Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC Constantly freezing - unknown reason

Started by crybaby , Jun 13 2011 12:21 PM

This topic is locked

#1
crybaby

Posted 13 June 2011 - 12:21 PM

Member

Member
175 posts

Hello trusted helpers! I hope someone can help me on this one. usually, I have more info to post but, this time, I am clueless on what's going on. my PC keeps locking up on me during various tasks. Sometimes while on the web, sometimes while just on the desktop. There's no real specific indication of what is causing this that I can see. avast is updated, and hasn't detected anything in quite some time though, I was informed that there was a trojan found somewhere around 2 months ago that was apparently moved to the virus chest in avast. Upon looking into the chest, I could see no evidence to support that claim, so I am unsure what that is all about. I ran the OTL, and am posting it as well, in the hopes that someone can help me with this issue. If I am in the wrong forum, I apologize, and would be happy to seek help elsewhere if necessary. Thanks in advance for looking into this for me!

OTL:
OTL logfile created on: 6/13/2011 1:03:11 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Shayla Potter\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.30% Memory free
4.11 Gb Paging File | 2.98 Gb Available in Paging File | 72.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 97.53 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.94 Gb Free Space | 49.37% Space Free | Partition Type: NTFS

Computer Name: BNSS-LEASED | User Name: Shayla Potter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 13:01:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shayla Potter\Downloads\OTL(1).exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/07/26 17:38:22 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/09/24 04:41:02 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/06 19:12:00 | 000,212,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2007/04/03 16:58:56 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2007/02/15 12:19:16 | 000,056,128 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/12/18 19:38:58 | 000,122,880 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\PELMICED.EXE
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/11/02 07:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe

========== Modules (SafeList) ==========

MOD - [2011/06/13 13:01:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shayla Potter\Downloads\OTL(1).exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/26 17:38:22 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) [Auto | Running] -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe -- (Webcamera Plus Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/22 11:12:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
DRV - [2007/10/17 13:54:02 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/15 08:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/15 12:19:20 | 000,019,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2007/02/15 12:19:18 | 000,023,360 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/12 08:58:08 | 000,015,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\W55U01.sys -- (W55U01)
DRV - [2005/02/02 18:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpplsbulk.sys -- (HPPLSBULK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=1071121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=1071121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....ntl=us&.src=ym"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 08:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 08:28:43 | 000,000,000 | ---D | M]

