NYMan85

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About NYMan85

  • Rank
    Newbie
  1. Here are the contents of the ComboFix log: ComboFix 11-11-12.04 - mike 11/12/2011 18:44:46.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.2041 [GMT -5:00] Running from: c:\users\mike\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Internet Explorer\8488 c:\program files\Internet Explorer\8488\6AB.exe c:\program files\Internet Explorer\lvvm.exe c:\program files\LP c:\program files\LP\3D78\6AB.exe c:\program files\LP\776C\E33.exe c:\program files\LP\8488\24ED.tmp c:\program files\LP\8488\6AB.exe c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\users\mike\AppData\Roaming\AcROiehelpe.dll c:\users\mike\AppData\Roaming\AcroIEHelpe.txt c:\users\mike\AppData\Roaming\firefox.exe c:\users\mike\AppData\Roaming\haaQQH6ssW7fE9g c:\users\mike\AppData\Roaming\haaQQH6ssW7fE9g\Guard Online .ico c:\users\mike\AppData\Roaming\java.exe c:\users\mike\AppData\Roaming\Microsoft\3D78\6AB.exe c:\users\mike\AppData\Roaming\Microsoft\776C\E33.exe c:\users\mike\AppData\Roaming\Microsoft\B940.tmp c:\users\mike\AppData\Roaming\srvblck2.tmp c:\windows\$NtUninstallKB1511$ c:\windows\$NtUninstallKB1511$\1808343062 c:\windows\$NtUninstallKB1511$\583981270\@ c:\windows\$NtUninstallKB1511$\583981270\bckfg.tmp c:\windows\$NtUninstallKB1511$\583981270\cfg.ini c:\windows\$NtUninstallKB1511$\583981270\Desktop.ini c:\windows\$NtUninstallKB1511$\583981270\keywords c:\windows\$NtUninstallKB1511$\583981270\kwrd.dll c:\windows\$NtUninstallKB1511$\583981270\L\qnbwvoto c:\windows\$NtUninstallKB1511$\583981270\lsflt7.ver c:\windows\$NtUninstallKB1511$\583981270\U\[email protected] c:\windows\$NtUninstallKB1511$\583981270\U\[email protected] c:\windows\$NtUninstallKB1511$\583981270\U\[email protected] c:\windows\$NtUninstallKB1511$\583981270\U\[email protected] c:\windows\$NtUninstallKB1511$\583981270\U\[email protected] c:\windows\$NtUninstallKB1511$\583981270\U\[email protected] c:\windows\Tasks\At1.job c:\windows\Tasks\At2.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_22ced8d6 . . ((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 ))))))))))))))))))))))))))))))) . . 2011-11-12 23:55 . 2011-11-12 23:56 -------- d-----w- c:\users\mike\AppData\Local\temp 2011-11-12 23:55 . 2011-11-12 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-09 17:36 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-11-09 17:36 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 17:36 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-04 15:58 . 2011-11-04 15:58 100352 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\776C\46B5.tmp 2011-11-04 15:58 . 2011-11-12 22:12 -------- d-----w- c:\users\mike\AppData\Roaming\6ABCE 2011-11-04 15:57 . 2011-11-12 22:12 -------- d-----w- c:\users\mike\AppData\Roaming\C2D6A 2011-10-27 13:11 . 2011-10-27 13:11 145 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\gb_91276.bat 2011-10-23 13:34 . 2011-10-23 13:34 283136 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\1143.exe 2011-10-23 11:32 . 2011-10-23 11:32 283136 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\2D28.exe 2011-10-23 09:29 . 2011-10-23 09:29 282112 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\4B3F.exe 2011-10-23 07:27 . 2011-10-23 07:27 283136 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\6773.exe 2011-10-23 05:25 . 2011-10-23 05:25 280576 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\84A0.exe 2011-10-23 03:23 . 2011-10-23 03:23 280576 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\9FF9.exe 2011-10-21 18:22 . 2011-10-21 18:22 -------- d-----w- c:\users\mike\AppData\Local\ElevatedDiagnostics 2011-10-21 17:59 . 2011-10-21 18:00 -------- d-----w- c:\users\mike\AppData\Roaming\HpUpdate 2011-10-21 17:59 . 2011-10-21 17:59 -------- d-----w- c:\windows\Hewlett-Packard 2011-10-18 18:47 . 2011-10-18 18:47 103936 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\FEF6.tmp 2011-10-16 03:09 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-16 02:52 . 2011-10-16 02:52 -------- d-----w- c:\users\mike\AppData\Local\VS Revo Group 2011-10-16 02:52 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-10-16 02:52 . 2011-10-16 02:52 -------- d-----w- c:\program files\VS Revo Group 2011-10-16 02:35 . 2011-10-16 03:08 -------- d-----w- c:\program files\Lavasoft 2011-10-16 00:38 . 2011-10-16 00:38 -------- d-----w- c:\users\mike\AppData\Local\Sunbelt Software 2011-10-16 00:18 . 2011-10-16 00:18 -------- d-----w- c:\program files\Common Files\iS3 2011-10-16 00:18 . 2011-10-16 01:11 -------- d-----w- c:\programdata\STOPzilla! 2011-10-16 00:12 . 2011-10-16 00:13 -------- d-----w- c:\program files\Common Files\Adobe 2011-10-15 23:43 . 2011-10-15 23:44 -------- d-----w- c:\program files\7FADC 2011-10-15 23:40 . 2011-10-15 23:40 -------- d-----w- c:\users\mike\AppData\Roaming\AxA0ucS2iDpG 2011-10-15 23:30 . 2011-10-15 23:30 -------- d-----w- c:\programdata\Hitman Pro 2011-10-15 23:29 . 2011-10-15 23:29 -------- d-----w- c:\users\mike\AppData\Roaming\SUPERAntiSpyware.com 2011-10-15 23:28 . 2011-10-16 01:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-15 23:28 . 2011-10-15 23:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-10-15 23:22 . 2011-10-15 23:22 -------- d-----w- c:\program files\Synaptics 2011-10-15 23:14 . 2011-10-15 23:19 -------- d-----w- c:\users\mike\AppData\Roaming\kZqqhhYXwkU 2011-10-15 23:14 . 2011-10-15 23:14 -------- d-----w- c:\users\mike\AppData\Roaming\mLLL9hhTXq 2011-10-15 23:07 . 2011-10-16 02:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-15 23:06 . 2011-10-15 23:06 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes 2011-10-15 23:06 . 2011-10-15 23:06 -------- d-----w- c:\programdata\Malwarebytes 2011-10-15 22:43 . 2011-10-15 22:48 -------- d-----w- c:\users\mike\AppData\Roaming\yLLL99gTXqj 2011-10-15 22:43 . 2011-10-15 22:43 -------- d-----w- c:\users\mike\AppData\Roaming\WOONNyxA0 2011-10-15 21:55 . 2011-10-15 22:01 -------- d-----w- c:\users\mike\AppData\Roaming\i0yyccA1iv 2011-10-15 21:55 . 2011-10-15 21:55 -------- d-----w- c:\users\mike\AppData\Roaming\KhhhYXXwkUVlOtz 2011-10-14 17:50 . 2011-10-14 17:55 -------- d-----w- c:\users\mike\AppData\Roaming\iL99ggTXqjYCkIr 2011-10-14 17:50 . 2011-10-14 17:50 -------- d-----w- c:\users\mike\AppData\Roaming\PHH66dWWK7f 2011-10-14 17:42 . 2011-10-14 17:47 -------- d-----w- c:\users\mike\AppData\Roaming\RLLL88gRZqhYwk 2011-10-14 17:42 . 2011-10-14 17:42 -------- d-----w- c:\users\mike\AppData\Roaming\icSS11ivD3on4aH . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-04 15:57 . 2011-10-11 16:49 285696 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\6AB.exe 2011-10-30 21:59 . 2011-06-12 22:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys 2011-09-06 13:30 . 2011-10-12 22:22 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-08-25 16:15 . 2011-10-12 22:22 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-08-25 16:14 . 2011-10-12 22:22 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-25 16:14 . 2011-10-12 22:22 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-08-25 13:31 . 2011-10-12 22:22 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-22 16:18 . 2011-06-12 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-10-11 16:55 . 2011-10-11 16:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-12 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-10-11 30192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ B1.bat [2008-8-21 140] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Splash.lnk - c:\windows\System32\sysprep\splash.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk backup=c:\windows\pss\Kodak software updater.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-06-19 14:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-06-12 00:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-214129433-4023598644-1636040247-1000] "EnableNotificationsRef"=dword:00000004 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 135664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-23 2151640] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-10-11 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 135664] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960] S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 02:01] . 2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 02:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP uInternet Settings,ProxyServer = http=127.0.0.1:58283 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\zzbttbx6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 58283 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-6AB.exe - c:\users\mike\AppData\Roaming\Microsoft\3D78\6AB.exe HKCU-Run-E33.exe - c:\users\mike\AppData\Roaming\Microsoft\776C\E33.exe HKLM-Run-6AB.exe - c:\program files\LP\3D78\6AB.exe HKLM-Run-E33.exe - c:\program files\LP\776C\E33.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL SafeBoot-08950020.sys MSConfigStartUp-6AB - c:\program files\Internet Explorer\8488\6AB.exe MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSConfigStartUp-xEEEL88gTZhYCkV8234A - c:\windows\system32\RccSS1iib3onGaH.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-11-12 18:58 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\3604532770:3710986025.exe 784 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\TODDSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2011-11-12 19:01:46 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-13 00:01 . Pre-Run: 231,206,158,336 bytes free Post-Run: 231,030,071,296 bytes free . - - End Of File - - 393DBD6FAACB1FD8FF5BFB32B1B77D8F
