 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/05/05 17:09:02 | 000,007,604 | ---- | C] () -- C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg
[2011/03/24 10:06:22 | 000,000,857 | ---- | C] () -- C:\Windows\eReg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
torreattack
2013-03-10, 15:14
Hi AlexaSD:

Sorry for being late.


Should I redownload adobe reader? I kinda need it.
Yup, we will reinstall it.


About the backup problem, you may refer to this page:
http://support.microsoft.com/kb/979281


Regarding to Ghostery and Duck Duck Go:

According to some expert, Ghostery is open to debate. If you trust it, you may reinstall it after I give you All Clean sign.
http://www.systemlookup.com/CLSID/71965-GhosteryBrowserHelperObjec_dll.html

same as http://duckduckgo.com/.



Microsoft Office 2007 suite is offered by University of Buffalo to it's students and alumni free of charge. I am the latter. I don't know what Enterprise is but I assume it must have come with the suite from UB. Why?
Nothing, just curious how you get the Enterprise version of office. Normal home user won't has it.


I recently updated avast, and after the reboot 2 files appeared on the desktop called "desktop.ini" One has a little lock in the icon, and both look see through. What does this mean?
That's windows files. it is normal, Normally it is hidden, it keep our setting. You may remove it if you so wish.


let's continue, I hope i did not miss any of your question.

1. Java SE Runtime Environment (JRE).
Please download from HERE (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
Find Java SE 7u17, (JRE) Java SE 7.
Click the Download JRE button to the right.
check the box that says Accept License Agreement. Next, click the correct Product / File Description (in your case the jre-7u17-windows-x64.exe).
Save the file to your desktop.
Close all active windows.
Install the program.
Note: remember to Uncheck any extra software downloads you may be offered (optional)


2. Update Adobe Reader
You should Download and Install the newest version of Adobe Reader for reading pdf files.
Older versions may have vulnerabilities that malware can use to infect your system.
Go Here (http://get.adobe.com/uk/reader/) to download and install Adobe Reader XI (11.0.02).
Note: remember to Uncheck any extra software downloads you may be offered (optional)


3. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
First please Disable any Antivirus you have active, as shown in This topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/home/products/online-scanner)
Then click on Run ESET Online Scanner

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following: Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.


4. Please give me an update regarding your computer problem.

thanks,
torreattack
AlexaSD
2013-03-10, 21:14
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
First please Disable any Antivirus you have active, as shown in This topic.

Okay, I did the "run as admin" thing, and I went to "this topic" for antivirus disable. For one thing, the information the site has on avast is outdated, so I only have the vaguest clue what it's talking about:


Avast

Right Click on the Avast icon in the system tray
Click on Program Settings...
Click on Troubleshooting
Place a tick next to Disable avast! self-defense module
Click OK
At the prompt that appears, click Yes
Right Click on the Avast icon in the system tray and click Stop On-Access protection
At the prompt that appears, click Yes
This is what the site says, but "program settings" isn't in the system tray anymore. I did find "disable avast self-defense module" under settings/troubleshooting in the main application though. So I did uncheck that. But the "Stop on-access protection" doesn't appear anywhere. In the system tray, there is an option to disable avast shields control for 10 min, 1 hr, until system reboot, or permanently. I chose to disable shields until system reboot, but I don't know if that's the same thing as what the "stop on-access protection" will accomplish. After doing all this, I went to ESET as per your instructions, accepted the EULA, then got a blank page and nothing happened. So I assumed maybe Spybot counts as antivirus, and I went back to the "how-to" page, which says:

Spybot's TeaTimer

Download ResetTeaTimer
Save it to your Desktop.
Double click ResetTeaTimer.exe to run it. This will only take a few seconds.

Note: This tool does not work with Windows XP Home Edition.
I double clicked the "download resetTeaTimer" link and it took me to a page that stated I do not have adobe flash player installed and therefore could not proceed. I uninstalled adobe flash player and reinstalled it, and still encountered the same message. I don't know whats up with that but as I told you in an earlier post, this happens to me constantly, where websites believe I do not have flash player installed. Then I opened spybot and unchecked both boxes under Resident in tools (or settings, I don't exactly remember where it was), then attempted to follow the ESET instructions, but my results were no better. I started spybot and avast back up and am awaiting further instructions. I don't have any other antivirus on my pc.
torreattack
2013-03-10, 23:21
Hi AlexaSD:

Sorry for the "outdated" instructions. I will update my instructions. What you did are what we want, well done.