[2009/08/20 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Extensions
[2011/06/07 14:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions
[2011/03/31 06:24:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/07 14:30:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/31 06:24:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/03/31 06:24:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\[email protected]
[2011/03/31 06:24:31 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\[email protected]
[2010/05/16 12:53:40 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\[email protected]
[2011/05/16 08:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 14:37:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/02 13:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/11/11 15:08:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\SHAYLA POTTER\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/25 08:43:35 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/02 13:13:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/09 16:17:18 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2008/10/09 02:58:40 | 000,044,288 | ---- | M] (MeadCo Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npmeadax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/03/10 09:08:39 | 000,000,785 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.168.1.70 NPI8C25CB
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Lexmark X1100 Series] File not found
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProStoresStoreMonitor] C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe (ProStores, Inc.)
O4 - Startup: C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {295AE8FF-A150-4CCE-9581-D6726D07C601} http://67.200.135.148:8080/DvrWeb.cab (WebApp Control)
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} http://66.196.229.11...tiveViewGUI.cab (ActiveViewGUI Control)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantacco...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} http://66.196.229.115/ActiveView.cab (ActiveView Control)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantacco...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} http://192.168.1.65/WebDiginet.CAB (WebDigiNet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CBC33687-4040-49D7-A17E-F3CDF9F1D2FA} https://ippsyncsetup...cActiveXNew.CAB (IntuitQBSync.MobilinkSyncActiveX)
O16 - DPF: {CFF61A0C-62A0-47FA-8F2D-8A7EC3E20E89} http://71.96.1.21/clientD4.cab (Client Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81259daf-9849-11dc-a1d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{81259daf-9849-11dc-a1d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\Desktop\Media Tech Awards
[2011/05/22 09:33:08 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\Desktop\New Folder
[2011/05/18 11:38:28 | 000,056,128 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
[2011/05/18 11:38:02 | 000,484,643 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELBDO.DLL
[2011/05/18 11:38:02 | 000,299,008 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELWHEEL.DLL
[2011/05/18 11:38:02 | 000,218,648 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\PMUNINST.EXE
[2011/05/18 11:38:02 | 000,215,040 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELPPM.DLL
[2011/05/18 11:38:02 | 000,212,992 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELUTIL.DLL
[2011/05/18 11:38:02 | 000,122,880 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELMICED.EXE
[2011/05/18 11:38:02 | 000,114,688 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELSCRLL.DLL
[2011/05/18 11:38:02 | 000,090,112 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELZOOM.DLL
[2011/05/18 11:38:02 | 000,073,728 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELHOOKS.DLL
[2011/05/18 11:38:02 | 000,057,344 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PMGENSS.DLL
[2011/05/18 11:38:02 | 000,056,128 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\ICONSPY.EXE
[2011/05/18 11:38:02 | 000,036,864 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PMNEO.DLL
[2011/05/18 11:38:02 | 000,036,864 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELCOMM.DLL
[2011/05/18 11:38:02 | 000,031,552 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\PELSETUP.DLL
[2011/05/18 11:38:02 | 000,028,160 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\PMUNINNT.EXE
[2011/05/18 11:38:02 | 000,023,360 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\drivers\PELMOUSE.SYS
[2011/05/18 11:38:02 | 000,019,968 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\drivers\PELPS2M.SYS
[2011/05/18 11:38:02 | 000,019,264 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\System32\drivers\PELUSBlf.SYS
[2011/05/18 11:37:45 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\AppData\Roaming\WinBatch
[2011/05/18 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2011/05/18 10:57:41 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\AppData\Local\Deployment
[2011/05/18 10:57:41 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\AppData\Local\Apps
[2011/05/18 10:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2011/05/15 16:14:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2007/12/07 13:58:22 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2007/12/07 13:58:22 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2007/12/07 13:58:22 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/12/07 13:58:21 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2007/12/07 13:58:21 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2007/12/07 13:58:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2007/12/07 13:58:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2007/12/07 13:58:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2007/12/07 13:58:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2007/12/07 13:58:19 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007/12/07 13:58:18 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2007/12/07 13:58:17 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007/12/07 13:58:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2007/12/07 13:58:16 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2007/12/07 13:58:16 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 13:00:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/13 12:59:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/13 12:59:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/13 12:56:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 12:56:53 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 12:56:50 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/13 12:56:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 01:47:54 | 000,001,248 | RHS- | M] () -- C:\Users\Shayla Potter\ntuser.pol
[2011/06/11 18:26:57 | 000,186,880 | ---- | M] () -- C:\Users\Shayla Potter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 17:03:17 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/28 09:41:28 | 000,046,388 | ---- | M] () -- C:\Users\Shayla Potter\Desktop\Budget year look.ods
[2011/05/27 18:33:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/05/22 18:50:48 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/22 18:50:48 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 14:36:52 | 000,000,945 | ---- | M] () -- C:\Users\Shayla Potter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 07:41:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/22 07:41:24 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/22 07:40:47 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/16 14:10:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/16 08:28:24 | 000,000,872 | ---- | M] () -- C:\Users\Shayla Potter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/16 08:28:23 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 17:03:17 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/27 18:33:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/05/22 07:40:47 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/18 11:38:28 | 000,883,262 | ---- | C] () -- C:\Windows\System32\ms98.cab
[2011/05/18 11:38:28 | 000,027,661 | ---- | C] () -- C:\Windows\System32\phidmou.inf
[2011/05/18 11:38:28 | 000,011,915 | ---- | C] () -- C:\Windows\System32\ms99.cat
[2011/05/18 11:38:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2011/05/18 11:38:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2011/05/18 11:38:02 | 000,003,561 | ---- | C] () -- C:\Windows\System32\HPMICE.PCX
[2010/09/02 17:43:47 | 000,127,304 | ---- | C] () -- C:\Windows\hppins01.dat
[2010/09/02 17:43:47 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat
[2010/06/04 19:58:02 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2010/05/12 21:08:41 | 000,102,912 | ---- | C] () -- C:\Windows\System32\swscale-0.7.2.dll
[2010/05/12 21:08:40 | 000,877,056 | ---- | C] () -- C:\Windows\System32\avcodec-52.45.0.dll
[2010/05/12 21:08:40 | 000,077,312 | ---- | C] () -- C:\Windows\System32\avformat-52.46.0.dll
[2010/05/12 21:08:40 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avutil-50.7.0.dll
[2010/05/12 21:08:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\avdevice-52.2.0.dll
[2010/05/12 21:08:39 | 000,015,360 | ---- | C] () -- C:\Windows\System32\AVC_AP_JPEG.dll
[2010/05/12 21:08:39 | 000,005,632 | ---- | C] () -- C:\Windows\System32\AVC_AP_SCALE.dll
[2010/05/12 21:08:37 | 000,877,568 | ---- | C] () -- C:\Windows\System32\avcodec-52.dll
[2010/05/12 21:08:37 | 000,323,584 | ---- | C] () -- C:\Windows\System32\Deinterlace.dll
[2010/05/12 21:08:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\swscale-0.dll
[2010/05/12 21:08:37 | 000,075,776 | ---- | C] () -- C:\Windows\System32\avformat-52.dll
[2010/05/12 21:08:37 | 000,046,592 | ---- | C] () -- C:\Windows\System32\avutil-50.dll
[2010/05/12 21:08:37 | 000,004,608 | ---- | C] () -- C:\Windows\System32\avdevice-52.dll
[2010/04/09 10:40:43 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/03/31 07:41:41 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_AP_H264.dll
[2010/03/31 07:41:39 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_H264.dll
[2010/03/31 07:41:39 | 000,015,360 | ---- | C] () -- C:\Windows\System32\AVC_JPEG.dll
[2010/03/21 16:35:33 | 000,127,390 | ---- | C] () -- C:\Windows\hppins01.dat.temp
[2010/03/21 16:35:33 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat.temp
[2010/03/10 09:06:24 | 000,000,834 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/03/06 11:30:12 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/01/18 23:58:16 | 000,000,134 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009/12/22 13:56:08 | 013,869,056 | ---- | C] () -- C:\Windows\System32\DdvrRes.dll
[2009/09/22 16:49:38 | 000,186,880 | ---- | C] () -- C:\Users\Shayla Potter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/16 19:07:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 19:07:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 12:53:13 | 000,000,788 | ---- | C] () -- C:\Users\Shayla Potter\AppData\Roaming\wklnhst.dat
[2009/08/12 11:10:45 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2009/07/13 21:44:08 | 000,000,680 | ---- | C] () -- C:\Users\Shayla Potter\AppData\Local\d3d9caps.dat
[2009/07/09 16:16:51 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2009/06/29 10:22:54 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/06/29 10:22:51 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/06/09 09:02:54 | 000,000,716 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/06/09 09:02:54 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/06/07 22:45:40 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/06/04 11:32:32 | 000,000,032 | ---- | C] () -- C:\Windows\System32\ClientD4.bin
[2008/12/29 15:36:46 | 005,636,096 | ---- | C] () -- C:\Windows\System32\H264_D4.dll
[2008/12/20 21:41:54 | 000,000,084 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2008/12/20 21:41:52 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2008/08/22 19:22:21 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/08/01 03:00:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/05 09:37:57 | 000,000,261 | ---- | C] () -- C:\Windows\disney.ini
[2008/04/10 13:53:38 | 000,000,093 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/04/09 17:38:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/09 08:39:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DvsNDKEx.dll
[2007/12/07 14:02:22 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/12/07 13:59:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/12/07 13:59:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/12/07 13:58:22 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2007/12/07 13:58:21 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2007/12/07 13:58:19 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2007/12/07 13:58:19 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2007/12/07 13:58:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2007/12/07 13:58:19 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2007/12/07 13:58:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2007/12/07 13:58:17 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2007/12/07 13:58:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2007/12/07 13:58:17 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2007/10/06 02:28:42 | 001,658,671 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2007/08/24 06:39:10 | 000,434,270 | ---- | C] () -- C:\Windows\System32\Mp4ADecoder.dll
[2007/04/17 22:21:44 | 000,011,192 | ---- | C] () -- C:\Windows\DVRWebGUI.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,534,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/22 06:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 05:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/07/25 13:28:38 | 000,000,485 | ---- | C] () -- C:\Windows\System32\hpp2800V.dat
[2006/04/24 14:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2006/01/31 23:30:32 | 000,028,672 | ---- | C] () -- C:\Windows\System32\TextOverlayEx.dll
[2005/11/16 02:57:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Audio.dll
[2005/02/03 12:31:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\compJNI.dll
[2004/08/20 08:02:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\PMLJNI.dll
[2004/08/03 00:30:56 | 000,024,576 | ---- | C] () -- C:\Windows\System32\decompress.dll
[2004/07/07 07:18:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\CreateAvi.dll
[2004/05/05 05:22:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AudioACM.dll
[2003/08/18 05:55:47 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE
[2003/08/18 05:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002/12/07 14:21:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\kdbbase.dll
[2002/12/07 11:53:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\tools.dll
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002/09/13 06:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2002/09/13 01:14:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\netdecdll.dll
[2002/01/15 15:26:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\kcodec.dll
[2001/07/07 05:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\Windows\hppcap.ini
[2001/01/19 10:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE

========== LOP Check ==========

[2011/03/01 22:01:26 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\BitTorrent
[2009/11/25 08:43:35 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\E-centives
[2010/03/06 11:30:15 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\FreeAudioPack
[2011/05/11 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\ImTOO
[2011/01/31 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\Juniper Networks
[2009/08/26 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\MusicNet
[2009/08/17 06:46:48 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\OpenOffice.org
[2009/08/17 13:30:02 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\pdf995
[2010/03/10 10:05:26 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\SmartDraw
[2011/03/02 12:38:09 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\SystemRequirementsLab
[2009/08/18 12:53:32 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\Template
[2011/05/18 11:37:45 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\WinBatch
[2010/06/23 11:25:47 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\WinSesame
[2011/06/13 01:51:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:AA3339BE
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:69F4A9BE
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:AD6273E0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8EC55520
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A52C3C4A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FE53E4F7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:376AEA88
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:819BEFD3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:81A5201B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E33EA293
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EA031481

< End of report >

#2
BlackOxide

Posted 24 June 2011 - 12:47 PM

Trusted Helper

Malware Removal
1,976 posts

Hi, crybaby! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
If you are not sure of anything along the way, just ask.

OK, lets start

Sorry for the delay in someone getting to you. Could you provide me with a fresh OTL log and perform a scan with TDSSKiller, using the instructions below please.

1)
OTL Quick Scan

Double click on the OTL icon to run it.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window.
Please post the contents of this log

2)
Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

3)
Could you let me know how often this freezing occurs. Does it freeze within a couple of minutes of switching the PC on, or can it run for hours and hours before freezing?

In your next reply
Please post the contents of...
OTL log
TDSSKiller log
Let me know how often the freezing is occurring

#3
crybaby

Posted 24 June 2011 - 05:59 PM

Member

Topic Starter
Member
175 posts

Hi and thank you for responding to my post. :unsure:

As for frequency of the freezing, it's a bit random. Sometimes it happens early on after booting, and other times it doesn't happen for hours. It seems to happen more often when the kids have been on the PC.

Here are the log files you asked for. Thanks for your help!!