  2. Sorry for not replying until now. I was able to do the aforementioned steps. When I rebooted, the "Use a proxy server" was still checked under IE options, but that's probably normal as this PC is infected pretty badly. Here are following logs: TDSSKiller.2.6.14.0_30.10.2011_17.57.39_log.txt a17:57:39.0203 1896 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 17:57:39.0343 1896 ============================================================ 17:57:39.0343 1896 Current date / time: 2011/10/30 17:57:39.0343 17:57:39.0343 1896 SystemInfo: 17:57:39.0343 1896 17:57:39.0343 1896 OS Version: 6.0.6002 ServicePack: 2.0 17:57:39.0343 1896 Product type: Workstation 17:57:39.0343 1896 ComputerName: MIKE-PC 17:57:39.0343 1896 UserName: mike 17:57:39.0343 1896 Windows directory: C:\Windows 17:57:39.0343 1896 System windows directory: C:\Windows 17:57:39.0343 1896 Processor architecture: Intel x86 17:57:39.0343 1896 Number of processors: 2 17:57:39.0343 1896 Page size: 0x1000 17:57:39.0343 1896 Boot type: Safe boot with network 17:57:39.0343 1896 ============================================================ 17:57:40.0607 1896 Initialize success 17:57:41.0964 2284 ============================================================ 17:57:41.0964 2284 Scan started 17:57:41.0964 2284 Mode: Manual; 17:57:41.0964 2284 ============================================================ 17:57:43.0165 2284 22ced8d6 (704947e61adb812445496fb4660d59f2) C:\Windows\3604532770:3710986025.exe 17:57:43.0165 2284 Suspicious file (Hidden): C:\Windows\3604532770:3710986025.exe. md5: 704947e61adb812445496fb4660d59f2 17:57:43.0165 2284 22ced8d6 ( Rootkit.Win32.PMax.gen ) - infected 17:57:43.0165 2284 22ced8d6 - detected Rootkit.Win32.PMax.gen (0) 17:57:43.0243 2284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 17:57:43.0259 2284 ACPI - ok 17:57:43.0306 2284 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 17:57:43.0321 2284 adp94xx - ok 17:57:43.0337 2284 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 17:57:43.0353 2284 adpahci - ok 17:57:43.0384 2284 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 17:57:43.0384 2284 adpu160m - ok 17:57:43.0399 2284 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 17:57:43.0415 2284 adpu320 - ok 17:57:43.0462 2284 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 17:57:43.0462 2284 AFD - ok 17:57:43.0509 2284 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys 17:57:43.0540 2284 AgereSoftModem - ok 17:57:43.0571 2284 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 17:57:43.0571 2284 agp440 - ok 17:57:43.0602 2284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 17:57:43.0602 2284 aic78xx - ok 17:57:43.0618 2284 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 17:57:43.0618 2284 aliide - ok 17:57:43.0649 2284 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 17:57:43.0649 2284 amdagp - ok 17:57:43.0665 2284 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 17:57:43.0665 2284 amdide - ok 17:57:43.0696 2284 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 17:57:43.0696 2284 AmdK7 - ok 17:57:43.0711 2284 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 17:57:43.0711 2284 AmdK8 - ok 17:57:43.0758 2284 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 17:57:43.0758 2284 arc - ok 17:57:43.0774 2284 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 17:57:43.0774 2284 arcsas - ok 17:57:43.0805 2284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 17:57:43.0821 2284 AsyncMac - ok 17:57:43.0852 2284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 17:57:43.0852 2284 atapi - ok 17:57:43.0883 2284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 17:57:43.0883 2284 Beep - ok 17:57:43.0930 2284 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 17:57:43.0930 2284 blbdrive - ok 17:57:43.0961 2284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 17:57:43.0961 2284 bowser - ok 17:57:43.0977 2284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 17:57:43.0977 2284 BrFiltLo - ok 17:57:44.0008 2284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 17:57:44.0008 2284 BrFiltUp - ok 17:57:44.0023 2284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 17:57:44.0023 2284 Brserid - ok 17:57:44.0055 2284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 17:57:44.0055 2284 BrSerWdm - ok 17:57:44.0070 2284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 17:57:44.0070 2284 BrUsbMdm - ok 17:57:44.0086 2284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 17:57:44.0086 2284 BrUsbSer - ok 17:57:44.0117 2284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 17:57:44.0117 2284 BTHMODEM - ok 17:57:44.0148 2284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 17:57:44.0148 2284 cdfs - ok 17:57:44.0179 2284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 17:57:44.0195 2284 cdrom - ok 17:57:44.0211 2284 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 17:57:44.0211 2284 circlass - ok 17:57:44.0257 2284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 17:57:44.0257 2284 CLFS - ok 17:57:44.0320 2284 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 17:57:44.0320 2284 CmBatt - ok 17:57:44.0351 2284 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 17:57:44.0351 2284 cmdide - ok 17:57:44.0367 2284 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 17:57:44.0367 2284 Compbatt - ok 17:57:44.0398 2284 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 17:57:44.0398 2284 crcdisk - ok 17:57:44.0413 2284 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 17:57:44.0413 2284 Crusoe - ok 17:57:44.0476 2284 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 17:57:44.0476 2284 DfsC - ok 17:57:44.0538 2284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 17:57:44.0554 2284 disk - ok 17:57:44.0601 2284 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 17:57:44.0601 2284 Dot4 - ok 17:57:44.0616 2284 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 17:57:44.0616 2284 Dot4Print - ok 17:57:44.0663 2284 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 17:57:44.0663 2284 dot4usb - ok 17:57:44.0710 2284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 17:57:44.0710 2284 drmkaud - ok 17:57:44.0757 2284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 17:57:44.0788 2284 DXGKrnl - ok 17:57:44.0803 2284 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 17:57:44.0803 2284 E1G60 - ok 17:57:44.0866 2284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 17:57:44.0866 2284 Ecache - ok 17:57:44.0913 2284 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 17:57:44.0928 2284 elxstor - ok 17:57:44.0959 2284 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 17:57:44.0959 2284 ErrDev - ok 17:57:45.0022 2284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 17:57:45.0022 2284 exfat - ok 17:57:45.0069 2284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 17:57:45.0069 2284 fastfat - ok 17:57:45.0115 2284 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 17:57:45.0115 2284 fdc - ok 17:57:45.0147 2284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 17:57:45.0147 2284 FileInfo - ok 17:57:45.0162 2284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 17:57:45.0178 2284 Filetrace - ok 17:57:45.0193 2284 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 17:57:45.0193 2284 flpydisk - ok 17:57:45.0225 2284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 17:57:45.0225 2284 FltMgr - ok 17:57:45.0287 2284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 17:57:45.0287 2284 Fs_Rec - ok 17:57:45.0318 2284 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys 17:57:45.0318 2284 FwLnk - ok 17:57:45.0349 2284 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 17:57:45.0349 2284 gagp30kx - ok 17:57:45.0474 2284 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 17:57:45.0474 2284 HdAudAddService - ok 17:57:45.0537 2284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:57:45.0537 2284 HDAudBus - ok 17:57:45.0568 2284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 17:57:45.0568 2284 HidBth - ok 17:57:45.0599 2284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 17:57:45.0599 2284 