Jump to content

Can't get rid of trojan.siteref, rootkit.0access, trojan.dropper.bcminer


Recommended Posts

Malwarebytes finds rootkit.0access, trojan.siteref, trojan.dropper.bcminer and says its successfully removed them but upon reboot they reappear. I tried to run the dds utility but it hangs the computer partway through so I am unable to get the diagnostic logs to post as well.

Link to post
Share on other sites

Hello delassa and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Thank you for your quick response, here is the two files

OTL.txt

OTL logfile created on: 7/17/2012 11:30:34 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mom\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 77.93% Memory free

6.97 Gb Paging File | 6.04 Gb Available in Paging File | 86.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 456.43 Gb Total Space | 327.75 Gb Free Space | 71.81% Space Free | Partition Type: NTFS

Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

Drive E: | 365.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 11:30:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe

PRC - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe

PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2008/04/07 06:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE

PRC - [2008/01/15 04:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe

PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe

MOD - [2009/04/10 23:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2009/04/10 23:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/16 17:42:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/16 12:48:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)

SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)

DRV - [2007/12/12 01:20:00 | 007,629,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/12/07 08:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007/12/07 08:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007/11/17 12:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/10/12 08:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007/09/24 04:09:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)

DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE - HKLM\..\SearchScopes,DefaultScope = {809A50C2-4152-46C1-8DF8-3C1C4C66EF34}

IE - HKLM\..\SearchScopes\{809A50C2-4152-46C1-8DF8-3C1C4C66EF34}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S00518^us&si=CNHXn9u8-a0CFQ9-hwod1h8fZg&ptb=77A47DA0-5790-4ADF-9EA1-AFA6351C14B0&psa=&ind=2012013023&st=sb&n=77ece1df&searchfor={searchTerms}

IE - HKLM\..\SearchScopes\{EDD05138-7477-4583-AAB6-DEF4E0326B92}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111224

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes,DefaultScope = {63140ECF-C629-BE59-8F0E-90B4FF340C03}

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111224&iesrc={referrer:source}

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{809A50C2-4152-46C1-8DF8-3C1C4C66EF34}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S00518^us&si=CNHXn9u8-a0CFQ9-hwod1h8fZg&ptb=77A47DA0-5790-4ADF-9EA1-AFA6351C14B0&psa=&ind=2012013023&st=sb&n=77ece1df&searchfor={searchTerms}

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{E563341D-77C9-4709-8B9B-0C6DF6D1C1C4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{EDD05138-7477-4583-AAB6-DEF4E0326B92}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2012/06/28 00:53:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/16 17:42:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/14 18:16:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\Mom\AppData\Local\ArcadeCandy\games@acandy.com [2012/07/10 15:53:39 | 000,000,000 | ---D | M]

[2012/01/26 20:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions

[2012/07/04 01:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions

[2012/06/04 23:01:57 | 000,000,000 | ---D | M] (Coupon Alert) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\2pffxtbr@CouponAlert_2p.com

[2012/01/30 21:57:45 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\64ffxtbr@TelevisionFanatic.com

[2012/07/04 01:51:32 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\crossriderapp2258@crossrider.com

[2012/06/28 02:02:16 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com

[2012/04/22 15:11:26 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\toolbar@shopathome.com

[2012/04/09 21:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/10 15:53:39 | 000,000,000 | ---D | M] (ArcadeCandy Games) -- C:\USERS\MOM\APPDATA\LOCAL\ARCADECANDY\GAMES@ACANDY.COM

[2012/07/16 17:42:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/06/14 18:16:41 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/07/16 17:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/07/16 17:42:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGACDF&install_date=20111224

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Mom\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Angry Birds = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: YouTube = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Funmoods = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\

CHR - Extension: Crackle = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.2_0\

CHR - Extension: ArcadeCandy Games = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\

CHR - Extension: Gmail = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)

O2 - BHO: (ArcadeCandy Games) - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Mom\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)

O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000..\Run: [EPSON Artisan 800(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DA49E6B-A1AC-4997-A3ED-E6363C1DEE63}: DhcpNameServer = 192.168.0.1 205.171.3.25

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Mom\Pictures\2012-06-03\2012-06-01 at 12-12-45.jpg

O24 - Desktop BackupWallPaper: C:\Users\Mom\Pictures\2012-06-03\2012-06-01 at 12-12-45.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/02/22 11:55:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 11:30:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe

[2012/07/17 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{03193538-0513-4379-BEB8-591AF4855D5A}

[2012/07/17 09:04:36 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{2E803F8F-E4EA-4678-BF97-07CCB59CACF5}

[2012/07/16 20:00:39 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2012/07/16 20:00:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mom\Desktop\dds.com

[2012/07/16 18:58:56 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mom\Desktop\TDSSKiller.exe

[2012/07/16 13:53:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{A590B9FD-F320-4101-BB38-E99BD0538659}

[2012/07/16 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{7C097360-83FD-4A8E-ADA7-C526464AE926}

[2012/07/15 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Macromedia

[2012/07/15 20:15:48 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{A003BAD4-BF43-4206-B6EC-8E2D4179EBBA}

[2012/07/15 20:15:47 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{3B86F563-BDD2-42C1-8D41-789A02865DEB}

[2012/07/15 15:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo

[2012/07/15 15:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooking Academy 3 - Recipe for Success

[2012/07/15 15:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cooking Academy 3 - Recipe for Success

[2012/07/15 10:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Games

[2012/07/15 10:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo Pizza

[2012/07/15 10:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Turbo Pizza

[2012/07/15 08:27:33 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Malwarebytes

[2012/07/15 08:25:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/07/15 08:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/15 08:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/15 08:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/15 08:20:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Chameleon

[2012/07/15 07:46:23 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012/07/15 07:28:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{FE1FC6C9-9A91-4DB4-B860-478009A1DEFA}

[2012/07/15 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{8A78C57C-1D8B-4D33-8603-F80E06374B90}

[2012/07/14 12:15:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{DB220841-695C-4857-BD72-6A9467313E71}

[2012/07/14 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{CA722D5A-311D-4A4E-80FA-FE58C6AA64B5}

[2012/07/14 00:15:24 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{9832A722-23A7-48A9-B262-BB2ED00BEF97}

[2012/07/14 00:15:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{650143DE-7F26-447B-BB3A-FA11547C8037}

[2012/07/13 12:09:50 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{86CFA811-E396-417E-8E3A-FF00956BF1BA}

[2012/07/13 12:09:48 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{D220B9B8-3CEE-46F4-B2F6-FC97FAA77C16}

[2012/07/12 22:23:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{243BB124-0B04-4281-A990-FFA2C12C0691}

[2012/07/12 22:23:53 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{14C50EE9-84E3-44E7-A3F5-BFD2E5065A7C}

[2012/07/12 10:13:19 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{4E7DB8ED-A418-4794-BA0C-B3D1B6E49F99}

[2012/07/12 10:13:17 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{862921D2-E589-4628-A164-51D4AF078005}

[2012/07/11 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{0BDFE621-49FF-4107-8D1D-4913A3BE9606}

[2012/07/11 11:10:00 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{582C30CF-EF56-4816-AF70-A255FBC00435}

[2012/07/10 20:50:10 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{A6257DB7-7A9B-4863-954F-D8910030108D}

[2012/07/10 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{1656A019-39B9-4A84-9080-AEFBB4759200}

[2012/07/10 16:06:10 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Ludia

[2012/07/10 16:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ludia

[2012/07/10 16:03:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Oberon Media

[2012/07/10 16:03:35 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games of the Month

[2012/07/10 16:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media SIDR

[2012/07/10 16:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media

[2012/07/10 15:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media

[2012/07/10 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy

[2012/07/10 15:53:38 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\ArcadeCandy

[2012/07/10 08:49:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{BB7CF1BB-8D01-4492-BBCB-5A90DD8417CF}

[2012/07/10 08:49:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{622AAC38-15FC-46EE-AE7C-9BE41EFCD0A3}

[2012/07/09 16:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562C8000027E7000146F7570F1C8B

[2012/07/09 13:41:30 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{4FF9A055-EC87-4B6C-9A63-D93F8AA3EECB}

[2012/07/09 13:41:28 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{788533D8-5C43-4E8E-8B02-CCEDDFE8D2DD}

[2012/07/08 21:50:46 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{D5F805BA-E90C-4901-B19B-B35CB6601024}

[2012/07/08 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{14A80A2F-8B38-4B57-BB45-8897CF22529D}

[2012/07/03 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{4E02DD88-0AD9-4DC7-AF1C-D3282D1C1723}

[2012/07/03 20:46:53 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{137B374B-F901-48DC-8088-A5F6A97FA64E}

[2012/07/03 07:46:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{017A90EA-D640-4461-BF31-EF63E2427AB7}

[2012/07/03 07:46:47 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{924CDB34-5ADC-444D-BB22-D06D11AB9F63}

[2012/07/02 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{66A5623A-85E3-4DF9-83D9-33A83591B65F}

[2012/07/02 13:21:32 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{58300FD7-2850-4D11-8D5E-E9BB0D0D51ED}