OTL:

OTL logfile created on: 6/24/2011 6:32:10 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Shayla Potter\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.67% Memory free
4.11 Gb Paging File | 2.68 Gb Available in Paging File | 65.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 114.79 Gb Free Space | 51.52% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.94 Gb Free Space | 49.42% Space Free | Partition Type: NTFS

Computer Name: BNSS-LEASED | User Name: Shayla Potter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 13:01:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shayla Potter\Downloads\OTL(1).exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/07/26 17:38:22 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/09/24 04:41:02 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/06 19:12:00 | 000,212,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2007/04/03 16:58:56 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2007/02/15 12:19:16 | 000,056,128 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/11/02 07:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/09/22 20:15:15 | 000,300,856 | ---- | M] (ProStores, Inc.) -- C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe

========== Modules (SafeList) ==========

MOD - [2011/06/13 13:01:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shayla Potter\Downloads\OTL(1).exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/26 17:38:22 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) [Auto | Running] -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe -- (Webcamera Plus Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/22 11:12:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
DRV - [2007/10/17 13:54:02 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/15 08:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/15 12:19:20 | 000,019,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2007/02/15 12:19:18 | 000,023,360 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/12 08:58:08 | 000,015,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\W55U01.sys -- (W55U01)
DRV - [2005/02/02 18:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpplsbulk.sys -- (HPPLSBULK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=1071121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=1071121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....ntl=us&.src=ym"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 08:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 17:12:22 | 000,000,000 | ---D | M]