HidIr - ok 17:57:45.0630 2284 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 17:57:45.0630 2284 HidUsb - ok 17:57:45.0646 2284 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 17:57:45.0661 2284 HpCISSs - ok 17:57:45.0724 2284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 17:57:45.0724 2284 HTTP - ok 17:57:45.0755 2284 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 17:57:45.0755 2284 i2omp - ok 17:57:45.0786 2284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 17:57:45.0786 2284 i8042prt - ok 17:57:45.0817 2284 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 17:57:45.0817 2284 iaStorV - ok 17:57:46.0067 2284 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys 17:57:46.0239 2284 igfx - ok 17:57:46.0254 2284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 17:57:46.0254 2284 iirsp - ok 17:57:46.0317 2284 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 17:57:46.0317 2284 intelide - ok 17:57:46.0348 2284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 17:57:46.0363 2284 intelppm - ok 17:57:46.0379 2284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:57:46.0379 2284 IpFilterDriver - ok 17:57:46.0395 2284 IpInIp - ok 17:57:46.0426 2284 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 17:57:46.0426 2284 IPMIDRV - ok 17:57:46.0457 2284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 17:57:46.0457 2284 IPNAT - ok 17:57:46.0473 2284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 17:57:46.0473 2284 IRENUM - ok 17:57:46.0504 2284 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 17:57:46.0504 2284 isapnp - ok 17:57:46.0535 2284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 17:57:46.0535 2284 iScsiPrt - ok 17:57:46.0566 2284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 17:57:46.0566 2284 iteatapi - ok 17:57:46.0582 2284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 17:57:46.0582 2284 iteraid - ok 17:57:46.0597 2284 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 17:57:46.0597 2284 kbdclass - ok 17:57:46.0629 2284 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 17:57:46.0629 2284 kbdhid - ok 17:57:46.0660 2284 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys 17:57:46.0660 2284 KR10I - ok 17:57:46.0691 2284 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys 17:57:46.0691 2284 KR10N - ok 17:57:46.0738 2284 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 17:57:46.0753 2284 KSecDD - ok 17:57:46.0831 2284 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 17:57:46.0831 2284 Lavasoft Kernexplorer - ok 17:57:46.0863 2284 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 17:57:46.0863 2284 Lbd - ok 17:57:46.0894 2284 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 17:57:46.0894 2284 lltdio - ok 17:57:46.0925 2284 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 17:57:46.0925 2284 LSI_FC - ok 17:57:46.0972 2284 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 17:57:46.0972 2284 LSI_SAS - ok 17:57:46.0987 2284 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 17:57:46.0987 2284 LSI_SCSI - ok 17:57:47.0019 2284 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 17:57:47.0019 2284 luafv - ok 17:57:47.0034 2284 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 17:57:47.0034 2284 megasas - ok 17:57:47.0081 2284 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 17:57:47.0081 2284 MegaSR - ok 17:57:47.0112 2284 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 17:57:47.0112 2284 Modem - ok 17:57:47.0143 2284 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 17:57:47.0143 2284 monitor - ok 17:57:47.0159 2284 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 17:57:47.0159 2284 mouclass - ok 17:57:47.0190 2284 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys 17:57:47.0190 2284 mouhid - ok 17:57:47.0206 2284 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 17:57:47.0206 2284 MountMgr - ok 17:57:47.0253 2284 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 17:57:47.0253 2284 mpio - ok 17:57:47.0284 2284 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 17:57:47.0284 2284 mpsdrv - ok 17:57:47.0299 2284 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 17:57:47.0299 2284 Mraid35x - ok 17:57:47.0346 2284 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 17:57:47.0346 2284 MRxDAV - ok 17:57:47.0362 2284 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:57:47.0377 2284 mrxsmb - ok 17:57:47.0393 2284 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:57:47.0409 2284 mrxsmb10 - ok 17:57:47.0424 2284 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:57:47.0424 2284 mrxsmb20 - ok 17:57:47.0455 2284 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 17:57:47.0455 2284 msahci - ok 17:57:47.0487 2284 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 17:57:47.0487 2284 msdsm - ok 17:57:47.0518 2284 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 17:57:47.0518 2284 Msfs - ok 17:57:47.0580 2284 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 17:57:47.0580 2284 msisadrv - ok 17:57:47.0611 2284 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 17:57:47.0611 2284 MSKSSRV - ok 17:57:47.0627 2284 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 17:57:47.0643 2284 MSPCLOCK - ok 17:57:47.0643 2284 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 17:57:47.0643 2284 MSPQM - ok 17:57:47.0674 2284 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 17:57:47.0689 2284 MsRPC - ok 17:57:47.0705 2284 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 17:57:47.0705 2284 mssmbios - ok 17:57:47.0736 2284 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 17:57:47.0736 2284 MSTEE - ok 17:57:47.0752 2284 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 17:57:47.0752 2284 Mup - ok 17:57:47.0814 2284 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 17:57:47.0814 2284 NativeWifiP - ok 17:57:47.0861 2284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 17:57:47.0877 2284 NDIS - ok 17:57:47.0908 2284 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 17:57:47.0923 2284 NdisTapi - ok 17:57:47.0939 2284 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 17:57:47.0939 2284 Ndisuio - ok 17:57:47.0986 2284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:57:47.0986 2284 NdisWan - ok 17:57:48.0017 2284 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 17:57:48.0017 2284 NDProxy - ok 17:57:48.0033 2284 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 17:57:48.0033 2284 NetBIOS - ok 17:57:48.0064 2284 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 17:57:48.0064 2284 netbt - ok 17:57:48.0111 2284 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 17:57:48.0111 2284 nfrd960 - ok 17:57:48.0126 2284 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 17:57:48.0126 2284 Npfs - ok 17:57:48.0157 2284 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 17:57:48.0157 2284 nsiproxy - ok 17:57:48.0220 2284 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 17:57:48.0251 2284 Ntfs - ok 17:57:48.0282 2284 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 17:57:48.0282 2284 ntrigdigi - ok 17:57:48.0298 2284 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 17:57:48.0298 2284 Null - ok 17:57:48.0329 2284 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 17:57:48.0329 2284 nvraid - ok 17:57:48.0376 2284 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 17:57:48.0376 2284 nvstor - ok 17:57:48.0407 2284 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 17:57:48.0407 2284 nv_agp - ok 17:57:48.0407 2284 NwlnkFlt - ok 17:57:48.0423 2284 NwlnkFwd - ok 17:57:48.0485 2284 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 17:57:48.0485 2284 ohci1394 - ok 17:57:48.0516 2284 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 17:57:48.0516 2284 Parport - ok 17:57:48.0579 2284 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 17:57:48.0579 2284 partmgr - ok 17:57:48.0594 2284 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 17:57:48.0594 2284 Parvdm - ok 17:57:48.0625 2284 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 17:57:48.0625 2284 pci - ok 17:57:48.0672 2284 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 17:57:48.0672 2284 pciide - ok 17:57:48.0688 2284 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 17:57:48.0703 2284 pcmcia - ok 17:57:48.0735 2284 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 17:57:48.0766 2284 PEAUTH - ok 17:57:48.0828 2284 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 17:57:48.0828 2284 PptpMiniport - ok 17:57:48.0859 2284 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 17:57:48.0859 2284 Processor - ok 17:57:48.0891 2284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 17:57:48.0891 2284 PSched - ok 17:57:48.0922 2284 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\Windows\system32\Drivers\PxHelp20.sys 17:57:48.0922 2284 PxHelp20 - ok 