[2012/07/01 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{A4488923-6BEE-4448-8292-317401E88BEA}

[2012/07/01 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{3F369105-CD39-4436-A266-B1C6C9B4A673}

[2012/07/01 11:03:36 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{4E306C51-47AE-4863-8158-F0AA278647F0}

[2012/07/01 11:03:33 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{B67F8110-59A1-4E54-A108-3D57618AC1F1}

[2012/07/01 00:51:25 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{C27B1C1C-519E-4A7A-84B0-2B3667BFBF4F}

[2012/06/30 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{A1DB2BB8-55B6-450F-BD54-CD657E77FB75}

[2012/06/30 10:51:58 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{7C5430CF-781F-40D9-87CD-11ED7CF3D843}

[2012/06/29 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{F8CE125A-8907-4564-9B1E-2EB4D6A3FF69}

[2012/06/29 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{7FB75218-1B5D-44F3-8F9F-7E4BDE9E4CBC}

[2012/06/29 01:24:12 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{2E6179EF-E39C-4807-B0C2-48CC1835FE50}

[2012/06/29 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{6AF72E70-862F-49BB-983C-6B4AE32C984B}

[2012/06/28 13:16:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{AEBCB4E1-F420-46B0-9DB9-2694E0BE0938}

[2012/06/28 13:16:19 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{4D59E67D-F9DB-4949-86C3-A8129606D925}

[2012/06/28 01:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\iWin.com

[2012/06/28 00:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin Games

[2012/06/28 00:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games

[2012/06/28 00:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games

[2012/06/28 00:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods

[2012/06/28 00:25:04 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{E7745FA4-B803-470D-B0BB-1FDA2B2EB7F0}

[2012/06/28 00:25:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{7291AD33-DC37-4FF4-B006-EA2898D87964}

[2012/06/27 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\TuneUp Software

[2012/06/27 21:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/06/27 21:52:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/06/27 21:52:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/06/27 21:43:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\OpenCandy

[2012/06/27 19:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twistingo

[2012/06/27 19:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Twistingo

[2012/06/27 19:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games

[2012/06/27 19:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient

[2012/06/27 19:10:23 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache

[2012/06/27 11:31:30 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{437D0881-CBA6-4A1E-AF47-167AE4285208}

[2012/06/27 11:31:29 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{217F185F-072B-4E1F-B493-85549C4B928A}

[2012/06/26 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{878B1849-AB54-4FF0-A20B-F7851E32882F}

[2012/06/26 22:17:48 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{82738178-F13F-4C81-A49C-C94AAF4F1EA1}

[2012/06/26 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{17D7DC08-6B63-4D1F-9F0E-364DA4F3DAEA}

[2012/06/26 10:17:32 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{DF31A837-1EF3-4347-BE55-927DD3DAF2CD}

[2012/06/25 21:51:21 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{5399F8AB-6C8A-49EB-804A-A49CF9CCC448}

[2012/06/25 21:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{B594C349-CE09-451D-96FE-F568DFEAD960}

[2012/06/25 09:51:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{128145D2-F15D-44BF-9216-420663B088DB}

[2012/06/25 09:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{8D879AA6-0434-45D0-8511-857851341A50}

[2012/06/24 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{05A06790-BEA6-464A-B9C2-CC6233AF4794}

[2012/06/24 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{71C2B955-A35F-4BD9-9A27-E89CBB66F8F2}

[2012/06/24 01:39:28 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{ECE2101B-6AFA-493B-B591-B5829CB21777}

[2012/06/24 01:39:27 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{D559DB91-2235-44F0-B8A5-8BE053FCF336}

[2012/06/23 13:30:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{0B458AC2-9B5E-46CD-BCF7-11675330E6A7}

[2012/06/23 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{9AF5DBC7-5D36-44AF-B02A-5816EDEA7C3B}

[2012/06/23 00:11:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{DA5DB144-7E68-4EA6-9EDC-18CA418B8119}

[2012/06/23 00:11:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{5C4BB0F3-1E05-4D85-A7AC-19557859BADE}

[2012/06/22 12:11:30 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{403C9E67-B5E9-492B-AB1F-C3E15C4E6038}

[2012/06/22 12:11:27 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{861EF2FB-116C-4DEE-8D24-E62AF7C0C138}

[2012/06/21 22:56:18 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{99AA53CE-22BA-4EFB-8776-7F1A93466926}

[2012/06/21 22:56:16 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{676BAA06-F963-46EE-ABB2-3D349E7D024C}

[2012/06/21 10:49:01 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{3377AB2F-1A1C-4B0B-96B6-9E8FCA197F4E}

[2012/06/21 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{F2B747AD-04ED-4A9A-BD90-74BB21FD6C69}

[2012/06/20 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{1F36A6E6-5CAB-4CBA-B498-3F8BFEE4573F}

[2012/06/20 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{445F2AB7-1C23-4DBA-812C-D22F3F54BA31}

[2012/06/20 07:36:33 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{11E95546-3C76-42CD-BE02-DBC629D0EF3E}

[2012/06/20 07:36:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{28537B9E-5461-4225-AC48-1216801BD978}

[2012/06/19 19:36:16 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{1F7D3F2F-8A14-4C75-AF52-59A26104FC6A}

[2012/06/19 19:36:15 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{EB689100-4994-4EF2-AC12-FE8E3F92BF83}

[2012/06/19 07:35:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{C8ABA61B-0717-47FC-ADE8-0D427E40E458}

[2012/06/19 07:35:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{295B1E32-6543-4113-A151-F1C113EDBDC5}

[2012/06/18 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{D081B48F-4E45-428D-8227-AFDC2F422D78}

[2012/06/17 19:42:10 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{7EB88999-1772-41EB-98D9-35EBA313CB8F}

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 11:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1923051437-1680192623-1398719538-1000UA.job

[2012/07/17 11:30:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe

[2012/07/17 11:03:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/17 11:03:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/17 10:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/17 10:12:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\CandyUpdater.job

[2012/07/17 09:04:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/16 20:23:44 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/16 20:23:44 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/16 20:17:20 | 3622,248,448 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/16 20:00:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mom\Desktop\dds.com

[2012/07/16 17:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1923051437-1680192623-1398719538-1000Core.job

[2012/07/15 08:27:27 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/11 12:02:23 | 000,002,034 | ---- | M] () -- C:\Users\Mom\Desktop\Google Chrome.lnk

[2012/07/11 12:02:23 | 000,001,996 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/07/10 16:03:35 | 000,002,215 | ---- | M] () -- C:\Users\Mom\Desktop\Hell's Kitchen.lnk

[2012/07/10 16:03:33 | 000,001,172 | ---- | M] () -- C:\Users\Mom\Desktop\Games of the Month.lnk

[2012/07/09 12:48:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom\Desktop\TDSSKiller.exe

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/28 00:53:50 | 000,001,681 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk

[2012/06/28 00:53:50 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\Play iWin Games.lnk

[2012/06/28 00:41:09 | 000,031,470 | ---- | M] () -- C:\Users\Mom\AppData\Local\funmoods.crx

[2012/06/27 23:20:51 | 000,001,672 | ---- | M] () -- C:\Users\Mom\Desktop\More Great Games.lnk

[2012/06/27 19:18:30 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\Play Twistingo.lnk

[2012/06/27 19:18:30 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk

[2012/06/19 00:09:39 | 000,011,264 | ---- | M] () -- C:\Users\Mom\Documents\Inventory Stock Pile.xlr

[2012/06/19 00:09:39 | 000,000,468 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/16 19:47:31 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\00000008.@

[2012/07/16 19:47:19 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000000.@

[2012/07/16 19:47:18 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\00000004.@

[2012/07/16 19:47:18 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\000000cb.@

[2012/07/16 19:02:45 | 3622,248,448 | -HS- | C] () -- C:\hiberfil.sys

[2012/07/15 22:16:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/15 08:25:43 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/15 07:30:33 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000032.@

[2012/07/15 07:30:33 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\L\00000004.@

[2012/07/10 16:03:35 | 000,002,215 | ---- | C] () -- C:\Users\Mom\Desktop\Hell's Kitchen.lnk

[2012/07/10 16:03:33 | 000,001,172 | ---- | C] () -- C:\Users\Mom\Desktop\Games of the Month.lnk

[2012/07/10 15:53:39 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\CandyUpdater.job

[2012/06/28 00:53:50 | 000,001,681 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk

[2012/06/28 00:53:50 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\Play iWin Games.lnk

[2012/06/28 00:41:10 | 000,031,470 | ---- | C] () -- C:\Users\Mom\AppData\Local\funmoods.crx

[2012/06/27 23:20:51 | 000,001,672 | ---- | C] () -- C:\Users\Mom\Desktop\More Great Games.lnk

[2012/06/27 19:18:30 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\Play Twistingo.lnk

[2012/06/27 19:18:30 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk

[2012/06/27 19:14:43 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk

[2012/06/27 19:14:43 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk

[2012/06/19 00:09:39 | 000,011,264 | ---- | C] () -- C:\Users\Mom\Documents\Inventory Stock Pile.xlr