[2009/08/20 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Extensions
[2011/06/07 14:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions
[2011/03/31 06:24:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/07 14:30:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/31 06:24:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/03/31 06:24:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\[email protected]
[2011/03/31 06:24:31 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\[email protected]
[2010/05/16 12:53:40 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Shayla Potter\AppData\Roaming\Mozilla\Firefox\Profiles\oyn0fdki.default\extensions\[email protected]
[2011/06/16 16:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 14:37:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/02 13:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/16 16:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2009/11/11 15:08:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\SHAYLA POTTER\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/25 08:43:35 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/09 16:17:18 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2008/10/09 02:58:40 | 000,044,288 | ---- | M] (MeadCo Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npmeadax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/03/10 09:08:39 | 000,000,785 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.168.1.70 NPI8C25CB
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Lexmark X1100 Series] File not found
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProStoresStoreMonitor] C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe (ProStores, Inc.)
O4 - Startup: C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {295AE8FF-A150-4CCE-9581-D6726D07C601} http://67.200.135.148:8080/DvrWeb.cab (WebApp Control)
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} http://66.196.229.11...tiveViewGUI.cab (ActiveViewGUI Control)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantacco...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} http://66.196.229.115/ActiveView.cab (ActiveView Control)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantacco...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} http://192.168.1.65/WebDiginet.CAB (WebDigiNet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CBC33687-4040-49D7-A17E-F3CDF9F1D2FA} https://ippsyncsetup...cActiveXNew.CAB (IntuitQBSync.MobilinkSyncActiveX)
O16 - DPF: {CFF61A0C-62A0-47FA-8F2D-8A7EC3E20E89} http://71.96.1.21/clientD4.cab (Client Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shayla Potter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81259daf-9849-11dc-a1d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{81259daf-9849-11dc-a1d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/21 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/21 13:29:21 | 000,000,000 | ---D | C] -- C:\Users\Shayla Potter\AppData\Local\Unity
[2011/06/16 16:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2007/12/07 13:58:22 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2007/12/07 13:58:22 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2007/12/07 13:58:22 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/12/07 13:58:21 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2007/12/07 13:58:21 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2007/12/07 13:58:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2007/12/07 13:58:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2007/12/07 13:58:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2007/12/07 13:58:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2007/12/07 13:58:19 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007/12/07 13:58:18 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2007/12/07 13:58:17 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007/12/07 13:58:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2007/12/07 13:58:16 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2007/12/07 13:58:16 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 18:13:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/24 18:13:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/24 18:13:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/24 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/24 13:58:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/24 08:13:44 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/24 08:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 17:12:22 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/06/16 09:58:51 | 000,045,483 | ---- | M] () -- C:\Users\Shayla Potter\Desktop\Budget year look.ods
[2011/06/16 03:09:41 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/16 03:09:41 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/15 14:38:41 | 000,000,680 | ---- | M] () -- C:\Users\Shayla Potter\AppData\Local\d3d9caps.dat
[2011/06/13 01:47:54 | 000,001,248 | RHS- | M] () -- C:\Users\Shayla Potter\ntuser.pol
[2011/06/11 18:26:57 | 000,186,880 | ---- | M] () -- C:\Users\Shayla Potter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 17:03:17 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/27 18:33:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 17:12:22 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/06/21 17:12:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/05 17:03:17 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/27 18:33:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/05/18 11:38:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2011/05/18 11:38:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2010/09/02 17:43:47 | 000,127,304 | ---- | C] () -- C:\Windows\hppins01.dat
[2010/09/02 17:43:47 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat
[2010/06/04 19:58:02 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2010/05/12 21:08:41 | 000,102,912 | ---- | C] () -- C:\Windows\System32\swscale-0.7.2.dll
[2010/05/12 21:08:40 | 000,877,056 | ---- | C] () -- C:\Windows\System32\avcodec-52.45.0.dll
[2010/05/12 21:08:40 | 000,077,312 | ---- | C] () -- C:\Windows\System32\avformat-52.46.0.dll
[2010/05/12 21:08:40 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avutil-50.7.0.dll
[2010/05/12 21:08:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\avdevice-52.2.0.dll
[2010/05/12 21:08:39 | 000,015,360 | ---- | C] () -- C:\Windows\System32\AVC_AP_JPEG.dll
[2010/05/12 21:08:39 | 000,005,632 | ---- | C] () -- C:\Windows\System32\AVC_AP_SCALE.dll
[2010/05/12 21:08:37 | 000,877,568 | ---- | C] () -- C:\Windows\System32\avcodec-52.dll
[2010/05/12 21:08:37 | 000,323,584 | ---- | C] () -- C:\Windows\System32\Deinterlace.dll
[2010/05/12 21:08:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\swscale-0.dll
[2010/05/12 21:08:37 | 000,075,776 | ---- | C] () -- C:\Windows\System32\avformat-52.dll
[2010/05/12 21:08:37 | 000,046,592 | ---- | C] () -- C:\Windows\System32\avutil-50.dll
[2010/05/12 21:08:37 | 000,004,608 | ---- | C] () -- C:\Windows\System32\avdevice-52.dll
[2010/04/09 10:40:43 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/03/31 07:41:41 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_AP_H264.dll
[2010/03/31 07:41:39 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_H264.dll
[2010/03/31 07:41:39 | 000,015,360 | ---- | C] () -- C:\Windows\System32\AVC_JPEG.dll
[2010/03/21 16:35:33 | 000,127,390 | ---- | C] () -- C:\Windows\hppins01.dat.temp
[2010/03/21 16:35:33 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat.temp
[2010/03/10 09:06:24 | 000,000,834 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/03/06 11:30:12 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/01/18 23:58:16 | 000,000,134 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009/12/22 13:56:08 | 013,869,056 | ---- | C] () -- C:\Windows\System32\DdvrRes.dll
[2009/09/22 16:49:38 | 000,186,880 | ---- | C] () -- C:\Users\Shayla Potter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/16 19:07:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 19:07:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 12:53:13 | 000,000,788 | ---- | C] () -- C:\Users\Shayla Potter\AppData\Roaming\wklnhst.dat
[2009/08/12 11:10:45 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2009/07/13 21:44:08 | 000,000,680 | ---- | C] () -- C:\Users\Shayla Potter\AppData\Local\d3d9caps.dat
[2009/07/09 16:16:51 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2009/06/29 10:22:54 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/06/29 10:22:51 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/06/09 09:02:54 | 000,000,716 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/06/09 09:02:54 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/06/07 22:45:40 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/06/04 11:32:32 | 000,000,032 | ---- | C] () -- C:\Windows\System32\ClientD4.bin
[2008/12/29 15:36:46 | 005,636,096 | ---- | C] () -- C:\Windows\System32\H264_D4.dll
[2008/12/20 21:41:54 | 000,000,084 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2008/12/20 21:41:52 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2008/08/22 19:22:21 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/08/01 03:00:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/05 09:37:57 | 000,000,261 | ---- | C] () -- C:\Windows\disney.ini
[2008/04/10 13:53:38 | 000,000,093 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/04/09 17:38:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/09 08:39:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DvsNDKEx.dll
[2007/12/07 14:02:22 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/12/07 13:59:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/12/07 13:59:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/12/07 13:58:22 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2007/12/07 13:58:21 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2007/12/07 13:58:19 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2007/12/07 13:58:19 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2007/12/07 13:58:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2007/12/07 13:58:19 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2007/12/07 13:58:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2007/12/07 13:58:17 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2007/12/07 13:58:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2007/12/07 13:58:17 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2007/10/06 02:28:42 | 001,658,671 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2007/08/24 06:39:10 | 000,434,270 | ---- | C] () -- C:\Windows\System32\Mp4ADecoder.dll
[2007/04/17 22:21:44 | 000,011,192 | ---- | C] () -- C:\Windows\DVRWebGUI.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,534,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/22 06:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 05:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/07/25 13:28:38 | 000,000,485 | ---- | C] () -- C:\Windows\System32\hpp2800V.dat
[2006/04/24 14:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2006/01/31 23:30:32 | 000,028,672 | ---- | C] () -- C:\Windows\System32\TextOverlayEx.dll
[2005/11/16 02:57:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Audio.dll
[2005/02/03 12:31:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\compJNI.dll
[2004/08/20 08:02:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\PMLJNI.dll
[2004/08/03 00:30:56 | 000,024,576 | ---- | C] () -- C:\Windows\System32\decompress.dll
[2004/07/07 07:18:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\CreateAvi.dll
[2004/05/05 05:22:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AudioACM.dll
[2003/08/18 05:55:47 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE
[2003/08/18 05:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002/12/07 14:21:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\kdbbase.dll
[2002/12/07 11:53:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\tools.dll
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002/09/13 06:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2002/09/13 01:14:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\netdecdll.dll
[2002/01/15 15:26:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\kcodec.dll
[2001/07/07 05:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\Windows\hppcap.ini
[2001/01/19 10:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE

========== LOP Check ==========

[2011/03/01 22:01:26 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\BitTorrent
[2009/11/25 08:43:35 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\E-centives
[2010/03/06 11:30:15 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\FreeAudioPack
[2011/05/11 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\ImTOO
[2011/01/31 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\Juniper Networks
[2009/08/26 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\MusicNet
[2009/08/17 06:46:48 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\OpenOffice.org
[2009/08/17 13:30:02 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\pdf995
[2010/03/10 10:05:26 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\SmartDraw
[2011/03/02 12:38:09 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\SystemRequirementsLab
[2009/08/18 12:53:32 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\Template
[2011/05/18 11:37:45 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\WinBatch
[2010/06/23 11:25:47 | 000,000,000 | ---D | M] -- C:\Users\Shayla Potter\AppData\Roaming\WinSesame
[2011/06/16 03:35:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:AA3339BE
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:69F4A9BE
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:AD6273E0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8EC55520
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A52C3C4A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FE53E4F7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:376AEA88
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:819BEFD3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:81A5201B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E33EA293
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EA031481

< End of report >

TDSS:

2011/06/24 18:53:15.0248 6112 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/24 18:53:15.0720 6112 ================================================================================
2011/06/24 18:53:15.0720 6112 SystemInfo:
2011/06/24 18:53:15.0720 6112
2011/06/24 18:53:15.0720 6112 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/24 18:53:15.0720 6112 Product type: Workstation
2011/06/24 18:53:15.0720 6112 ComputerName: BNSS-LEASED
2011/06/24 18:53:15.0721 6112 UserName: Shayla Potter
2011/06/24 18:53:15.0721 6112 Windows directory: C:\Windows
2011/06/24 18:53:15.0721 6112 System windows directory: C:\Windows
2011/06/24 18:53:15.0721 6112 Processor architecture: Intel x86
2011/06/24 18:53:15.0721 6112 Number of processors: 2
2011/06/24 18:53:15.0721 6112 Page size: 0x1000
2011/06/24 18:53:15.0721 6112 Boot type: Normal boot
2011/06/24 18:53:15.0721 6112 ================================================================================
2011/06/24 18:53:16.0943 6112 Initialize success
2011/06/24 18:53:26.0141 4796 ================================================================================
2011/06/24 18:53:26.0141 4796 Scan started
2011/06/24 18:53:26.0141 4796 Mode: Manual;
2011/06/24 18:53:26.0141 4796 ================================================================================
2011/06/24 18:53:27.0783 4796 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/24 18:53:27.0858 4796 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/24 18:53:27.0913 4796 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/24 18:53:27.0998 4796 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/24 18:53:28.0052 4796 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/24 18:53:28.0146 4796 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/06/24 18:53:28.0268 4796 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/06/24 18:53:28.0315 4796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/24 18:53:28.0364 4796 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/06/24 18:53:28.0398 4796 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/06/24 18:53:28.0490 4796 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/06/24 18:53:28.0547 4796 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/24 18:53:28.0588 4796 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/24 18:53:28.0712 4796 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/24 18:53:28.0822 4796 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/24 18:53:28.0938 4796 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/24 18:53:28.0988 4796 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/24 18:53:29.0042 4796 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/24 18:53:29.0144 4796 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/24 18:53:29.0254 4796 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/24 18:53:29.0333 4796 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/24 18:53:29.0402 4796 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/24 18:53:29.0449 4796 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/24 18:53:29.0569 4796 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/24 18:53:29.0666 4796 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/24 18:53:29.0724 4796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/24 18:53:29.0754 4796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/24 18:53:29.0849 4796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/24 18:53:29.0892 4796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/24 18:53:29.0937 4796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/24 18:53:29.0971 4796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/24 18:53:30.0020 4796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/24 18:53:30.0120 4796 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/24 18:53:30.0198 4796 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/24 18:53:30.0250 4796 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/24 18:53:30.0337 4796 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/24 18:53:30.0402 4796 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/06/24 18:53:30.0446 4796 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/24 18:53:30.0496 4796 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/24 18:53:30.0573 4796 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/24 18:53:30.0669 4796 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/24 18:53:30.0803 4796 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/24 18:53:30.0889 4796 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/24 18:53:30.0934 4796 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/24 18:53:31.0001 4796 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/06/24 18:53:31.0048 4796 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/24 18:53:31.0119 4796 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/24 18:53:31.0231 4796 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/24 18:53:31.0302 4796 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/06/24 18:53:31.0373 4796 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/24 18:53:31.0439 4796 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/24 18:53:31.0539 4796 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/24 18:53:31.0599 4796 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/24 18:53:31.0669 4796 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/24 18:53:31.0827 4796 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/24 18:53:31.0868 4796 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/24 18:53:31.0925 4796 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/24 18:53:32.0035 4796 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/24 18:53:32.0091 4796 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/24 18:53:32.0129 4796 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/24 18:53:32.0180 4796 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/24 18:53:32.0316 4796 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/24 18:53:32.0369 4796 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/24 18:53:32.0431 4796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/24 18:53:32.0573 4796 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/24 18:53:32.0623 4796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/24 18:53:32.0687 4796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/24 18:53:32.0739 4796 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/24 18:53:32.0785 4796 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/24 18:53:32.0874 4796 HPPLSBULK (32fe92018e28df54bf94d41fc7ff92ac) C:\Windows\system32\drivers\hpplsbulk.sys
2011/06/24 18:53:32.0951 4796 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/24 18:53:32.0995 4796 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/24 18:53:33.0086 4796 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/06/24 18:53:33.0140 4796 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/24 18:53:33.0235 4796 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/24 18:53:33.0307 4796 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/24 18:53:33.0368 4796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/24 18:53:33.0461 4796 IntcAzAudAddService (e26bd63077d804d0fc71d29a71151010) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/24 18:53:33.0567 4796 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
2011/06/24 18:53:33.0618 4796 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/24 18:53:33.0705 4796 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/24 18:53:33.0767 4796 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/24 18:53:33.0862 4796 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/24 18:53:33.0923 4796 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/24 18:53:33.0976 4796 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/06/24 18:53:34.0078 4796 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/24 18:53:34.0110 4796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/24 18:53:34.0144 4796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/24 18:53:34.0208 4796 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/24 18:53:34.0297 4796 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/24 18:53:34.0359 4796 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/24 18:53:34.0457 4796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/24 18:53:34.0559 4796 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/24 18:53:34.0606 4796 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/24 18:53:34.0677 4796 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/24 18:53:34.0775 4796 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/24 18:53:34.0817 4796 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/24 18:53:34.0877 4796 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/24 18:53:34.0933 4796 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/24 18:53:35.0034 4796 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/24 18:53:35.0092 4796 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2011/06/24 18:53:35.0138 4796 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/24 18:53:35.0202 