17:57:48.0984 2284 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 17:57:49.0015 2284 ql2300 - ok 17:57:49.0047 2284 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 17:57:49.0047 2284 ql40xx - ok 17:57:49.0078 2284 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 17:57:49.0078 2284 QWAVEdrv - ok 17:57:49.0093 2284 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 17:57:49.0109 2284 RasAcd - ok 17:57:49.0125 2284 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:57:49.0125 2284 Rasl2tp - ok 17:57:49.0156 2284 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 17:57:49.0171 2284 RasPppoe - ok 17:57:49.0203 2284 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 17:57:49.0203 2284 RasSstp - ok 17:57:49.0249 2284 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 17:57:49.0249 2284 rdbss - ok 17:57:49.0265 2284 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:57:49.0265 2284 RDPCDD - ok 17:57:49.0312 2284 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 17:57:49.0312 2284 rdpdr - ok 17:57:49.0327 2284 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 17:57:49.0327 2284 RDPENCDD - ok 17:57:49.0343 2284 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 17:57:49.0359 2284 RDPWD - ok 17:57:49.0421 2284 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys 17:57:49.0421 2284 Revoflt - ok 17:57:49.0468 2284 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 17:57:49.0468 2284 rspndr - ok 17:57:49.0499 2284 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys 17:57:49.0499 2284 RTL8169 - ok 17:57:49.0546 2284 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys 17:57:49.0561 2284 RTL8187B - ok 17:57:49.0593 2284 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS 17:57:49.0593 2284 RTSTOR - ok 17:57:49.0624 2284 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 17:57:49.0624 2284 sbp2port - ok 17:57:49.0671 2284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:57:49.0671 2284 secdrv - ok 17:57:49.0717 2284 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 17:57:49.0717 2284 Serenum - ok 17:57:49.0733 2284 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 17:57:49.0749 2284 Serial - ok 17:57:49.0764 2284 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 17:57:49.0764 2284 sermouse - ok 17:57:49.0795 2284 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 17:57:49.0795 2284 sffdisk - ok 17:57:49.0811 2284 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 17:57:49.0827 2284 sffp_mmc - ok 17:57:49.0827 2284 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 17:57:49.0827 2284 sffp_sd - ok 17:57:49.0858 2284 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 17:57:49.0858 2284 sfloppy - ok 17:57:49.0889 2284 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 17:57:49.0889 2284 sisagp - ok 17:57:49.0905 2284 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 17:57:49.0905 2284 SiSRaid2 - ok 17:57:49.0936 2284 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 17:57:49.0936 2284 SiSRaid4 - ok 17:57:49.0983 2284 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 17:57:49.0983 2284 Smb - ok 17:57:50.0014 2284 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 17:57:50.0014 2284 spldr - ok 17:57:50.0061 2284 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 17:57:50.0061 2284 srv - ok 17:57:50.0092 2284 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 17:57:50.0092 2284 srv2 - ok 17:57:50.0123 2284 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 17:57:50.0123 2284 srvnet - ok 17:57:50.0154 2284 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 17:57:50.0154 2284 StillCam - ok 17:57:50.0201 2284 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 17:57:50.0217 2284 swenum - ok 17:57:50.0232 2284 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 17:57:50.0232 2284 Symc8xx - ok 17:57:50.0279 2284 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 17:57:50.0279 2284 Sym_hi - ok 17:57:50.0310 2284 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 17:57:50.0310 2284 Sym_u3 - ok 17:57:50.0373 2284 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys 17:57:50.0373 2284 SynTP - ok 17:57:50.0435 2284 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 17:57:50.0451 2284 Tcpip - ok 17:57:50.0482 2284 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 17:57:50.0482 2284 Tcpip6 - ok 17:57:50.0513 2284 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 17:57:50.0513 2284 tcpipreg - ok 17:57:50.0575 2284 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys 17:57:50.0575 2284 tdcmdpst - ok 17:57:50.0607 2284 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 17:57:50.0607 2284 TDPIPE - ok 17:57:50.0638 2284 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 17:57:50.0638 2284 TDTCP - ok 17:57:50.0669 2284 tdx (31396184b0e2d25a1f5fb38d88b89353) C:\Windows\system32\DRIVERS\tdx.sys 17:57:50.0669 2284 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 31396184b0e2d25a1f5fb38d88b89353, Fake md5: 76b06eb8a01fc8624d699e7045303e54 17:57:50.0669 2284 tdx ( Rootkit.Win32.ZAccess.j ) - infected 17:57:50.0669 2284 tdx - detected Rootkit.Win32.ZAccess.j (0) 17:57:50.0716 2284 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 17:57:50.0716 2284 TermDD - ok 17:57:50.0763 2284 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:57:50.0763 2284 tssecsrv - ok 17:57:50.0809 2284 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 17:57:50.0809 2284 tunmp - ok 17:57:50.0825 2284 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 17:57:50.0825 2284 tunnel - ok 17:57:50.0856 2284 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 17:57:50.0856 2284 TVALZ - ok 17:57:50.0872 2284 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 17:57:50.0872 2284 uagp35 - ok 17:57:50.0919 2284 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 17:57:50.0919 2284 udfs - ok 17:57:50.0965 2284 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 17:57:50.0965 2284 uliagpkx - ok 17:57:50.0997 2284 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 17:57:50.0997 2284 uliahci - ok 17:57:51.0012 2284 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 17:57:51.0012 2284 UlSata - ok 17:57:51.0028 2284 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 17:57:51.0043 2284 ulsata2 - ok 17:57:51.0090 2284 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 17:57:51.0090 2284 umbus - ok 17:57:51.0121 2284 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 17:57:51.0121 2284 usbccgp - ok 17:57:51.0137 2284 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 17:57:51.0137 2284 usbcir - ok 17:57:51.0184 2284 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 17:57:51.0184 2284 usbehci - ok 17:57:51.0215 2284 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 17:57:51.0215 2284 usbhub - ok 17:57:51.0231 2284 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 17:57:51.0246 2284 usbohci - ok 17:57:51.0277 2284 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 17:57:51.0277 2284 usbprint - ok 17:57:51.0324 2284 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 17:57:51.0324 2284 usbscan - ok 17:57:51.0340 2284 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:57:51.0340 2284 USBSTOR - ok 17:57:51.0371 2284 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 17:57:51.0371 2284 usbuhci - ok 17:57:51.0402 2284 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 17:57:51.0418 2284 usbvideo - ok 17:57:51.0449 2284 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 17:57:51.0449 2284 vga - ok 17:57:51.0496 2284 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 17:57:51.0496 2284 VgaSave - ok 17:57:51.0511 2284 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 17:57:51.0511 2284 viaagp - ok 17:57:51.0543 2284 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 17:57:51.0543 2284 ViaC7 - ok 17:57:51.0558 2284 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 17:57:51.0558 2284 viaide - ok 17:57:51.0605 2284 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 17:57:51.0605 2284 volmgr - ok 17:57:51.0636 2284 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 17:57:51.0636 2284 volmgrx - ok 17:57:51.0667 2284 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 17:57:51.0667 2284 volsnap - ok 17:57:51.0699 2284 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 17:57:51.0714 2284 vsmraid - ok 17:57:51.0745 2284 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 17:57:51.0745 2284 WacomPen - ok 17:57:51.0777 2284 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:57:51.0777 2284 Wanarp - ok 17:57:51.0777 2284 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:57:51.0792 2284 Wanarpv6 - ok 17:57:51.0808 2284 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 17:57:51.0808 2284 Wd - ok 17:57:51.0823 2284 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 17:57:51.0839 2284 Wdf01000 - ok 17:57:51.0901 2284 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 17:57:51.0901 2284 WmiAcpi - ok 17:57:51.0979 2284 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 17:57:51.0979 2284 WpdUsb - ok 17:57:51.0995 2284 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 17:57:51.0995 2284 ws2ifsl - ok 17:57:52.0057 2284 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:57:52.0073 2284 WUDFRd - ok 17:57:52.0104 2284 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 17:57:52.0120 2284 \Device\Harddisk0\DR0 - ok 17:57:52.0120 2284 Boot (0x1200) (77699da548a86b7872752bd0aeb85be0) \Device\Harddisk0\DR0\Partition0 17:57:52.0120 2284 \Device\Harddisk0\DR0\Partition0 - ok 17:57:52.0120 2284 ============================================================ 17:57:52.0120 2284 Scan finished 17:57:52.0120 2284 ============================================================ 17:57:52.0135 4200 Detected object count: 2 17:57:52.0135 4200 Actual detected object count: 2 17:58:43.0631 4200 22ced8d6 ( Rootkit.Win32.PMax.gen ) - skipped by user 17:58:43.0631 4200 22ced8d6 ( Rootkit.Win32.PMax.gen ) - User select action: Skip 17:58:43.0865 4200 Backup copy found, using it.. 17:58:43.0881 4200 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot 17:58:43.0881 4200 tdx ( Rootkit.Win32.ZAccess.j ) - User select action: Cure 17:59:26.0859 3232 Deinitialize success OTL.txt OTL logfile created on: 10/30/2011 6:04:23 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mike\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 68.91% Memory free 5.94 Gb Paging File | 5.13 Gb Available in Paging File | 86.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.38 Gb Total Space | 216.53 Gb Free Space | 74.82% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\mike\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe () PRC - C:\Users\mike\AppData\Roaming\Microsoft\8488\6AB.exe () PRC - C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe () PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe () MOD - C:\Users\mike\AppData\Roaming\Microsoft\8488\6AB.exe () MOD - C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe () MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe () SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.toshibadirect.com/dpdstart"]http://www.toshibadirect.com/dpdstart[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.toshibadirect.com/dpdstart"]http://www.toshibadirect.com/dpdstart[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.bing.com/?pc=Z030&form=ZGAPHP"]http://www.bing.com/?pc=Z030&form=ZGAPHP[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [url="http://www.toshibadirect.com/dpdstart"]http://www.toshibadirect.com/dpdstart[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "[url="http://www.google.com/ig"]http://www.google.com/ig[/url]" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 58202 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/14 22:09:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 12:18:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/14 22:09:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\mike\AppData\Roaming\5031 [2011/10/09 11:53:39 | 000,000,000 | ---D | M] [2011/06/11 21:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions [2011/10/15 20:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/06/15 11:56:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/10/15 20:05:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/09 11:53:39 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MIKE\APPDATA\ROAMING\5031 [2011/06/12 22:26:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/10/22 12:18:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/22 12:18:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml Hosts file not found O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [6AB.exe] C:\Program Files\LP\3D78\6AB.exe () O4 - HKCU..\Run: [6AB.exe] C:\Users\mike\AppData\Roaming\Microsoft\8488\6AB.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnceEx: [] File not found F3 - HKCU WinNT: Load - (C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe) -C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[/url] (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F46427-CBEE-4F58-A62C-1173D0C3809B}: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe) -C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe () O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/10/30 17:57:19 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\tdsskiller [2011/10/30 17:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011/10/21 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\ElevatedDiagnostics [2011/10/21 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\HpUpdate [2011/10/21 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2011/10/15 23:09:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011/10/15 23:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011/10/15 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\VS Revo Group [2011/10/15 22:52:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys [2011/10/15 22:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2011/10/15 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2011/10/15 22:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/10/15 20:58:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/10/15 20:38:16 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Sunbelt Software [2011/10/15 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3 [2011/10/15 20:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2011/10/15 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011/10/15 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011/10/15 20:05:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/10/15 20:05:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/10/15 20:05:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/10/15 19:53:12 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/10/15 19:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\7FADC [2011/10/15 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\haaQQH6ssW7fE9g [2011/10/15 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\AxA0ucS2iDpG [2011/10/15 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011/10/15 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com [2011/10/15 19:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/10/15 19:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/10/15 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2011/10/15 19:20:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/10/15 19:20:47 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/10/15 19:20:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/10/15 19:20:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/10/15 19:20:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/10/15 19:20:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/10/15 19:20:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/10/15 19:20:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/10/15 19:20:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/10/15 19:20:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/10/15 19:20:44 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/10/15 19:20:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/10/15 19:20:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/10/15 19:20:44 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/10/15 19:20:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/10/15 19:20:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/10/15 19:20:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/10/15 19:20:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/10/15 19:20:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/10/15 19:20:43 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/10/15 19:20:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/10/15 19:20:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/10/15 19:20:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/10/15 19:20:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/10/15 19:20:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/10/15 19:20:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/10/15 19:20:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/10/15 19:20:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/10/15 19:20:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/10/15 19:20:41 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/10/15 19:20:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/10/15 19:20:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/10/15 19:20:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/10/15 19:20:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/10/15 19:20:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/10/15 