[2012/06/14 03:23:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2012/06/10 18:19:24 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2012/06/10 18:19:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2012/06/10 18:19:24 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2012/06/10 18:19:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2012/06/10 18:19:24 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2012/06/10 18:19:24 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2012/06/10 18:19:24 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2012/06/10 18:19:24 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2012/06/10 18:19:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2012/06/10 18:19:24 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2012/06/10 18:19:24 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2012/06/10 18:19:24 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2012/06/10 18:19:24 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2012/06/10 18:19:24 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2012/06/10 18:19:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2012/06/10 18:19:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2012/05/23 15:30:31 | 000,000,849 | ---- | C] () -- C:\Users\Mom\AppData\Local\recently-used.xbel

[2012/04/28 14:12:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012/04/19 12:43:19 | 000,143,053 | ---- | C] () -- C:\Windows\hpwins28.dat

[2012/04/19 12:43:19 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat

[2012/01/11 10:03:04 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\@

[2012/01/11 10:03:04 | 000,002,048 | -HS- | C] () -- C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\@

[2012/01/07 10:04:35 | 000,000,468 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat

[2011/12/23 15:57:51 | 000,040,448 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/21 22:36:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/12/21 22:36:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/12/21 20:33:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/12/21 20:29:32 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011/12/21 19:38:24 | 000,000,680 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/04/07 15:01:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\.minecraft

[2012/04/07 15:02:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\.techniclauncher

[2012/02/23 00:13:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon

[2012/06/14 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Catalina Marketing Corp

[2012/06/13 13:01:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Epson

[2012/07/10 16:06:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ludia

[2012/07/10 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oberon Media

[2012/06/27 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenCandy

[2012/03/22 12:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org

[2011/12/21 19:51:12 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Snapfish

[2012/01/07 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Template

[2012/06/27 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TuneUp Software

[2012/06/28 10:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\uTorrent

[2011/12/31 18:36:25 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Windows Live Writer

[2012/05/23 15:21:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Zoner

[2012/07/17 10:12:00 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\CandyUpdater.job

[2012/07/16 19:46:00 | 000,029,330 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:0A5F8BFC

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6D0014ED

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D8A3B0BC

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:98FA5A7D

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A82AE908

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:920AA345

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4F636E25

< End of report >

Extras.txt

OTL Extras logfile created on: 7/17/2012 11:30:34 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mom\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 77.93% Memory free

6.97 Gb Paging File | 6.04 Gb Available in Paging File | 86.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 456.43 Gb Total Space | 327.75 Gb Free Space | 71.81% Space Free | Partition Type: NTFS

Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

Drive E: | 365.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallDisableNotify" = 0

"FirewallOverride" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1923051437-1680192623-1398719538-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2A8F9255-F4AB-4a37-8F39-7C6E15B5158B}" = 4500G510nz_web

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{843BD817-4551-451C-AB7A-EF113BF9C036}" = 4500_G510nz_Help_Web

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F27CFD16-939A-4232-98CD-180898D14713}" = HP Officejet 4500 G510n-z

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"115189690" = Hell's Kitchen

"738b4da498c556ee8023a1f8690f9604" = Super Collapse! Puzzle Gallery

"Academy of Magic" = GameHouse Games Collection: Academy of Magic

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Aloha TriPeaks" = GameHouse Games Collection: Aloha TriPeaks

"am-supercollapse3" = Super Collapse! 3

"am-supergrannyr6" = Super Granny® 6

"Ancient Tri-Jong" = GameHouse Games Collection: Ancient Tri-Jong

"Atlantis" = GameHouse Games Collection: Atlantis

"Bewitched" = GameHouse Games Collection: Bewitched

"BFGC" = Big Fish Games: Game Manager

"BFG-Twistingo" = Twistingo

"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0

"Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked

"Chicktionary" = GameHouse Games Collection: Chicktionary

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"Cooking Academy 3 - Recipe for Success_is1" = Cooking Academy 3 - Recipe for Success

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall

"EPSON Scanner" = EPSON Scan

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Five Card Deluxe" = GameHouse Games Collection: Five Card Deluxe

"Flying Leo" = GameHouse Games Collection: Flying Leo

"Fortune Tiles Gold" = GameHouse Games Collection: Fortune Tiles Gold

"Fresco Wizard" = GameHouse Games Collection: Fresco Wizard

"GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku

"GIMP-2_is1" = GIMP 2.8.0

"Granny in Paradise" = GameHouse Games Collection: Granny in Paradise

"Invadazoid" = GameHouse Games Collection: Invadazoid

"iWinArcade" = iWin Games (remove only)

"Magic Ball 2" = GameHouse Games Collection: Magic Ball 2

"Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"Phlinx To Go" = GameHouse Games Collection: Phlinx To Go

"Picasa 3" = Picasa 3

"Reader's Digest Super Word Power" = GameHouse Games Collection: Reader's Digest Super Word Power

"Roller Rush" = GameHouse Games Collection: Roller Rush

"Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo

"Sandlot Games Client Services_is1" = Sandlot Games Client Services

"SelectRebatesUninstall" = ShopAtHome.com Toolbar

"Super Collapse Puzzle Gallery 2_is1" = Super Collapse Puzzle Gallery 2

"Super Granny 61.0" = Super Granny 6

"Tradewinds 2" = GameHouse Games Collection: Tradewinds 2

"Tropical Swaps" = GameHouse Games Collection: Tropical Swaps

"Turbo Pizza_is1" = Turbo Pizza

"uTorrent" = µTorrent

"Vivitar Experience Image Manager" = Vivitar Experience Image Manager

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)

"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14 FREE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1923051437-1680192623-1398719538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{6A2EF989-A524-48bf-985F-9D076B334980}" = ArcadeCandy

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/10/2012 6:46:59 PM | Computer Name = Mom-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 98c Start Time: 01cd5eed9da35e90 Termination Time: 47

Error - 7/10/2012 8:48:37 PM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/11/2012 1:51:44 AM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/13/2012 10:27:21 AM | Computer Name = Mom-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp

0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,

exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x116c, application

start time 0x01cd60ebb43f78a0.

Error - 7/15/2012 10:26:55 AM | Computer Name = Mom-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp

0x4fb57c8f, faulting module escortEng.dll_unloaded, version 0.0.0.0, time stamp

0x4f940fca, exception code 0xc0000005, fault offset 0x6ceda950, process id 0x1b48,

application start time 0x01cd6295d48aae80.

Error - 7/15/2012 10:38:17 AM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/15/2012 10:53:46 AM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/15/2012 11:12:46 AM | Computer Name = Mom-PC | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp

0x47918b89, faulting module AcroPDF.dll, version 8.1.0.0, time stamp 0x46440c98,

exception code 0xc0000005, fault offset 0x000140d6, process id 0xad8, application

start time 0x01cd629b83ea539b.

Error - 7/15/2012 11:24:13 AM | Computer Name = Mom-PC | Source = EventSystem | ID = 4609

Description =

Error - 7/15/2012 11:25:16 AM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 12/22/2011 2:45:39 AM | Computer Name = Mom-PC | Source = DCOM | ID = 10005

Description =

Error - 12/22/2011 2:45:39 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 12/22/2011 2:45:39 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 12/24/2011 12:48:14 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 12/29/2011 6:09:04 AM | Computer Name = Mom-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.2 for the Network Card with network

address 0016449408F5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 1/1/2012 9:10:46 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 1/1/2012 9:43:46 PM | Computer Name = Mom-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.2 for the Network Card with network

address 0016449408F5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 1/3/2012 5:53:33 PM | Computer Name = Mom-PC | Source = nvstor32 | ID = 262149

Description = A parity error was detected on \Device\RaidPort0.

Error - 1/4/2012 3:26:02 PM | Computer Name = Mom-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.2 for the Network Card with network

address 0016449408F5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 1/7/2012 8:43:43 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

ShopAtHome.com Toolbar

µTorrent

ArcadeCandy

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S00518^us&si=CNHXn9u8-a0CFQ9-hwod1h8fZg&ptb=77A47DA0-5790-4ADF-9EA1-AFA6351C14B0&psa=&ind=2012013023&st=sb&n=77ece1df&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{EDD05138-7477-4583-AAB6-DEF4E0326B92}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S00518^us&si=CNHXn9u8-a0CFQ9-hwod1h8fZg&ptb=77A47DA0-5790-4ADF-9EA1-AFA6351C14B0&psa=&ind=2012013023&st=sb&n=77ece1df&searchfor={searchTerms}
    IE - HKU\S-1-5-21-1923051437-1680192623-1398719538-1000\..\SearchScopes\{EDD05138-7477-4583-AAB6-DEF4E0326B92}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\Mom\AppData\Local\ArcadeCandy\games@acandy.com [2012/07/10 15:53:39 | 000,000,000 | ---D | M]
    [2012/06/04 23:01:57 | 000,000,000 | ---D | M] (Coupon Alert) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\2pffxtbr@CouponAlert_2p.com
    [2012/01/30 21:57:45 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\64ffxtbr@TelevisionFanatic.com
    [2012/06/28 02:02:16 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com
    [2012/04/22 15:11:26 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\toolbar@shopathome.com
    [2012/07/10 15:53:39 | 000,000,000 | ---D | M] (ArcadeCandy Games) -- C:\USERS\MOM\APPDATA\LOCAL\ARCADECANDY\GAMES@ACANDY.COM
    CHR - Extension: Funmoods = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\
    CHR - Extension: ArcadeCandy Games = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\
    O2 - BHO: (ArcadeCandy Games) - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Mom\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
    O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
    [2012/07/10 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy
    [2012/07/10 15:53:38 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\ArcadeCandy
    [2012/06/28 00:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
    [2012/06/28 00:41:09 | 000,031,470 | ---- | M] () -- C:\Users\Mom\AppData\Local\funmoods.crx
    [2012/07/16 19:47:31 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\00000008.@
    [2012/07/16 19:47:19 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000000.@
    [2012/07/16 19:47:18 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\00000004.@
    [2012/07/16 19:47:18 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\000000cb.@
    [2012/07/15 07:30:33 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000032.@
    [2012/07/15 07:30:33 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\L\00000004.@
    [2012/01/11 10:03:04 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\@
    [2012/01/11 10:03:04 | 000,002,048 | -HS- | C] () -- C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\@
    [2012/06/28 10:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\uTorrent