Btw, let's try another software.

1. Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save to your desktop.
Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
Note:When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Note: If MBAM doesn't return after an update, please start it again.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply


2. Your Mozilla Firefox is outdated[list]
click Firefox ==>Options ==>options ==>Advanced ==>Automatically install updates ==>Ok.

The instructions for your version might be different, however, try to update firefox.


3. Update your programs regularly.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Use either one software to check your system, and update those detected problems. Hope your flashplayer problem will solve.

4. Now, give Eset another try with different browser: IE and Firefox. Any luck?

thanks,
torreattack
AlexaSD
2013-03-13, 04:30
3. Update your programs regularly.
Secunia Software Inspector
F-secure Health Check
Use either one software to check your system, and update those detected problems. Hope your flashplayer problem will solve.
I can't use any of those websites, they both say I don't have java installed. so I went to the java website and had it check that my java is working, and it didn't recognize me having java. I checked if java is enabled in IE, and it is, I uninstalled and reinstalled, and still had the same problems. I tried firefox, and got the same results. It seems whatever is causing the flash player problem, is now happening in java since you had me install the updated version. I wish I knew what's going on with this. I was, however, able to get ESET to function for firefox.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexa :: BADDASS [administrator]

3/12/2013 8:32:51 PM
mbam-log-2013-03-12 (20-32-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281065
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4396322dda95c2448e28b4088d41d9ae
# engine=13369
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-13 03:13:16
# local_time=2013-03-12 11:13:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 114687846 0 0
# scanned=209099
# found=1
# cleaned=0
# scan_time=3398
sh=B6E288C4C6C8675352C61E52D7BB216BA88DBFB1 ft=1 fh=4f69242c7b123870 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Alexa\Downloads\SetupImgBurn_2.5.2.0.exe"
AlexaSD
2013-03-13, 04:31
I would like to note that for some reason, disabling active x filtering allowed me to view videos with adobe flash on youtube, for some reason. Though I know I can't leave active x filtering disabled, I thought maybe it would provide some insight into my issues.
torreattack
2013-03-13, 16:45
hi AlexaSD:

I am sorry about the java. Let's carry out some test on java.

1. Verify 32-bit or 64-bit version of IE browser.
Follow these steps to verify whether you are using 32-bit or 64-bit browser.
Launch Internet Explorer browser.
Click on the Help tab at the top.
Select About Internet Explorer which will bring up an information window.
If version of IE displays 64-bit Edition, then it is 64-bit IE... otherwise it's 32-bit browser.
Tell me the version of your IE, 32 bit or 64 bit.

2. Verify if Java is working on your computer by going to : Verify Java is working on your machine (http://www.java.com/en/download/help/testvm.xml)
If the "test" comes back with information about your system, then Java is working... if not a message will appear indicating no working Java is installed.
Tell me whether the java is working or not.

3. Did you mean by disabling active x filtering in IE and firefox make the video working?

sorry,
torreattack
AlexaSD
2013-03-14, 01:10
1) 32 bit internet explorer


Verify if Java is working on your computer by going to : Verify Java is working on your machine
2) That is the website I have been using. It says there is "no java installed on my system."

3) When I go to youtube to look at a video, most say I have to have Flash player installed (but I already do). I went to Adobe official troubleshooting website, and adobe suggests turning off active x filter. I did, and was then able to watch those videos on youtube. But I can't leave active x filtering off, isnt that bad?
torreattack
2013-03-14, 15:50
Hi AlexaSD :

Regarding the activeX filter:
http://ie.microsoft.com/testdrive/browser/activexfiltering/About.html

I am not recommend to off the filter, some bad website use it to attack. However, if you trust the site that you are going to visit, you may temporary turn it off.



1. Please uninstall the java that we just installed.

2. Re-download Java SE Runtime Environment (JRE).
Please download from HERE (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
Find Java SE 7u17, (JRE) Java SE 7.
Click the Download JRE button to the right.
check the box that says Accept License Agreement. Next, click the correct Product / File Description (in your case the jre-7u17-windows-i586.exe).
Save the file to your desktop.
Close all active windows.
Install the program.
Note: remember to Uncheck any extra software downloads you may be offered (optional)

3. Try to detect the flashplayer that you are needed here: http://get.adobe.com/flashplayer/
When finish download it, if possible, try to install it by right click on it and choose "run as administrator" to install it.
Note: remember to Uncheck any extra software downloads you may be offered (optional)

4. Try again with the Secunia Software Inspector or F-secure Health Check. If needed, temporary disable your activeX filter.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)


thanks,
torreattack
AlexaSD
2013-03-14, 19:19
I am running the secunia scan now but I have to go to work soon. I just wanted to say that java and flash player will only work if active x filtering is off. That wasn't true a year ago. If its not a virus that is causing this, then can you recommend a forum where I can get help with this issue?