19:20:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/10/15 19:20:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/10/15 19:14:33 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\kZqqhhYXwkU [2011/10/15 19:14:31 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\mLLL9hhTXq [2011/10/15 19:07:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/10/15 19:06:21 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes [2011/10/15 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/10/15 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\yLLL99gTXqj [2011/10/15 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\WOONNyxA0 [2011/10/15 17:55:16 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\KhhhYXXwkUVlOtz [2011/10/15 17:55:16 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\i0yyccA1iv [2011/10/14 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\PHH66dWWK7f [2011/10/14 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\iL99ggTXqjYCkIr [2011/10/14 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\RLLL88gRZqhYwk [2011/10/14 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\icSS11ivD3on4aH [2011/10/13 09:47:27 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\ykkkUVVelOBzPy [2011/10/13 09:47:27 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\rAAA1iivD2on4pH [2011/10/13 09:13:48 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\QA00uuvS2ibF3n [2011/10/13 09:13:48 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\CXXqqjUUCeIBrON [2011/10/12 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\pXXXwjjUCelI [2011/10/12 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\dzzzPPNyxA1uS2b [2011/10/12 18:22:20 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011/10/12 18:22:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011/10/12 18:22:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011/10/12 18:22:09 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011/10/12 18:22:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011/10/12 18:22:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011/10/12 18:22:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/10/12 18:15:01 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\IIBBrrzONyxAuvi [2011/10/12 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\rK88ffRL9hTXjUe [2011/10/12 08:09:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Q4ppmmG5sQJ6dK [2011/10/12 08:09:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\nffRRZ9hTXwjUeI [2011/10/11 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\CgggRZZqhYXkUVl [2011/10/11 12:58:40 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\o5sssWJ7dEL [2011/10/11 12:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop [2011/10/11 12:51:22 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\7FADC [2011/10/11 12:50:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\rpmmGG5aQJ6dK8R [2011/10/11 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\FvvDD2obbFpmGsJ [2011/10/11 12:50:34 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\8BC7F [2011/10/10 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\CIIIVVrlONtx0uS [2011/10/10 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\c66ssWKK7fE9gZj [2011/10/09 11:53:43 | 000,277,456 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\mike\AppData\Roaming\AcroIEHelpe.dll [2011/10/09 11:53:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\5031 [2011/10/09 11:53:03 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\xmldm [2011/10/09 11:53:03 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\kock [2011/10/09 11:52:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/10/09 11:42:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\hnnGG5aaQ [2011/10/09 11:42:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\bdWWWK7fRL9gTq [2011/10/09 11:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\U888fRRZ9hTXjUe [2011/10/09 11:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\sBBBrzzPNyxAuv [2011/10/09 10:02:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\LdddEL8gRZq [2011/10/09 10:02:54 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SffEL8ggZqYCrOt [2011/10/08 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\xbFF33pmG5a [2011/10/08 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\uBBBrzzPNyxAuv2 [2011/10/08 17:46:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\skIIVVrlONtx0uS [2011/10/08 17:46:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\faaamHH6sWJ7ELg [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\mike\AppData\Roaming\*.tmp files -> C:\Users\mike\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/10/30 18:00:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/10/30 18:00:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/30 18:00:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011/10/30 18:00:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/30 18:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/30 17:59:59 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys [2011/10/30 17:56:58 | 001,545,436 | ---- | M] () -- C:\Users\mike\Desktop\tdsskiller.zip [2011/10/30 17:51:20 | 000,000,000 | ---- | M] () -- C:\Windows\3604532770 [2011/10/30 15:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/10/28 22:45:23 | 000,014,657 | ---- | M] () -- C:\Users\mike\Documents\cover letter.odt [2011/10/27 21:04:17 | 000,000,000 | ---- | M] () -- C:\Users\mike\AppData\Local\{86123BD8-22D7-4E14-8D5F-CDBAAD5E9BD7} [2011/10/25 23:11:50 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011/10/25 23:11:50 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011/10/20 15:44:53 | 000,616,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/10/20 15:44:53 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/10/18 16:09:28 | 000,015,927 | ---- | M] () -- C:\Users\mike\Documents\Copy%20letter%20Mike's.odt_0.odt [2011/10/18 12:36:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job [2011/10/18 12:35:19 | 000,175,104 | ---- | M] () -- C:\Users\mike\AppData\Roaming\firefox.exe [2011/10/17 22:22:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job [2011/10/16 18:01:04 | 000,584,192 | ---- | M] () -- C:\Users\mike\Desktop\OTL.exe [2011/10/15 23:09:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/10/15 22:52:54 | 000,001,100 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2011/10/15 22:52:54 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2011/10/15 22:22:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/10/15 20:58:27 | 278,915,019 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/10/15 20:14:43 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011/10/15 20:09:57 | 000,000,954 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/10/15 20:04:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011/10/15 20:04:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011/10/15 19:50:49 | 000,282,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/10/15 19:24:17 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini [2011/10/15 19:22:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf [2011/10/15 19:20:48 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/10/15 19:20:47 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/10/15 19:20:47 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/10/15 19:20:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/10/15 19:20:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/10/15 19:20:46 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/10/15 19:20:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/10/15 19:20:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/10/15 19:20:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/10/15 19:20:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/10/15 19:20:44 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/10/15 19:20:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/10/15 19:20:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/10/15 19:20:44 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/10/15 19:20:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/10/15 19:20:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/10/15 19:20:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/10/15 19:20:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/10/15 19:20:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011/10/15 19:20:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/10/15 19:20:43 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/10/15 19:20:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/10/15 19:20:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/10/15 19:20:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/10/15 19:20:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/10/15 19:20:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/10/15 19:20:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/10/15 19:20:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/10/15 19:20:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/10/15 19:20:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/10/15 19:20:41 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/10/15 19:20:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/10/15 19:20:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/10/15 19:20:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/10/15 19:20:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/10/15 19:20:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/10/15 19:20:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/10/15 19:20:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/10/15 17:57:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job [2011/10/12 08:34:09 | 000,027,136 | ---- | M] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/10 09:36:43 | 000,000,108 | -H-- | M] () -- C:\Users\mike\Documents\.