    :files
    C:\Program Files\SelectRebates
    C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}
    C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

OTL Fix log

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDD05138-7477-4583-AAB6-DEF4E0326B92}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDD05138-7477-4583-AAB6-DEF4E0326B92}\ not found.

Registry key HKEY_USERS\S-1-5-21-1923051437-1680192623-1398719538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.

Registry key HKEY_USERS\S-1-5-21-1923051437-1680192623-1398719538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EDD05138-7477-4583-AAB6-DEF4E0326B92}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDD05138-7477-4583-AAB6-DEF4E0326B92}\ not found.

File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\Mom\AppData\Local\ArcadeCandy\games@acandy.com not found.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\2pffxtbr@CouponAlert_2p.com\chrome folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\2pffxtbr@CouponAlert_2p.com folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\64ffxtbr@TelevisionFanatic.com folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.

C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\ffxtlbr@funmoods.com folder moved successfully.

Folder C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\2brm5a4l.default\extensions\toolbar@shopathome.com\ not found.

Folder C:\USERS\MOM\APPDATA\LOCAL\ARCADECANDY\GAMES@ACANDY.COM\ not found.

C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\style folder moved successfully.

C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\js folder moved successfully.

C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\img folder moved successfully.

C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0 folder moved successfully.

File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0 not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}\ not found.

File C:\Users\Mom\AppData\Local\ArcadeCandy\candyEX.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.

File C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ not found.

File C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates not found.

File C:\Program Files\SelectRebates\SelectRebates.exe not found.

Folder C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy\ not found.

Folder C:\Users\Mom\AppData\Local\ArcadeCandy\ not found.

C:\Program Files\Funmoods\1.5.23.22\bh folder moved successfully.

C:\Program Files\Funmoods\1.5.23.22 folder moved successfully.

C:\Program Files\Funmoods folder moved successfully.

C:\Users\Mom\AppData\Local\funmoods.crx moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\00000008.@ moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000000.@ moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\00000004.@ moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\000000cb.@ moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000032.@ moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\L\00000004.@ moved successfully.

C:\WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\@ moved successfully.

C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\@ moved successfully.

Folder C:\Users\Mom\AppData\Roaming\uTorrent\ not found.

========== FILES ==========

File\Folder C:\Program Files\SelectRebates not found.

C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U folder moved successfully.

C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\L folder moved successfully.

C:\Users\Mom\AppData\Local\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af} folder moved successfully.

C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U folder moved successfully.

C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Mom\Desktop\cmd.bat deleted successfully.

C:\Users\Mom\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mom

->Temp folder emptied: 463467887 bytes

->Temporary Internet Files folder emptied: 306339663 bytes

->Java cache emptied: 2680561 bytes

->FireFox cache emptied: 107775875 bytes

->Google Chrome cache emptied: 6876450 bytes

->Flash cache emptied: 8301731 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 106611009 bytes

RecycleBin emptied: 96143907 bytes

Total Files Cleaned = 1,047.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07182012_203927

Files\Folders moved on Reboot...

C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U folder moved successfully.

C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af} folder moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af} not found!

Registry entries deleted on Reboot...

MBAM Didn't detect the 2 rootkit infections this time, here is its log.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Mom :: MOM-PC [administrator]

7/18/2012 8:51:49 PM

mbam-log-2012-07-18 (20-51-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 175243

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.

(end)

Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

After running combofix it gets to the blue screen where it says

"Scanning for infected files ...

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double"

And seems to hang at that point. The cursor below those lines is still blinking, but it has been over an hour now with no difference.

I've left it running and am posting this from another PC.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESET log.txt

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d6b8d7eff1e35a44a05b4dd3391ef39b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-21 02:27:25

# local_time=2012-07-20 07:27:25 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776573 100 100 0 179440615 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=178190

# found=4

# cleaned=2

# scan_time=4557

C:\WINDOWS\System32\services.exe Win32/Sirefef.FB.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\07182012_203927\C_WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07182012_203927\C_WINDOWS\Installer\{b8a0b0ca-2629-b27e-251f-5dc2a57ed3af}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} a variant of Win32/Sirefef.EZ trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Now when I run combofix it reports there is a rootkit in the TCP/IP stack, I click ok, then another box comes up saying a rootkit was found and this may take a while, click ok again, then the same result as before. Just to see I let it run overnight and when I woke up the computer had recovered from a Blue Screen crash.

Link to post
Share on other sites

Try this in Normal mode:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

01:42:58.0369 3568 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

01:42:59.0165 3568 ============================================================

01:42:59.0165 3568 Current date / time: 2012/07/29 01:42:59.0165

01:42:59.0165 3568 SystemInfo:

01:42:59.0165 3568

01:42:59.0165 3568 OS Version: 6.0.6002 ServicePack: 2.0

01:42:59.0165 3568 Product type: Workstation

01:42:59.0165 3568 ComputerName: MOM-PC

01:42:59.0165 3568 UserName: Mom

01:42:59.0165 3568 Windows directory: C:\Windows

01:42:59.0165 3568 System windows directory: C:\Windows

01:42:59.0165 3568 Processor architecture: Intel x86

01:42:59.0165 3568 Number of processors: 2

01:42:59.0165 3568 Page size: 0x1000

01:42:59.0165 3568 Boot type: Normal boot

01:42:59.0165 3568 ============================================================

01:42:59.0492 3568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

01:42:59.0492 3568 ============================================================

01:42:59.0492 3568 \Device\Harddisk0\DR0:

01:42:59.0492 3568 MBR partitions:

01:42:59.0492 3568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x390DB9C0

01:42:59.0492 3568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x390DB9FF, BlocksNum 0x12A9242

01:42:59.0492 3568 ============================================================

01:42:59.0508 3568 C: <-> \Device\Harddisk0\DR0\Partition0

01:42:59.0555 3568 D: <-> \Device\Harddisk0\DR0\Partition1

01:42:59.0555 3568 ============================================================

01:42:59.0555 3568 Initialize success

01:42:59.0555 3568 ============================================================

01:43:05.0280 3996 ============================================================

01:43:05.0280 3996 Scan started

01:43:05.0280 3996 Mode: Manual; SigCheck; TDLFS;