Also, ESET or MBAM (I forgot which) came back with an "ask toolbar" threat in my previous post. Do I need to get rid of that somehow?
torreattack
2013-03-15, 16:18
Hi AlexaSD :

Don't worry about the ASKtoolbar, it wasn't active. You can delete this file: C:\Users\Alexa\Downloads\SetupImgBurn_2.5.2.0.exe.

Regarding the java and flash problem, let's see what secunia found. Update your system especially the display driver. You may also get your display driver here: http://forums.adobe.com/thread/945765

if everything fail, i would forward you to other expert.

thanks,
torreattack
AlexaSD
2013-03-17, 00:38
Secunia told me I needed several windows updates, and IE update to 10. I did those, and am still having the same problem with java and flash player. I rechecked with secunia, and still had to disable active x filter before I could perform the scan, same with the other website you recommended. the scan showed no more insecure programs.

I did figure out why my pc wouldn't go to standby, the mouse was keeping it awake! So that issue is solved. I just stopped the mouse from being able to wake the pc, and now standby happens like normal. Yay!
torreattack
2013-03-17, 14:49
Hi AlexaSD:

Glad to hear you standby problem solved. Only one left to deal with.

I do some searches and asking around these few days, I hope this few suggestion might help.

1. Go to this page, http://forums.adobe.com/thread/945765
find you display lastest driver, download it, then uninstall the old one and install the new one.

IF the problem did not solve, let's try to uninstall flashplayer.

1. Go to this page, http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
Uninstall the flashplayer as instructed.

2. Go to this page, http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html
Check the latest version of flashplayer according to your system, if needed, update it.

3. If problem still appear, let's try this: http://helpx.adobe.com/flash-player/kb/flash-player-games-video-or.html
follow the instruction but let's skip the step 2 : Disable ActiveX Filtering (if you are using Internet Explorer 9)


If problem still exist, let's try to reset IE.
Go to Internet options, advanced, reset, tick Delete Personal Setting, reset.


Let's me know if that helpful.
torreattack
AlexaSD
2013-03-18, 20:20
I have found something that did the trick...completely. Here it is for your reference. I did these steps, and it solved the problems!!!
http://www.ghacks.net/2011/02/16/internet-explorer-9-activex-filtering-fix-flash-java-and-other-plugins/

Unless there are any further infections on my system, I guess that's it! Is there anything else we need to do?
torreattack
2013-03-19, 13:10
Hi AlexaSD :

Thanks for the info and having great patience.

I personally don't like to add any website into TRUSTZONE. The policy of those website might change anytime without our notice. Any content, script or activeX will be allow to run automatically.

The page you refer to are add the website to TrustZone, then disable the activeX Filter. There are not different from what you did before. However, it is YOUR choice.


================================================================================

This is my general post for when your logs show no more signs of malware.

Congratulations... your computer now appears to be malware free! :)
Please follow these simple guidelines in order to help keep your computer more secure:

Time for some housekeeping

1. Flush Restore Point
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:Files
C:\Users\Alexa\Downloads\SetupImgBurn_2.5.2.0.exe

:Commands
[EmptyTemp]
[ClearAllRestorePoints]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Just close the notepad and do not need to post the contents of report.



2. Clean up with OTL
Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
This tool will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.


3. You can now delete any tools we used if they remain on your Desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Update your Antivirus programs and other programs regularly.


Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
What is Windows Update? (http://windows.microsoft.com/en-US/windows/help/windows-update)
Microsoft Update Home (http://windows.microsoft.com/en-US/windows7/products/features/windows-update)


Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from BillP Studios (http://www.winpatrol.com/download.html)
Information about how WinPatrol works, is available Here (http://www.winpatrol.com/features.html)
(The free version of WinPatrol... provides limited real-time protection)


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960)

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.


Happy surfing!

torreattack
torreattack
2013-03-21, 17:15
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.