~lock.Copy letter Mike's.odt# [2011/10/10 09:36:26 | 000,000,108 | -H-- | M] () -- C:\Users\mike\Documents\.~lock.mikerubeoresume.odt# [2011/10/10 09:36:12 | 000,014,054 | ---- | M] () -- C:\Users\mike\Documents\Copy letter Mike's.odt [2011/10/10 09:30:01 | 000,016,153 | ---- | M] () -- C:\Users\mike\Documents\mikerubeoresume.odt [2011/10/09 11:53:43 | 000,277,456 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\mike\AppData\Roaming\AcroIEHelpe.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\mike\AppData\Roaming\*.tmp files -> C:\Users\mike\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/10/30 17:59:59 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys [2011/10/30 17:56:52 | 001,545,436 | ---- | C] () -- C:\Users\mike\Desktop\tdsskiller.zip [2011/10/27 21:04:17 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\{86123BD8-22D7-4E14-8D5F-CDBAAD5E9BD7} [2011/10/18 12:35:37 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job [2011/10/17 22:21:44 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job [2011/10/17 22:06:58 | 000,175,104 | ---- | C] () -- C:\Users\mike\AppData\Roaming\firefox.exe [2011/10/16 18:01:04 | 000,584,192 | ---- | C] () -- C:\Users\mike\Desktop\OTL.exe [2011/10/15 23:09:12 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/10/15 22:52:54 | 000,001,100 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2011/10/15 22:52:54 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2011/10/15 20:58:27 | 278,915,019 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/10/15 20:13:05 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2011/10/15 20:13:05 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011/10/15 19:24:17 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2011/10/15 19:22:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf [2011/10/15 19:20:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011/10/15 17:56:48 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job [2011/10/11 12:53:56 | 000,015,927 | ---- | C] () -- C:\Users\mike\Documents\Copy%20letter%20Mike's.odt_0.odt [2011/10/10 09:36:43 | 000,000,108 | -H-- | C] () -- C:\Users\mike\Documents\.~lock.Copy letter Mike's.odt# [2011/10/10 09:36:26 | 000,000,108 | -H-- | C] () -- C:\Users\mike\Documents\.~lock.mikerubeoresume.odt# [2011/10/10 09:36:11 | 000,014,054 | ---- | C] () -- C:\Users\mike\Documents\Copy letter Mike's.odt [2011/10/09 10:01:06 | 000,000,000 | ---- | C] () -- C:\Windows\3604532770 [2011/06/19 11:04:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/06/19 11:04:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/06/14 22:22:50 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2011/06/14 22:02:36 | 000,207,620 | ---- | C] () -- C:\Windows\hpwins28.dat [2011/06/14 22:02:36 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2011/06/13 16:12:52 | 000,027,136 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/12 18:32:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/06/12 18:32:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/06/12 00:09:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/06/11 12:22:31 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys [2011/06/11 12:22:30 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys [2011/06/11 12:22:05 | 000,000,680 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps.dat [2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2008/08/18 14:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008/08/18 14:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008/08/18 14:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008/08/18 14:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008/08/18 14:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008/08/18 14:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008/08/18 14:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008/08/18 13:51:31 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,282,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,616,954 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,108,394 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\System32\KodakOneTouch.dll [color=#E56717]========== LOP Check ==========[/color] [2011/10/09 11:53:39 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\5031 [2011/10/29 13:54:37 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\7FADC [2011/10/26 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\8BC7F [2011/10/15 19:40:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\AxA0ucS2iDpG [2011/10/09 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\bdWWWK7fRL9gTq [2011/10/10 09:22:34 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\c66ssWKK7fE9gZj [2011/10/11 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CgggRZZqhYXkUVl [2011/10/11 07:49:44 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CIIIVVrlONtx0uS [2011/10/13 09:13:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CXXqqjUUCeIBrON [2011/10/12 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\dzzzPPNyxA1uS2b [2011/10/08 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\faaamHH6sWJ7ELg [2011/10/11 12:50:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\FvvDD2obbFpmGsJ [2011/10/15 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\haaQQH6ssW7fE9g [2011/10/09 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\hnnGG5aaQ [2011/10/15 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\i0yyccA1iv [2011/10/14 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\icSS11ivD3on4aH [2011/10/12 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\IIBBrrzONyxAuvi [2011/10/14 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\iL99ggTXqjYCkIr [2011/10/15 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\KhhhYXXwkUVlOtz [2011/10/09 11:53:03 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\kock [2011/10/15 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\kZqqhhYXwkU [2011/10/09 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\LdddEL8gRZq [2011/10/15 19:14:31 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mLLL9hhTXq [2011/10/12 08:19:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\nffRRZ9hTXwjUeI [2011/10/11 12:58:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\o5sssWJ7dEL [2011/06/15 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\OpenOffice.org [2011/10/14 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PHH66dWWK7f [2011/10/12 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\pXXXwjjUCelI [2011/10/12 08:09:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Q4ppmmG5sQJ6dK [2011/10/13 09:23:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\QA00uuvS2ibF3n [2011/10/13 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rAAA1iivD2on4pH [2011/10/12 18:15:00 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rK88ffRL9hTXjUe [2011/10/14 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\RLLL88gRZqhYwk [2011/10/11 12:55:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rpmmGG5aQJ6dK8R [2011/10/09 11:40:56 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\sBBBrzzPNyxAuv [2011/10/09 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SffEL8ggZqYCrOt [2011/10/08 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\skIIVVrlONtx0uS [2011/10/09 11:40:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\U888fRRZ9hTXjUe [2011/10/08 17:46:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\uBBBrzzPNyxAuv2 [2011/07/31 12:42:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WildTangent [2011/06/11 20:50:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WinBatch [2011/10/15 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WOONNyxA0 [2011/10/08 17:46:39 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\xbFF33pmG5a [2011/10/30 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\xmldm [2011/10/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ykkkUVVelOBzPy [2011/10/15 18:48:35 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\yLLL99gTXqj [2011/10/15 17:57:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011/10/17 22:22:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At2.job [2011/10/18 12:36:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At3.job [2011/10/30 17:49:44 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 784 bytes -> C:\Windows\3604532770:3710986025.exe < End of report > Extras.txt OTL Extras logfile created on: 10/30/2011 6:04:23 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mike\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 68.91% Memory free 5.94 Gb Paging File | 5.13 Gb Available in Paging File | 86.