01:43:05.0280 3996 ============================================================

01:43:05.0623 3996 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

01:43:05.0732 3996 ACPI - ok

01:43:05.0842 3996 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

01:43:05.0857 3996 AdobeFlashPlayerUpdateSvc - ok

01:43:05.0920 3996 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

01:43:05.0966 3996 adp94xx - ok

01:43:05.0998 3996 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

01:43:06.0013 3996 adpahci - ok

01:43:06.0013 3996 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

01:43:06.0029 3996 adpu160m - ok

01:43:06.0060 3996 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

01:43:06.0076 3996 adpu320 - ok

01:43:06.0122 3996 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

01:43:06.0138 3996 AeLookupSvc - ok

01:43:06.0185 3996 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

01:43:06.0200 3996 AFD - ok

01:43:06.0247 3996 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

01:43:06.0263 3996 agp440 - ok

01:43:06.0263 3996 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

01:43:06.0278 3996 aic78xx - ok

01:43:06.0294 3996 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

01:43:06.0310 3996 ALG - ok

01:43:06.0356 3996 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

01:43:06.0372 3996 aliide - ok

01:43:06.0388 3996 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

01:43:06.0388 3996 amdagp - ok

01:43:06.0403 3996 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

01:43:06.0403 3996 amdide - ok

01:43:06.0419 3996 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

01:43:06.0434 3996 AmdK7 - ok

01:43:06.0450 3996 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

01:43:06.0466 3996 AmdK8 - ok

01:43:06.0544 3996 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

01:43:06.0544 3996 Appinfo - ok

01:43:06.0590 3996 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

01:43:06.0590 3996 arc - ok

01:43:06.0622 3996 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

01:43:06.0637 3996 arcsas - ok

01:43:06.0653 3996 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

01:43:06.0668 3996 AsyncMac - ok

01:43:06.0684 3996 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

01:43:06.0700 3996 atapi - ok

01:43:06.0762 3996 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

01:43:06.0778 3996 AudioEndpointBuilder - ok

01:43:06.0793 3996 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

01:43:06.0809 3996 Audiosrv - ok

01:43:06.0840 3996 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

01:43:06.0871 3996 Beep - ok

01:43:06.0934 3996 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

01:43:06.0965 3996 BFE - ok

01:43:07.0027 3996 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

01:43:07.0043 3996 BITS - ok

01:43:07.0636 3996 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

01:43:07.0651 3996 blbdrive - ok

01:43:07.0698 3996 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

01:43:07.0714 3996 bowser - ok

01:43:07.0776 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

01:43:07.0792 3996 BrFiltLo - ok

01:43:07.0792 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

01:43:07.0823 3996 BrFiltUp - ok

01:43:08.0665 3996 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

01:43:08.0728 3996 Browser - ok

01:43:08.0774 3996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

01:43:08.0868 3996 Brserid - ok

01:43:08.0930 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

01:43:08.0993 3996 BrSerWdm - ok

01:43:09.0024 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

01:43:09.0071 3996 BrUsbMdm - ok

01:43:09.0258 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

01:43:09.0336 3996 BrUsbSer - ok

01:43:09.0383 3996 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

01:43:09.0414 3996 BTHMODEM - ok

01:43:09.0523 3996 catchme - ok

01:43:09.0586 3996 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

01:43:09.0601 3996 cdfs - ok

01:43:09.0648 3996 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

01:43:09.0664 3996 cdrom - ok

01:43:09.0929 3996 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

01:43:09.0944 3996 CertPropSvc - ok

01:43:10.0350 3996 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

01:43:10.0366 3996 circlass - ok

01:43:12.0690 3996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

01:43:12.0721 3996 CLFS - ok

01:43:13.0267 3996 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:43:13.0283 3996 clr_optimization_v2.0.50727_32 - ok

01:43:13.0361 3996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

01:43:13.0392 3996 clr_optimization_v4.0.30319_32 - ok

01:43:13.0486 3996 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

01:43:13.0501 3996 cmdide - ok

01:43:13.0813 3996 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

01:43:13.0829 3996 Compbatt - ok

01:43:13.0844 3996 COMSysApp - ok

01:43:13.0907 3996 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

01:43:13.0938 3996 crcdisk - ok

01:43:14.0297 3996 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

01:43:14.0344 3996 Crusoe - ok

01:43:14.0406 3996 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

01:43:14.0422 3996 CryptSvc - ok

01:43:16.0808 3996 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

01:43:16.0871 3996 DcomLaunch - ok

01:43:17.0713 3996 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

01:43:17.0744 3996 DfsC - ok

01:43:22.0814 3996 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

01:43:22.0908 3996 DFSR - ok

01:43:23.0002 3996 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

01:43:23.0017 3996 Dhcp - ok

01:43:23.0064 3996 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

01:43:23.0064 3996 disk - ok

01:43:23.0095 3996 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

01:43:23.0111 3996 Dnscache - ok

01:43:24.0905 3996 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

01:43:24.0936 3996 dot3svc - ok

01:43:24.0998 3996 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

01:43:25.0061 3996 DPS - ok

01:43:25.0108 3996 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

01:43:25.0139 3996 drmkaud - ok

01:43:25.0279 3996 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

01:43:25.0310 3996 DXGKrnl - ok

01:43:25.0342 3996 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

01:43:25.0373 3996 E1G60 - ok

01:43:25.0404 3996 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

01:43:25.0435 3996 EapHost - ok

01:43:25.0466 3996 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

01:43:25.0482 3996 Ecache - ok

01:43:26.0948 3996 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

01:43:26.0980 3996 ehRecvr - ok

01:43:27.0822 3996 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

01:43:27.0853 3996 ehSched - ok

01:43:27.0869 3996 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

01:43:27.0884 3996 ehstart - ok

01:43:27.0962 3996 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

01:43:28.0009 3996 elxstor - ok

01:43:28.0820 3996 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

01:43:28.0867 3996 EMDMgmt - ok

01:43:28.0961 3996 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

01:43:28.0961 3996 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

01:43:28.0961 3996 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

01:43:29.0008 3996 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

01:43:29.0054 3996 ErrDev - ok

01:43:29.0179 3996 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

01:43:29.0195 3996 EventSystem - ok

01:43:29.0242 3996 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

01:43:29.0257 3996 exfat - ok

01:43:29.0273 3996 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

01:43:29.0304 3996 fastfat - ok

01:43:29.0366 3996 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

01:43:29.0382 3996 fdc - ok

01:43:29.0600 3996 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

01:43:29.0647 3996 fdPHost - ok

01:43:29.0819 3996 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

01:43:29.0912 3996 FDResPub - ok

01:43:29.0944 3996 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

01:43:29.0975 3996 FileInfo - ok

01:43:29.0990 3996 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

01:43:30.0022 3996 Filetrace - ok

01:43:30.0084 3996 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

01:43:30.0115 3996 flpydisk - ok

01:43:30.0880 3996 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

01:43:30.0911 3996 FltMgr - ok

01:43:31.0004 3996 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

01:43:31.0051 3996 FontCache - ok

01:43:31.0114 3996 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

01:43:31.0129 3996 FontCache3.0.0.0 - ok

01:43:31.0145 3996 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

01:43:31.0176 3996 Fs_Rec - ok

01:43:31.0192 3996 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

01:43:31.0207 3996 gagp30kx - ok

01:43:31.0254 3996 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

01:43:31.0285 3996 gpsvc - ok

01:43:31.0363 3996 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

01:43:31.0379 3996 gusvc - ok

01:43:31.0410 3996 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

01:43:31.0441 3996 HDAudBus - ok

01:43:31.0472 3996 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

01:43:31.0519 3996 HidBth - ok

01:43:31.0535 3996 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

01:43:31.0582 3996 HidIr - ok

01:43:31.0628 3996 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

01:43:31.0644 3996 hidserv - ok

01:43:31.0660 3996 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

01:43:31.0675 3996 HidUsb - ok

01:43:31.0691 3996 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

01:43:31.0722 3996 hkmsvc - ok

01:43:31.0784 3996 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

01:43:31.0784 3996 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning

01:43:31.0784 3996 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)

01:43:31.0800 3996 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

01:43:31.0816 3996 HpCISSs - ok

01:43:31.0987 3996 HPSLPSVC (7f437a78c5b0105b67b830d00ad719f8) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

01:43:32.0018 3996 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

01:43:32.0018 3996 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

01:43:32.0112 3996 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys

01:43:32.0159 3996 HSF_DP - ok

01:43:32.0190 3996 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

01:43:32.0206 3996 HSXHWBS2 - ok

01:43:32.0237 3996 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

01:43:32.0252 3996 HTTP - ok

01:43:32.0299 3996 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

01:43:32.0315 3996 i2omp - ok

01:43:32.0346 3996 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

01:43:32.0362 3996 i8042prt - ok

01:43:32.0393 3996 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

01:43:32.0408 3996 iaStorV - ok

01:43:32.0486 3996 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

01:43:32.0518 3996 idsvc - ok

01:43:32.0533 3996 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

01:43:32.0549 3996 iirsp - ok

01:43:32.0580 3996 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

01:43:32.0611 3996 IKEEXT - ok

01:43:32.0720 3996 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys

01:43:32.0752 3996 IntcAzAudAddService - ok

01:43:32.0845 3996 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

01:43:32.0861 3996 intelide - ok

01:43:32.0908 3996 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

01:43:32.0923 3996 intelppm - ok

01:43:32.0954 3996 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

01:43:32.0970 3996 IPBusEnum - ok

01:43:32.0986 3996 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:43:33.0001 3996 IpFilterDriver - ok

01:43:33.0048 3996 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

01:43:33.0064 3996 iphlpsvc - ok

01:43:33.0064 3996 IpInIp - ok

01:43:33.0079 3996 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

01:43:33.0095 3996 IPMIDRV - ok

01:43:33.0110 3996 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

01:43:33.0126 3996 IPNAT - ok

01:43:33.0142 3996 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

01:43:33.0157 3996 IRENUM - ok

01:43:33.0173 3996 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

01:43:33.0188 3996 isapnp - ok

01:43:33.0235 3996 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

01:43:33.0235 3996 iScsiPrt - ok

01:43:33.0251 3996 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

01:43:33.0266 3996 iteatapi - ok

01:43:33.0282 3996 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

01:43:33.0298 3996 iteraid - ok

01:43:33.0329 3996 iWinTrusted (fe1a970e7ce330bb844e333c374c6599) C:\Program Files\iWin Games\iWinTrusted.exe

