Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New laptop slowed to a crawl. Please help . [Solved]

Started by lavenderchef45 , Jan 12 2012 04:19 PM

  • This topic is locked This topic is locked

#1
lavenderchef45
Posted 12 January 2012 - 04:19 PM

lavenderchef45

    Member

  • Member
  • PipPip
  • 37 posts
I have a 4 month old Toshiba Satellite C655 laptop.Running Windows 7,the newest Firefox, Kaspersky, Malwarebytes, ccleaner. I am not a gamer,do not visit odd websites, use mozilla privacy tools;etc. In November when I booted up my machine had slowed to a crawl. My login wallpaper changed. Shortcut icons take forever to display, internet is slow(have DSL), Boot up & shut down takes a l o n g time. I have run Malwarebytes, cleaned tmp files, defragged. Biggest file I have (other than my operating system) is OOffice. I do not open spam email or email from unknown sources. Also, when things changed my System restore points all disappeared and only hold for about a week. I have not had this computer long enough to build up that many restore points.
I have run check disk /f several times. Nada. Also system file checker.

Really would like to get some assistance. This machine was running great for about 3 months.

Any help would be greatly appreciated.
  • 0

Advertisements

#2
Gammo
Posted 16 January 2012 - 05:48 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
lavenderchef45
Posted 16 January 2012 - 03:50 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 1/16/2012 4:35:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Angela\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 52.97% Memory free
5.20 Gb Paging File | 3.55 Gb Available in Paging File | 68.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 251.70 Gb Free Space | 88.23% Space Free | Partition Type: NTFS

Computer Name: LYDIA | User Name: Angela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 16:33:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
PRC - [2011/12/29 21:00:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/14 19:24:27 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/01/14 19:24:27 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/12/29 21:00:48 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/23 18:08:50 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/10 14:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 16:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (Pml Driver HPZ12)
SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (Net Driver HPZ12)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/14 08:58:46 | 000,274,616 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/08/07 14:45:38 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/10 15:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/10 14:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/09 15:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 15:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 17:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/11/02 18:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 09:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/08/07 15:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/08/07 15:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/29 21:00:50 | 000,000,000 | ---D | M]