4796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/24 18:53:35.0256 4796 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/24 18:53:35.0323 4796 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/24 18:53:35.0376 4796 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/24 18:53:35.0463 4796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/24 18:53:35.0510 4796 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/24 18:53:35.0556 4796 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/24 18:53:35.0593 4796 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/24 18:53:35.0660 4796 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/24 18:53:35.0715 4796 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/06/24 18:53:35.0750 4796 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/24 18:53:35.0839 4796 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/24 18:53:35.0915 4796 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/24 18:53:35.0976 4796 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/24 18:53:36.0034 4796 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/24 18:53:36.0063 4796 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/24 18:53:36.0126 4796 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/24 18:53:36.0211 4796 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/24 18:53:36.0285 4796 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/24 18:53:36.0330 4796 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/24 18:53:36.0444 4796 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/24 18:53:36.0525 4796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/24 18:53:36.0579 4796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/24 18:53:36.0643 4796 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/24 18:53:36.0705 4796 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/24 18:53:36.0782 4796 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/24 18:53:36.0869 4796 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/24 18:53:36.0945 4796 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/24 18:53:37.0033 4796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/24 18:53:37.0121 4796 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/24 18:53:37.0204 4796 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/24 18:53:37.0292 4796 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/24 18:53:37.0390 4796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/24 18:53:37.0449 4796 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/24 18:53:37.0520 4796 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/06/24 18:53:38.0055 4796 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/24 18:53:38.0350 4796 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/24 18:53:38.0404 4796 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/06/24 18:53:38.0445 4796 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/06/24 18:53:38.0565 4796 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/24 18:53:38.0672 4796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/24 18:53:38.0735 4796 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/24 18:53:38.0778 4796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/24 18:53:38.0846 4796 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/24 18:53:38.0928 4796 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/24 18:53:38.0974 4796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/24 18:53:39.0040 4796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/24 18:53:39.0148 4796 pelmouse (7e00deadfd683bfd6d820ad7c8d4e159) C:\Windows\system32\DRIVERS\pelmouse.sys
2011/06/24 18:53:39.0232 4796 pelusblf (36835823f17a489e85094d613e1f9cb4) C:\Windows\system32\DRIVERS\pelusblf.sys
2011/06/24 18:53:39.0379 4796 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/24 18:53:39.0454 4796 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/24 18:53:39.0568 4796 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/24 18:53:39.0609 4796 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/24 18:53:39.0704 4796 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/24 18:53:39.0806 4796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/24 18:53:39.0870 4796 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/24 18:53:39.0991 4796 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/24 18:53:40.0113 4796 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/24 18:53:40.0170 4796 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/24 18:53:40.0265 4796 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/24 18:53:40.0349 4796 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/24 18:53:40.0423 4796 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/24 18:53:40.0479 4796 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/24 18:53:40.0542 4796 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/06/24 18:53:40.0618 4796 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/24 18:53:40.0689 4796 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/24 18:53:40.0804 4796 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/24 18:53:40.0860 4796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/24 18:53:40.0966 4796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/24 18:53:41.0023 4796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/24 18:53:41.0050 4796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/24 18:53:41.0103 4796 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/24 18:53:41.0178 4796 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/24 18:53:41.0277 4796 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/24 18:53:41.0316 4796 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/24 18:53:41.0368 4796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/24 18:53:41.0411 4796 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/06/24 18:53:41.0464 4796 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/24 18:53:41.0561 4796 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/24 18:53:41.0626 4796 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/24 18:53:41.0717 4796 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/24 18:53:41.0814 4796 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/24 18:53:41.0866 4796 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/24 18:53:41.0898 4796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/24 18:53:41.0957 4796 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/06/24 18:53:42.0053 4796 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/24 18:53:42.0104 4796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/24 18:53:42.0148 4796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/24 18:53:42.0196 4796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/24 18:53:42.0295 4796 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/24 18:53:42.0376 4796 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/24 18:53:42.0433 4796 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/24 18:53:42.0490 4796 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/24 18:53:42.0541 4796 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/24 18:53:42.0585 4796 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/24 18:53:42.0667 4796 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/24 18:53:42.0755 4796 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/24 18:53:42.0810 4796 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/24 18:53:42.0858 4796 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/24 18:53:42.0914 4796 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/24 18:53:43.0018 4796 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/24 18:53:43.0083 4796 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/24 18:53:43.0127 4796 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/24 18:53:43.0163 4796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/24 18:53:43.0231 4796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/24 18:53:43.0321 4796 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/24 18:53:43.0421 4796 usbanyka (00114a2122b2b737b97d97dd98e1882e) C:\Windows\system32\DRIVERS\UsbAnyka.sys
2011/06/24 18:53:43.0474 4796 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/24 18:53:43.0538 4796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/24 18:53:43.0642 4796 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/24 18:53:43.0692 4796 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/24 18:53:43.0724 4796 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/24 18:53:43.0774 4796 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/24 18:53:43.0868 4796 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/24 18:53:43.0917 4796 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/24 18:53:43.0967 4796 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/24 18:53:44.0026 4796 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/24 18:53:44.0101 4796 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/24 18:53:44.0146 4796 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/06/24 18:53:44.0200 4796 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/24 18:53:44.0234 4796 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/06/24 18:53:44.0306 4796 vncmirror (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/06/24 18:53:44.0402 4796 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/24 18:53:44.0467 4796 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/24 18:53:44.0525 4796 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/24 18:53:44.0579 4796 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/24 18:53:44.0711 4796 W55U01 (a51f4dabce9b424451ba2ed1271d1c1c) C:\Windows\system32\Drivers\W55U01.sys
2011/06/24 18:53:44.0753 4796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/24 18:53:44.0814 4796 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/24 18:53:44.0832 4796 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/24 18:53:44.0888 4796 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/24 18:53:44.0945 4796 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/24 18:53:45.0097 4796 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/24 18:53:45.0230 4796 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/24 18:53:45.0367 4796 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/24 18:53:45.0432 4796 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/24 18:53:45.0522 4796 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/24 18:53:45.0578 4796 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/24 18:53:45.0639 4796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/24 18:53:45.0658 4796 ================================================================================
2011/06/24 18:53:45.0658 4796 Scan finished
2011/06/24 18:53:45.0658 4796 ================================================================================
2011/06/24 18:53:45.0677 0484 Detected object count: 0
2011/06/24 18:53:45.0677 0484 Actual detected object count: 0