01:43:33.0344 3996 iWinTrusted - ok

01:43:33.0360 3996 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

01:43:33.0376 3996 kbdclass - ok

01:43:33.0391 3996 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

01:43:33.0407 3996 kbdhid - ok

01:43:33.0438 3996 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

01:43:33.0438 3996 KeyIso - ok

01:43:33.0485 3996 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys

01:43:33.0500 3996 KSecDD - ok

01:43:33.0532 3996 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

01:43:33.0563 3996 KtmRm - ok

01:43:33.0594 3996 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

01:43:33.0610 3996 LanmanServer - ok

01:43:33.0641 3996 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

01:43:33.0656 3996 LanmanWorkstation - ok

01:43:33.0734 3996 LightScribeService (9039717a906da0ae38420918801d9ab3) c:\Program Files\Common Files\LightScribe\LSSrvc.exe

01:43:33.0734 3996 LightScribeService - ok

01:43:33.0766 3996 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

01:43:33.0781 3996 lltdio - ok

01:43:33.0812 3996 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

01:43:33.0844 3996 lltdsvc - ok

01:43:33.0859 3996 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

01:43:33.0906 3996 lmhosts - ok

01:43:33.0922 3996 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

01:43:33.0937 3996 LSI_FC - ok

01:43:33.0953 3996 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

01:43:33.0953 3996 LSI_SAS - ok

01:43:33.0984 3996 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

01:43:34.0000 3996 LSI_SCSI - ok

01:43:34.0015 3996 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

01:43:34.0046 3996 luafv - ok

01:43:34.0062 3996 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

01:43:34.0062 3996 Mcx2Svc - ok

01:43:34.0093 3996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

01:43:34.0093 3996 mdmxsdk - ok

01:43:34.0124 3996 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

01:43:34.0140 3996 megasas - ok

01:43:34.0156 3996 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

01:43:34.0171 3996 MegaSR - ok

01:43:34.0187 3996 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

01:43:34.0218 3996 MMCSS - ok

01:43:34.0234 3996 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

01:43:34.0249 3996 Modem - ok

01:43:34.0265 3996 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

01:43:34.0296 3996 monitor - ok

01:43:34.0296 3996 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

01:43:34.0296 3996 mouclass - ok

01:43:34.0312 3996 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

01:43:34.0327 3996 mouhid - ok

01:43:34.0343 3996 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

01:43:34.0343 3996 MountMgr - ok

01:43:34.0390 3996 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

01:43:34.0405 3996 MozillaMaintenance - ok

01:43:34.0436 3996 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

01:43:34.0436 3996 mpio - ok

01:43:34.0452 3996 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

01:43:34.0468 3996 mpsdrv - ok

01:43:34.0499 3996 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

01:43:34.0499 3996 Mraid35x - ok

01:43:34.0514 3996 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

01:43:34.0530 3996 MRxDAV - ok

01:43:34.0546 3996 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

01:43:34.0561 3996 mrxsmb - ok

01:43:34.0577 3996 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:43:34.0577 3996 mrxsmb10 - ok

01:43:34.0592 3996 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:43:34.0592 3996 mrxsmb20 - ok

01:43:34.0608 3996 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

01:43:34.0624 3996 msahci - ok

01:43:34.0624 3996 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

01:43:34.0639 3996 msdsm - ok

01:43:34.0655 3996 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

01:43:34.0686 3996 MSDTC - ok

01:43:34.0702 3996 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

01:43:34.0733 3996 Msfs - ok

01:43:34.0733 3996 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

01:43:34.0733 3996 msisadrv - ok

01:43:34.0764 3996 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

01:43:34.0780 3996 MSiSCSI - ok

01:43:34.0795 3996 msiserver - ok

01:43:34.0795 3996 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

01:43:34.0826 3996 MSKSSRV - ok

01:43:34.0858 3996 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

01:43:34.0873 3996 MSPCLOCK - ok

01:43:34.0904 3996 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

01:43:34.0920 3996 MSPQM - ok

01:43:34.0951 3996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

01:43:34.0951 3996 MsRPC - ok

01:43:34.0967 3996 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

01:43:34.0982 3996 mssmbios - ok

01:43:34.0982 3996 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

01:43:35.0014 3996 MSTEE - ok

01:43:35.0170 3996 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

01:43:35.0185 3996 Mup - ok

01:43:35.0248 3996 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

01:43:35.0279 3996 napagent - ok

01:43:35.0326 3996 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

01:43:35.0326 3996 NativeWifiP - ok

01:43:35.0357 3996 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

01:43:35.0372 3996 NDIS - ok

01:43:35.0404 3996 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

01:43:35.0419 3996 NdisTapi - ok

01:43:35.0435 3996 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

01:43:35.0450 3996 Ndisuio - ok

01:43:35.0482 3996 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

01:43:35.0497 3996 NdisWan - ok

01:43:35.0513 3996 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

01:43:35.0528 3996 NDProxy - ok

01:43:35.0606 3996 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll

01:43:35.0606 3996 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

01:43:35.0606 3996 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

01:43:35.0622 3996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

01:43:35.0638 3996 NetBIOS - ok

01:43:35.0653 3996 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

01:43:35.0669 3996 Netlogon - ok

01:43:35.0700 3996 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

01:43:35.0716 3996 Netman - ok

01:43:35.0731 3996 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

01:43:35.0762 3996 netprofm - ok

01:43:35.0809 3996 netr73 (847b64e9069946556bcfcdce638566d8) C:\Windows\system32\DRIVERS\netr73.sys

01:43:35.0825 3996 netr73 - ok

01:43:35.0903 3996 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

01:43:35.0918 3996 NetTcpPortSharing - ok

01:43:35.0934 3996 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

01:43:35.0950 3996 nfrd960 - ok

01:43:35.0965 3996 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

01:43:35.0981 3996 NlaSvc - ok

01:43:36.0012 3996 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

01:43:36.0028 3996 Npfs - ok

01:43:36.0043 3996 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

01:43:36.0074 3996 nsi - ok

01:43:36.0090 3996 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

01:43:36.0106 3996 nsiproxy - ok

01:43:36.0168 3996 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

01:43:36.0199 3996 Ntfs - ok

01:43:36.0230 3996 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

01:43:36.0277 3996 ntrigdigi - ok

01:43:36.0293 3996 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

01:43:36.0324 3996 Null - ok

01:43:36.0386 3996 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

01:43:36.0433 3996 NVENETFD - ok

01:43:36.0745 3996 nvlddmkm (1924b437d113e909abb7f11623884d77) C:\Windows\system32\DRIVERS\nvlddmkm.sys

01:43:36.0901 3996 nvlddmkm - ok

01:43:37.0010 3996 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

01:43:37.0026 3996 nvraid - ok

01:43:37.0042 3996 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys

01:43:37.0057 3996 nvrd32 - ok

01:43:37.0073 3996 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys

01:43:37.0088 3996 nvsmu - ok

01:43:37.0104 3996 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

01:43:37.0120 3996 nvstor - ok

01:43:37.0135 3996 nvstor32 (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\DRIVERS\nvstor32.sys

01:43:37.0151 3996 nvstor32 - ok

01:43:37.0166 3996 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

01:43:37.0182 3996 nv_agp - ok

01:43:37.0182 3996 NwlnkFlt - ok

01:43:37.0198 3996 NwlnkFwd - ok

01:43:37.0213 3996 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

01:43:37.0244 3996 ohci1394 - ok

01:43:37.0276 3996 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

01:43:37.0307 3996 p2pimsvc - ok

01:43:37.0322 3996 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

01:43:37.0338 3996 p2psvc - ok

01:43:37.0369 3996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

01:43:37.0400 3996 Parport - ok

01:43:37.0432 3996 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

01:43:37.0432 3996 partmgr - ok

01:43:37.0447 3996 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

01:43:37.0478 3996 Parvdm - ok

01:43:37.0510 3996 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

01:43:37.0525 3996 PcaSvc - ok

01:43:37.0541 3996 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

01:43:37.0556 3996 pci - ok

01:43:37.0588 3996 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

01:43:37.0588 3996 pciide - ok

01:43:37.0603 3996 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

01:43:37.0619 3996 pcmcia - ok

01:43:37.0666 3996 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

01:43:37.0759 3996 PEAUTH - ok

01:43:37.0884 3996 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE

01:43:37.0884 3996 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning

01:43:37.0884 3996 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)