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.38 Gb Total Space | 216.53 Gb Free Space | 74.82% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-214129433-4023598644-1636040247-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16378781-A5FA-4D51-B0F0-8E86F927FF05}" = rport=138 | protocol=17 | dir=out | app=system | "{1F598C07-E1B8-48B0-BB11-0A8EA71C4275}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{355AA2A2-0A28-4F47-8F17-4E0F4C3CA93E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3AAA76E1-7A22-46D2-A2B7-91699788458E}" = rport=137 | protocol=17 | dir=out | app=system | "{3C3B7615-B0FE-47DB-83DE-AED00DCC1760}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45D4986F-826A-42FF-83FC-507CFB25A8FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4BBAB822-D3A4-4CA2-9E97-43FF1F6A5B17}" = rport=139 | protocol=6 | dir=out | app=system | "{4CBD68E8-4DE0-421F-A40E-3654D046F236}" = lport=138 | protocol=17 | dir=in | app=system | "{4E5BA67D-E703-4578-AC39-CDCABDEBA24F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{51E1C697-1CE2-4E0C-923B-EDF8D04D7297}" = lport=445 | protocol=6 | dir=in | app=system | "{68AA63C1-6DC6-4D09-BD69-201D156B50B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6F40962F-34A4-4C95-9583-7B744847624C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{74DA3609-70B6-485A-99FF-4207A318F85D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76500A5E-E74D-483A-B8A9-796D8050286D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BE55841E-137E-4853-9920-B874CD2A6680}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email="[email protected],-28539"][email protected],-28539[/email] | "{C4A0ADE1-C3AA-4571-886A-79F66F998884}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C656C11B-16BC-453D-90C1-2AE7AF5FEDE5}" = rport=445 | protocol=6 | dir=out | app=system | "{D05FA6E1-074B-4C3B-823F-DB5F4A84B69B}" = lport=139 | protocol=6 | dir=in | app=system | "{FC84C21E-2B8B-4D06-A44E-57CD0D67CDDC}" = lport=137 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0121BE83-4FC2-44EE-810B-A7D8725E599A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{043C18A2-1D7E-439D-827E-426B6D72F506}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{0C07C467-AEFC-4E9B-A9EF-26304C8BD0D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{2077F725-6B5C-485F-8767-470784AD5C55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{24D86F49-6972-4955-8CF4-0F400A723B18}" = dir=in | app=c:\users\mike\appdata\local\temp\hp\oj4500vg510n-z_full_13_en\setup\hpznui01.exe | "{2C221A1D-AAAC-49C6-99CB-984F07A66A35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{40B3E3A0-83A3-4FF4-BCE7-758D76418841}" = protocol=58 | dir=out | [email="[email protected],-28546"][email protected],-28546[/email] | "{460A5DF3-9181-47C1-A9E7-14BAF01022EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{4F368C51-A250-423F-963F-C6ACD7D04568}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{5D7B94FD-DC80-44CB-88E9-6023D862ED18}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{6842FF82-6818-4B23-BC9F-15709C16F853}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{774E62BE-4A3F-4FEF-AD69-E57546DF2930}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{7DA1A3D7-4D94-4823-80EE-272A11CDF435}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{842A269D-CFAF-4581-BE19-2F9C97F7D6E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{A3FFAFD3-3227-429F-A249-82AA1AC21FC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{B12B5470-D284-4696-BC79-D181A723B475}" = protocol=58 | dir=in | [email="[email protected],-28545"][email protected],-28545[/email] | "{B95AFA26-CB69-4688-808C-ACDA35012248}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{BE31FD9B-9F71-4418-B432-F11945043475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{C43FF2DE-B94B-4C3D-980F-C6DFD83E086D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{CB53D053-C674-4A04-AD2B-90B3E1FBEE89}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{CDD042D9-8892-48F5-B4AA-ECF6DD7BFCAF}" = protocol=1 | dir=in | [email="[email protected],-28543"][email protected],-28543[/email] | "{DBA704B0-C064-4831-8755-3632F3900600}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{EB5FCBA7-99BD-47DF-BB41-6DDEB93223ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FB64BD3E-CC24-4CC8-A311-B43ECE53AA87}" = protocol=1 | dir=out | [email="[email protected],-28544"][email protected],-28544[/email] | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{41773726-92D0-4265-A0F8-DD980CA1AEC4}" = TOSHIBA Upgrade Assistant "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2 "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR "{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Google Desktop" = Google Desktop "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US) "Picasa2" = Picasa 2 "QuickTime" = QuickTime "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "WildTangent toshiba Master Uninstall" = WildTangent Games "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Yahoo! Companion" = Yahoo! Toolbar [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 10/28/2011 10:38:38 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10 Description = Error - 10/29/2011 1:55:22 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10 Description = Error - 10/30/2011 2:27:48 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10 Description = Error - 10/30/2011 2:45:23 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10 Description = Error - 10/30/2011 5:51:46 PM | Computer Name = mike-PC | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 7/15/2011 1:41:50 PM | Computer Name = mike-PC | Source = DCOM | ID = 10010 Description = Error - 7/17/2011 3:45:50 PM | Computer Name = mike-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 00225FFB8F50 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error - 7/18/2011 1:47:10 PM | Computer Name = mike-PC | Source = DCOM | ID = 10010 Description = Error - 7/20/2011 8:15:51 AM | Computer Name = mike-PC | Source = DCOM | ID = 10010 Description = Error - 7/20/2011 5:47:50 PM | Computer Name = mike-PC | Source = HTTP | ID = 15016 Description = Error - 7/20/2011 5:49:53 PM | Computer Name = mike-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 5:48:29 PM on 7/20/2011 was unexpected. Error - 7/20/2011 5:49:57 PM | Computer Name = mike-PC | Source = HTTP | ID = 15016 Description = Error - 7/27/2011 8:26:06 AM | Computer Name = mike-PC | Source = HTTP | ID = 15016 Description = Error - 7/27/2011 11:28:02 AM | Computer Name = mike-PC | Source = Service Control Manager | ID = 7022 Description = Error - 7/27/2011 11:28:06 AM | Computer Name = mike-PC | Source = DCOM | ID = 10016 Description = < End of report >
  3. [quote name='CeciliaB' post='129958' date='Oct 16 2011, 04:45 AM']Hi NYMan85, Malware can stop installation of security programs. Please, to get help with cleaning your computer follow the instructions in the topic [url="http://www.lavasoftsupport.com/index.php?showtopic=30823"]Read This Before You Post![/url] and I will move your topic to the forum [url="http://www.lavasoftsupport.com/index.php?showforum=36"]Help with Stubborn Infections[/url].[/quote] Thanks for the reply. I ran the OLT program and it did seem like the program ran, but no notepad windows appeared. I tried this twice, saving to both my 'Downloads' folder and 'Desktop' and I cannot find any new notepad files that would contain the information requested.
  4. My computer is infected to the point where I can't find just about any malware removal program except for SpyBot. I get the "failed to connect to service" error when trying to run Ad-Aware. I have used Revo to uninstall and reinstall, to no avail. In "Services", the status for this process is blank; when I click "start", I get the error message, "Windows could not start the Lavasoft Ad-Aware service on Local Computer. Error 5: Access is denied." I'm not sure Ad-aware will fix the problem (it was "Guard Online" that I've thoroughly researched; none of the methods have worked in fixing the problems my computer has been having; a general slowness to everything and websites redirecting to other sites) but I would like to have it run. Any suggestions?