#4
BlackOxide

Posted 25 June 2011 - 09:07 AM

Trusted Helper

Malware Removal
1,976 posts

Thanks for the logs and info. I can see a couple of Adware items in your OTL log, but nothing serious. TDSSKiller log looks good.

Lets go ahead and remove the couple of Adware entries, then we'll do some more scans to see if we can find any other traces

1)
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3)
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
If you are running a 64bit version of Windows, the log should be found at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

In your next reply
Please post the contents of...
OTL log
MBAM log
ESET Online Scanner log

#5
crybaby

Posted 27 June 2011 - 11:29 AM

Member

Topic Starter
Member
175 posts

Hi there! Hope you had a good weekend!
Upon running the OTL fix, the program ceased to respond, and terminated. Therefore, I do not have a log file for that scan as you requested. :unsure:

I hope that is OK. Here are the other logs that you asked for though.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6959

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/27/2011 10:21:29 AM
mbam-log-2011-06-27 (10-21-27).txt

Scan type: Quick scan
Objects scanned: 207014
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 51

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\setups (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

Files Infected:
c:\Users\shayla potter\downloads\IWON.exe (Adware.FunWeb) -> No action taken.
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\setups\mwsbarS2.exe (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3IEOVR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.

ESET Scan Log:

C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL a variant of Win32/Toolbar.MyWebSearch.M application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\setups\mwsbarS2.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Mason\Desktop\softonic-us-silent-2.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\Shayla Potter\AppData\LocalLow\FunWebProducts\Installr\Cache\019543BB.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Shayla Potter\Downloads\IWON.exe Win32/Toolbar.MyWebSearch application deleted - quarantined
C:\Users\Shayla Potter\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\_OTL\MovedFiles\06272011_073920\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined

#6
BlackOxide

Posted 27 June 2011 - 02:50 PM

Trusted Helper

Malware Removal
1,976 posts

Hi there! Hope you had a good weekend!

I did indeed thanks, was nice and warm here (for a change), hope yours was decent as well.

Don't worry about the OTL log, we'll just get a fresh one here. The items were probably removed in the last fix though

Can you also run a Quick Scan in MBAM again for me please, and then choose Remove Selected items, if it wasn't done before, as those items in the log show No Action Taken. If you removed them after creating that log, then no need to scan again.

1)
OTL Quick Scan

Double click on the OTL icon to run it.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window.
Please post the contents of this log

2)
Run MBAM again, if the items that were found previously, were not removed.

Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...

Open MBAM
Click the Update tab, then click Check for Updates and let it install any updates if they are available
Click the Scanner tab, then make sure Quick Scan is selected and click Scan
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
Post the log that it produces in your next reply

3)
How is the PC behaving now, have you been getting any freezing just lately?

In your next reply
Please post the contents of...
OTL log
MBAM log
Update on how the PC is running

#7
BlackOxide

Posted 01 July 2011 - 01:42 PM

Trusted Helper

Malware Removal
1,976 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.