01:43:37.0962 3996 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

01:43:38.0009 3996 pla - ok

01:43:38.0102 3996 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

01:43:38.0118 3996 PlugPlay - ok

01:43:38.0196 3996 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll

01:43:38.0196 3996 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

01:43:38.0196 3996 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

01:43:38.0243 3996 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

01:43:38.0274 3996 PNRPAutoReg - ok

01:43:38.0274 3996 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

01:43:38.0290 3996 PNRPsvc - ok

01:43:38.0336 3996 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

01:43:38.0368 3996 PolicyAgent - ok

01:43:38.0399 3996 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

01:43:38.0430 3996 PptpMiniport - ok

01:43:38.0446 3996 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

01:43:38.0461 3996 Processor - ok

01:43:38.0492 3996 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

01:43:38.0508 3996 ProfSvc - ok

01:43:38.0524 3996 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

01:43:38.0539 3996 ProtectedStorage - ok

01:43:38.0555 3996 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys

01:43:38.0570 3996 Ps2 - ok

01:43:38.0586 3996 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

01:43:38.0602 3996 PSched - ok

01:43:38.0633 3996 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

01:43:38.0633 3996 PxHelp20 - ok

01:43:38.0695 3996 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

01:43:38.0726 3996 ql2300 - ok

01:43:38.0773 3996 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

01:43:38.0789 3996 ql40xx - ok

01:43:38.0820 3996 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

01:43:38.0836 3996 QWAVE - ok

01:43:38.0851 3996 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

01:43:38.0867 3996 QWAVEdrv - ok

01:43:38.0867 3996 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

01:43:38.0898 3996 RasAcd - ok

01:43:38.0914 3996 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

01:43:38.0929 3996 RasAuto - ok

01:43:38.0945 3996 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

01:43:38.0976 3996 Rasl2tp - ok

01:43:39.0007 3996 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

01:43:39.0023 3996 RasMan - ok

01:43:39.0054 3996 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

01:43:39.0070 3996 RasPppoe - ok

01:43:39.0070 3996 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

01:43:39.0085 3996 RasSstp - ok

01:43:39.0101 3996 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

01:43:39.0116 3996 rdbss - ok

01:43:39.0132 3996 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

01:43:39.0148 3996 RDPCDD - ok

01:43:39.0179 3996 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

01:43:39.0194 3996 rdpdr - ok

01:43:39.0194 3996 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

01:43:39.0210 3996 RDPENCDD - ok

01:43:39.0241 3996 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

01:43:39.0257 3996 RDPWD - ok

01:43:39.0272 3996 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

01:43:39.0288 3996 RemoteAccess - ok

01:43:39.0304 3996 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

01:43:39.0319 3996 RemoteRegistry - ok

01:43:39.0350 3996 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

01:43:39.0350 3996 RpcLocator - ok

01:43:39.0382 3996 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

01:43:39.0413 3996 RpcSs - ok

01:43:39.0428 3996 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

01:43:39.0460 3996 rspndr - ok

01:43:39.0460 3996 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

01:43:39.0475 3996 SamSs - ok

01:43:39.0491 3996 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

01:43:39.0491 3996 sbp2port - ok

01:43:39.0522 3996 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

01:43:39.0538 3996 SCardSvr - ok

01:43:39.0584 3996 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

01:43:39.0600 3996 Schedule - ok

01:43:39.0631 3996 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

01:43:39.0647 3996 SCPolicySvc - ok

01:43:39.0662 3996 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

01:43:39.0678 3996 SDRSVC - ok

01:43:39.0694 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

01:43:39.0725 3996 secdrv - ok

01:43:39.0740 3996 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

01:43:39.0756 3996 seclogon - ok

01:43:39.0772 3996 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

01:43:39.0787 3996 SENS - ok

01:43:39.0803 3996 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

01:43:39.0850 3996 Serenum - ok

01:43:39.0850 3996 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

01:43:39.0896 3996 Serial - ok

01:43:39.0912 3996 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

01:43:39.0928 3996 sermouse - ok

01:43:39.0943 3996 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

01:43:39.0959 3996 SessionEnv - ok

01:43:39.0974 3996 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

01:43:39.0990 3996 sffdisk - ok

01:43:39.0990 3996 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

01:43:40.0021 3996 sffp_mmc - ok

01:43:40.0021 3996 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

01:43:40.0037 3996 sffp_sd - ok

01:43:40.0052 3996 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

01:43:40.0084 3996 sfloppy - ok

01:43:40.0115 3996 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

01:43:40.0130 3996 ShellHWDetection - ok

01:43:40.0146 3996 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

01:43:40.0146 3996 sisagp - ok

01:43:40.0162 3996 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

01:43:40.0177 3996 SiSRaid2 - ok

01:43:40.0193 3996 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

01:43:40.0193 3996 SiSRaid4 - ok

01:43:40.0302 3996 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

01:43:40.0380 3996 slsvc - ok

01:43:40.0458 3996 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

01:43:40.0489 3996 SLUINotify - ok

01:43:40.0520 3996 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

01:43:40.0520 3996 Smb - ok

01:43:40.0552 3996 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

01:43:40.0567 3996 SNMPTRAP - ok

01:43:40.0583 3996 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

01:43:40.0598 3996 spldr - ok

01:43:40.0614 3996 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

01:43:40.0630 3996 Spooler - ok

01:43:40.0661 3996 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

01:43:40.0676 3996 srv - ok

01:43:40.0692 3996 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

01:43:40.0708 3996 srv2 - ok

01:43:40.0723 3996 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

01:43:40.0723 3996 srvnet - ok

01:43:40.0739 3996 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

01:43:40.0770 3996 SSDPSRV - ok

01:43:40.0801 3996 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

01:43:40.0817 3996 SstpSvc - ok

01:43:40.0879 3996 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

01:43:40.0895 3996 StillCam - ok

01:43:40.0942 3996 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

01:43:40.0957 3996 stisvc - ok

01:43:41.0004 3996 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

01:43:41.0004 3996 swenum - ok

01:43:41.0035 3996 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

01:43:41.0051 3996 swprv - ok

01:43:41.0066 3996 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

01:43:41.0082 3996 Symc8xx - ok

01:43:41.0082 3996 SymIM - ok

01:43:41.0082 3996 SymIMMP - ok

01:43:41.0098 3996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

01:43:41.0113 3996 Sym_hi - ok

01:43:41.0129 3996 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

01:43:41.0144 3996 Sym_u3 - ok

01:43:41.0176 3996 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

01:43:41.0207 3996 SysMain - ok

01:43:41.0254 3996 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

01:43:41.0254 3996 TabletInputService - ok

01:43:41.0300 3996 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

01:43:41.0316 3996 TapiSrv - ok

01:43:41.0332 3996 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

01:43:41.0363 3996 TBS - ok

01:43:41.0410 3996 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

01:43:41.0425 3996 Tcpip - ok

01:43:41.0441 3996 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

01:43:41.0472 3996 Tcpip6 - ok

01:43:41.0519 3996 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

01:43:41.0519 3996 tcpipreg - ok

01:43:41.0550 3996 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

01:43:41.0566 3996 TDPIPE - ok

01:43:41.0581 3996 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

01:43:41.0597 3996 TDTCP - ok

01:43:41.0612 3996 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

01:43:41.0628 3996 tdx - ok

01:43:41.0644 3996 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

01:43:41.0659 3996 TermDD - ok

01:43:41.0690 3996 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

01:43:41.0753 3996 TermService - ok

01:43:41.0784 3996 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

01:43:41.0800 3996 Themes - ok

01:43:41.0846 3996 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

01:43:41.0878 3996 THREADORDER - ok

01:43:41.0893 3996 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

01:43:41.0909 3996 TrkWks - ok

01:43:41.0940 3996 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

01:43:41.0956 3996 TrustedInstaller - ok

01:43:41.0987 3996 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

01:43:42.0002 3996 tssecsrv - ok

01:43:42.0034 3996 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

01:43:42.0049 3996 tunmp - ok

01:43:42.0049 3996 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

01:43:42.0065 3996 tunnel - ok

01:43:42.0080 3996 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

01:43:42.0080 3996 uagp35 - ok

01:43:42.0112 3996 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

01:43:42.0127 3996 udfs - ok

01:43:42.0143 3996 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

01:43:42.0158 3996 UI0Detect - ok

01:43:42.0174 3996 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

01:43:42.0190 3996 uliagpkx - ok

01:43:42.0205 3996 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

01:43:42.0205 3996 uliahci - ok

01:43:42.0221 3996 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

01:43:42.0221 3996 UlSata - ok

01:43:42.0236 3996 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

01:43:42.0252 3996 ulsata2 - ok

01:43:42.0252 3996 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

01:43:42.0283 3996 umbus - ok

01:43:42.0299 3996 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

01:43:42.0330 3996 upnphost - ok

01:43:42.0346 3996 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

01:43:42.0361 3996 usbccgp - ok

01:43:42.0377 3996 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

01:43:42.0408 3996 usbcir - ok

01:43:42.0439 3996 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

01:43:42.0455 3996 usbehci - ok

01:43:42.0470 3996 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

01:43:42.0486 3996 usbhub - ok

01:43:42.0502 3996 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

01:43:42.0517 3996 usbohci - ok

01:43:42.0517 3996 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

01:43:42.0564 3996 usbprint - ok

01:43:42.0580 3996 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

01:43:42.0595 3996 usbscan - ok

01:43:42.0611 3996 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

01:43:42.0626 3996 USBSTOR - ok

01:43:42.0658 3996 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

01:43:42.0673 3996 usbuhci - ok

01:43:42.0689 3996 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

01:43:42.0704 3996 UxSms - ok

01:43:42.0736 3996 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

01:43:42.0751 3996 vds - ok

01:43:42.0767 3996 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

01:43:42.0798 3996 vga - ok

01:43:42.0798 3996 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

01:43:42.0829 3996 VgaSave - ok

01:43:42.0845 3996 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

01:43:42.0845 3996 viaagp - ok

01:43:42.0845 3996 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

01:43:42.0876 3996 ViaC7 - ok

01:43:42.0892 3996 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

01:43:42.0892 3996 viaide - ok

01:43:42.0907 3996 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

01:43:42.0923 3996 volmgr - ok

01:43:42.0938 3996 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

01:43:42.0954 3996 volmgrx - ok

01:43:42.0970 3996 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

01:43:42.0985 3996 volsnap - ok

01:43:43.0016 3996 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

01:43:43.0032 3996 vsmraid - ok

01:43:43.0079 3996 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

01:43:43.0110 3996 VSS - ok

01:43:43.0141 3996 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

01:43:43.0157 3996 W32Time - ok

01:43:43.0204 3996 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

01:43:43.0250 3996 WacomPen - ok

01:43:43.0266 3996 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

01:43:43.0282 3996 Wanarp - ok

01:43:43.0282 3996 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

01:43:43.0297 3996 Wanarpv6 - ok

01:43:43.0328 3996 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

01:43:43.0344 3996 wcncsvc - ok

01:43:43.0391 3996 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

01:43:43.0406 3996 WcsPlugInService - ok

01:43:43.0422 3996 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

01:43:43.0438 3996 Wd - ok

01:43:43.0453 3996 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

01:43:43.0484 3996 Wdf01000 - ok

01:43:43.0484 3996 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

01:43:43.0516 3996 WdiServiceHost - ok

01:43:43.0516 3996 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

01:43:43.0547 3996 WdiSystemHost - ok

01:43:43.0562 3996 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

01:43:43.0578 3996 WebClient - ok

01:43:43.0609 3996 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

01:43:43.0609 3996 Wecsvc - ok

01:43:43.0625 3996 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

01:43:43.0640 3996 wercplsupport - ok

01:43:43.0687 3996 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

01:43:43.0703 3996 WerSvc - ok

01:43:43.0734 3996 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

01:43:43.0750 3996 winachsf - ok

01:43:43.0843 3996 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

01:43:43.0843 3996 WinDefend - ok

01:43:43.0859 3996 WinHttpAutoProxySvc - ok

01:43:43.0890 3996 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

01:43:43.0906 3996 Winmgmt - ok

01:43:43.0968 3996 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

01:43:43.0984 3996 WinRM - ok

01:43:44.0062 3996 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

01:43:44.0077 3996 Wlansvc - ok

01:43:44.0202 3996 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

01:43:44.0249 3996 wlidsvc - ok

01:43:44.0358 3996 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

01:43:44.0374 3996 WmiAcpi - ok

01:43:44.0420 3996 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

01:43:44.0436 3996 wmiApSrv - ok

01:43:44.0514 3996 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

01:43:44.0530 3996 WMPNetworkSvc - ok

01:43:44.0576 3996 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

01:43:44.0592 3996 WPCSvc - ok

01:43:44.0608 3996 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

01:43:44.0623 3996 WPDBusEnum - ok

01:43:44.0670 3996 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

01:43:44.0686 3996 WpdUsb - ok

01:43:44.0748 3996 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

01:43:44.0779 3996 WPFFontCache_v0400 - ok

01:43:44.0810 3996 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

01:43:44.0842 3996 ws2ifsl - ok

01:43:44.0857 3996 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

01:43:44.0873 3996 wscsvc - ok

01:43:44.0873 3996 WSearch - ok

01:43:44.0951 3996 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

01:43:45.0013 3996 wuauserv - ok

01:43:45.0107 3996 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

01:43:45.0122 3996 WUDFRd - ok

01:43:45.0154 3996 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

01:43:45.0169 3996 wudfsvc - ok

01:43:45.0216 3996 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

01:43:45.0216 3996 XAudio - ok

01:43:45.0247 3996 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

01:43:45.0263 3996 XAudioService - ok

01:43:45.0278 3996 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0

01:43:45.0497 3996 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

01:43:45.0497 3996 \Device\Harddisk0\DR0 - detected TDSS File System (1)

01:43:45.0497 3996 Boot (0x1200) (df5958d5613715bb8f32d407c88a3c72) \Device\Harddisk0\DR0\Partition0

01:43:45.0497 3996 \Device\Harddisk0\DR0\Partition0 - ok

01:43:45.0497 3996 Boot (0x1200) (2e0010abfccb10b9bfc8cc87621ac071) \Device\Harddisk0\DR0\Partition1

01:43:45.0497 3996 \Device\Harddisk0\DR0\Partition1 - ok

01:43:45.0512 3996 ============================================================

01:43:45.0512 3996 Scan finished

01:43:45.0512 3996 ============================================================

01:43:45.0528 3088 Detected object count: 7

01:43:45.0528 3088 Actual detected object count: 7

01:43:47.0852 3088 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

01:43:47.0852 3088 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:43:47.0868 3088 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user

01:43:47.0868 3088 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:43:47.0868 3088 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

01:43:47.0868 3088 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:43:47.0884 3088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

01:43:47.0884 3088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:43:47.0884 3088 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user

01:43:47.0884 3088 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:43:47.0884 3088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

01:43:47.0884 3088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:43:47.0884 3088 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

01:43:47.0884 3088 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

01:43:51.0659 1464 Deinitialize success

Link to post
Share on other sites

Please run TDSSKiller and use Delete option for this entry:

01:43:47.0884 3088 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

01:43:47.0884 3088 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Next, delete your ComboFix copy and try to run it again.

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-03 09:25:05

-----------------------------

09:25:05.103 OS Version: Windows 6.0.6002 Service Pack 2

09:25:05.103 Number of processors: 2 586 0x6B02

09:25:05.105 ComputerName: MOM-PC UserName: Mom

09:25:27.279 Initialize success

09:25:39.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052

09:25:39.005 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6

09:25:39.017 Disk 0 MBR read successfully

09:25:39.022 Disk 0 MBR scan

09:25:39.028 Disk 0 unknown MBR code

09:25:39.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467383 MB offset 63

09:25:39.071 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

09:25:39.088 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9554 MB offset 957200895

09:25:39.099 Disk 0 scanning sectors +976773152

09:25:39.158 Disk 0 scanning C:\Windows\system32\drivers

09:25:43.100 Service scanning

09:25:53.537 Modules scanning

09:25:58.136 Disk 0 trace - called modules:

09:25:58.172 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

09:25:58.177 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857ad1c8]

09:25:58.182 3 CLASSPNP.SYS[807338b3] -> nt!IofCallDriver -> [0x851b9a38]

09:25:58.187 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000052[0x85606c90]

09:25:58.193 Scan finished successfully

09:35:59.010 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

09:35:59.021 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-03 09:25:05

-----------------------------

09:25:05.103 OS Version: Windows 6.0.6002 Service Pack 2

09:25:05.103 Number of processors: 2 586 0x6B02

09:25:05.105 ComputerName: MOM-PC UserName: Mom

09:25:27.279 Initialize success

09:25:39.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052

09:25:39.005 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6

09:25:39.017 Disk 0 MBR read successfully

09:25:39.022 Disk 0 MBR scan

09:25:39.028 Disk 0 unknown MBR code

09:25:39.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467383 MB offset 63

09:25:39.071 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

09:25:39.088 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9554 MB offset 957200895

09:25:39.099 Disk 0 scanning sectors +976773152

09:25:39.158 Disk 0 scanning C:\Windows\system32\drivers

09:25:43.100 Service scanning

09:25:53.537 Modules scanning

09:25:58.136 Disk 0 trace - called modules:

09:25:58.172 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

09:25:58.177 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857ad1c8]

09:25:58.182 3 CLASSPNP.SYS[807338b3] -> nt!IofCallDriver -> [0x851b9a38]

09:25:58.187 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000052[0x85606c90]

09:25:58.193 Scan finished successfully

09:35:59.010 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

09:35:59.021 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-04 12:54:52

-----------------------------

12:54:52.693 OS Version: Windows 6.0.6002 Service Pack 2

12:54:52.694 Number of processors: 2 586 0x6B02

12:54:52.694 ComputerName: MOM-PC UserName: Mom

12:54:53.951 Initialize success

12:54:59.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052

12:54:59.080 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6

12:54:59.098 Disk 0 MBR read successfully

12:54:59.103 Disk 0 MBR scan

12:54:59.110 Disk 0 unknown MBR code

12:54:59.117 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467383 MB offset 63

12:54:59.152 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

12:54:59.169 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9554 MB offset 957200895

12:54:59.180 Disk 0 scanning sectors +976773152

12:54:59.239 Disk 0 scanning C:\Windows\system32\drivers

12:55:03.698 Service scanning

12:55:13.955 Modules scanning

12:55:18.560 Disk 0 trace - called modules:

12:55:18.594 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

12:55:18.600 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857ad1c8]

12:55:18.607 3 CLASSPNP.SYS[807338b3] -> nt!IofCallDriver -> [0x851b9a38]

12:55:18.613 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000052[0x85606c90]

12:55:18.619 Scan finished successfully

12:55:28.496 Verifying

12:55:38.510 Disk 0 Windows 600 MBR fixed successfully

12:55:43.703 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

12:55:43.710 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.