[2011/08/07 14:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Extensions
[2012/01/12 16:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\81d8y8d2.default\extensions
[2012/01/12 16:41:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\81d8y8d2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/25 19:34:01 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\81d8y8d2.default\extensions\[email protected]
[2012/01/01 23:55:23 | 000,001,620 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\81d8y8d2.default\searchplugins\read-books-online.xml
[2012/01/01 23:53:10 | 000,001,539 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\81d8y8d2.default\searchplugins\thesaurus---referencecom.xml
[2012/01/01 23:53:26 | 000,000,705 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\81d8y8d2.default\searchplugins\webster.xml
[2012/01/14 19:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/14 19:19:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/07 14:55:44 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
() (No name found) -- C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\[email protected]
[2011/12/29 21:00:49 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/29 21:00:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/29 21:00:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/02 21:43:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [COMODO System Cleaner SafeDelete] "F:\CSC_SETUP_2.2.335611.5_xp_vista_server2003_win7_32bit\COMODO System-Cleaner\CSC.EXE" //safedeletion File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.111.1.210 204.111.1.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF8FA6A-61A2-46A6-9933-844D82298839}: DhcpNameServer = 204.111.1.210 204.111.1.195
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (maliprog @ Geekstogo)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 16:33:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
[2012/01/14 19:27:40 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\OpenOffice.org
[2012/01/14 19:23:32 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/01/14 19:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/01/14 19:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/14 19:18:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/01/14 19:18:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/01/14 19:18:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/01/14 19:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/01/14 19:12:13 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2012/01/14 12:46:47 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/14 12:46:46 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/14 12:46:46 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/14 12:46:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/14 12:46:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/14 12:46:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/14 12:46:44 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/14 12:46:44 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/14 12:46:44 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/14 12:46:44 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/14 12:46:43 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/01/14 12:46:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/01/14 12:46:10 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/14 12:46:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/14 12:46:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/01/07 18:55:57 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\references
[2012/01/06 22:13:41 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Angela\Desktop\explorer.exe
[2012/01/03 19:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/01/03 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\PC_Drivers_Headquarters
[2012/01/03 19:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/01/03 19:12:35 | 001,182,616 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Users\Angela\Desktop\DriverDetective.exe
[2012/01/02 17:28:54 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/12/29 23:42:07 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Defrag
[2011/12/29 23:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Defrag
[2011/12/29 23:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Defrag
[2011/12/29 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Wise Registry Cleaner
[2011/12/29 22:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2011/12/29 22:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2011/12/29 20:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/29 20:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/29 19:36:29 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Adobe
[2011/12/23 18:08:51 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/23 17:47:03 | 000,462,496 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Angela\Desktop\uninstall_flash_player_64bit.exe
[2011/12/18 20:33:54 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/12/18 20:33:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/12/18 20:33:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/12/18 20:33:53 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/12/18 20:33:53 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/12/18 20:33:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/12/18 20:33:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/12/18 20:33:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2011/12/18 20:33:21 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011/12/18 20:33:20 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2012/01/16 16:33:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
[2012/01/16 16:15:50 | 000,014,386 | ---- | M] () -- C:\Users\Angela\Desktop\Ref 2012.odt
[2012/01/16 16:12:15 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:12:15 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:03:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/16 16:03:24 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 01:56:50 | 000,015,873 | ---- | M] () -- C:\Users\Angela\Desktop\Ref list Nu.odt
[2012/01/15 20:00:47 | 000,000,236 | ---- | M] () -- C:\Users\Angela\Desktop\How-to Install & Configure Windows 7, Security Guide - Tech Support Guy Forums.url
[2012/01/15 19:49:14 | 000,019,015 | ---- | M] () -- C:\Users\Angela\Desktop\details.aspx.htm
[2012/01/15 18:30:14 | 000,012,367 | ---- | M] () -- C:\Users\Angela\Desktop\OAK SPRINGS WarrENTON FEB 1.odt
[2012/01/15 01:29:03 | 000,013,504 | ---- | M] () -- C:\Users\Angela\Desktop\References.rtf_0.odt
[2012/01/14 19:28:41 | 000,001,247 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/14 19:17:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/01/14 19:17:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/01/14 19:17:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/01/14 19:17:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/01/14 19:11:13 | 158,067,944 | ---- | M] () -- C:\Users\Angela\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2012/01/14 00:00:30 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/14 00:00:30 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/14 00:00:30 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/13 01:32:06 | 000,000,217 | ---- | M] () -- C:\Users\Angela\Desktop\Cook.url
[2012/01/09 18:44:17 | 000,000,210 | ---- | M] () -- C:\Users\Angela\Desktop\Prep Cook - Multiple Positions Job in VA-Loudoun - LeesburgToday-SunGazette.url
[2012/01/09 18:43:44 | 000,000,303 | ---- | M] () -- C:\Users\Angela\Desktop\Cook Jobs, Employment in Winchester, VA 22601 Indeed.com.url
[2012/01/08 02:27:33 | 000,000,258 | ---- | M] () -- C:\Users\Angela\Desktop\Google redirect not going away! - Geeks to Go Forums.url
[2012/01/06 22:52:30 | 000,000,114 | ---- | M] () -- C:\Users\Angela\Desktop\The Freecycle Network.url
[2012/01/06 22:13:49 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Angela\Desktop\explorer.exe
[2012/01/06 19:53:55 | 000,000,230 | ---- | M] () -- C:\Users\Angela\Desktop\Making Home Affordable.url
[2012/01/06 19:51:02 | 000,000,237 | ---- | M] () -- C:\Users\Angela\Desktop\Printable Percentage Chart.url
[2012/01/06 19:23:11 | 000,000,230 | ---- | M] () -- C:\Users\Angela\Desktop\Alternatives to Foreclosure - Freddie Mac.url
[2012/01/03 19:12:47 | 001,182,616 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Users\Angela\Desktop\DriverDetective.exe
[2012/01/03 19:08:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/02 23:31:21 | 000,000,190 | ---- | M] () -- C:\Users\Angela\Desktop\Hyperthymesia - Wikipedia, the free encyclopedia.url
[2012/01/01 19:40:27 | 000,000,139 | ---- | M] () -- C:\Users\Angela\Desktop\Employment Application Lodge At Old Trail.url
[2012/01/01 17:48:02 | 000,000,183 | ---- | M] () -- C:\Users\Angela\Desktop\Home Loan Modification or Mortgage Refinance CreditFYI.com.url
[2011/12/29 23:42:07 | 000,001,055 | ---- | M] () -- C:\Users\Angela\Desktop\Eusing Free Registry Defrag.lnk
[2011/12/28 12:47:33 | 000,012,805 | ---- | M] () -- C:\Users\Angela\Desktop\products.cfm.htm
[2011/12/26 22:06:08 | 000,000,164 | ---- | M] () -- C:\Users\Angela\Desktop\Jobs.net - Jobs, Job Search, Employment Resources and Career Advice.url
[2011/12/26 22:04:29 | 000,000,229 | ---- | M] () -- C:\Users\Angela\Desktop\Manager, Dining Services.url
[2011/12/26 22:03:35 | 000,000,267 | ---- | M] () -- C:\Users\Angela\Desktop\samuelslibrary.net - employment opportunities.url
[2011/12/23 17:47:22 | 000,462,496 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Angela\Desktop\uninstall_flash_player_64bit.exe
[2011/12/21 11:36:20 | 000,000,116 | ---- | M] () -- C:\Users\Angela\Desktop\The Sudarium Trilogy Best Selling Thriller.url
[2011/12/21 11:35:53 | 000,000,145 | ---- | M] () -- C:\Users\Angela\Desktop\ITW Member Directory - David Richards's Profile.url
[2011/12/18 22:52:03 | 000,000,216 | ---- | M] () -- C:\Users\Angela\Desktop\[PC Support] Frequently Asked Windows Problems with Solutions, Help and Troubleshooting Tips - Tweaking with Vishal.url
[2011/12/18 03:33:21 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat

========== Files Created - No Company Name ==========

[2012/01/16 01:56:48 | 000,015,873 | ---- | C] () -- C:\Users\Angela\Desktop\Ref list Nu.odt
[2012/01/15 20:00:46 | 000,000,236 | ---- | C] () -- C:\Users\Angela\Desktop\How-to Install & Configure Windows 7, Security Guide - Tech Support Guy Forums.url
[2012/01/15 19:49:08 | 000,019,015 | ---- | C] () -- C:\Users\Angela\Desktop\details.aspx.htm
[2012/01/15 18:30:12 | 000,012,367 | ---- | C] () -- C:\Users\Angela\Desktop\OAK SPRINGS WarrENTON FEB 1.odt
[2012/01/15 17:26:36 | 000,014,386 | ---- | C] () -- C:\Users\Angela\Desktop\Ref 2012.odt
[2012/01/15 16:53:44 | 000,013,504 | ---- | C] () -- C:\Users\Angela\Desktop\References.rtf_0.odt
[2012/01/14 19:28:41 | 000,001,247 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/14 18:26:07 | 158,067,944 | ---- | C] () -- C:\Users\Angela\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2012/01/13 01:32:06 | 000,000,217 | ---- | C] () -- C:\Users\Angela\Desktop\Cook.url
[2012/01/09 18:44:17 | 000,000,210 | ---- | C] () -- C:\Users\Angela\Desktop\Prep Cook - Multiple Positions Job in VA-Loudoun - LeesburgToday-SunGazette.url
[2012/01/09 18:43:44 | 000,000,303 | ---- | C] () -- C:\Users\Angela\Desktop\Cook Jobs, Employment in Winchester, VA 22601 Indeed.com.url
[2012/01/08 02:27:33 | 000,000,258 | ---- | C] () -- C:\Users\Angela\Desktop\Google redirect not going away! - Geeks to Go Forums.url
[2012/01/06 22:52:30 | 000,000,114 | ---- | C] () -- C:\Users\Angela\Desktop\The Freecycle Network.url
[2012/01/06 19:53:55 | 000,000,230 | ---- | C] () -- C:\Users\Angela\Desktop\Making Home Affordable.url
[2012/01/06 19:51:01 | 000,000,237 | ---- | C] () -- C:\Users\Angela\Desktop\Printable Percentage Chart.url
[2012/01/06 19:23:11 | 000,000,230 | ---- | C] () -- C:\Users\Angela\Desktop\Alternatives to Foreclosure - Freddie Mac.url
[2012/01/01 19:40:27 | 000,000,139 | ---- | C] () -- C:\Users\Angela\Desktop\Employment Application Lodge At Old Trail.url
[2012/01/01 17:48:02 | 000,000,183 | ---- | C] () -- C:\Users\Angela\Desktop\Home Loan Modification or Mortgage Refinance CreditFYI.com.url
[2011/12/29 23:42:07 | 000,001,055 | ---- | C] () -- C:\Users\Angela\Desktop\Eusing Free Registry Defrag.lnk
[2011/12/28 12:47:25 | 000,012,805 | ---- | C] () -- C:\Users\Angela\Desktop\products.cfm.htm
[2011/12/26 22:06:08 | 000,000,164 | ---- | C] () -- C:\Users\Angela\Desktop\Jobs.net - Jobs, Job Search, Employment Resources and Career Advice.url
[2011/12/26 22:04:29 | 000,000,229 | ---- | C] () -- C:\Users\Angela\Desktop\Manager, Dining Services.url
[2011/12/26 22:03:35 | 000,000,267 | ---- | C] () -- C:\Users\Angela\Desktop\samuelslibrary.net - employment opportunities.url
[2011/12/21 11:36:20 | 000,000,116 | ---- | C] () -- C:\Users\Angela\Desktop\The Sudarium Trilogy Best Selling Thriller.url
[2011/12/21 11:35:53 | 000,000,145 | ---- | C] () -- C:\Users\Angela\Desktop\ITW Member Directory - David Richards's Profile.url
[2011/12/18 22:52:03 | 000,000,216 | ---- | C] () -- C:\Users\Angela\Desktop\[PC Support] Frequently Asked Windows Problems with Solutions, Help and Troubleshooting Tips - Tweaking with Vishal.url
[2011/12/18 03:33:21 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/10/11 23:38:44 | 000,007,605 | ---- | C] () -- C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
[2011/08/09 15:28:51 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/21 01:20:52 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/05/21 01:13:26 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/05/21 01:10:23 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/11 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\GetRightToGo
[2011/10/01 21:30:06 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\GlarySoft
[2011/10/16 19:51:52 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Iomatic
[2012/01/14 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\OpenOffice.org
[2011/09/25 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\QFX Software
[2012/01/16 01:57:43 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\SoftGrid Client
[2011/11/27 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Toshiba
[2011/08/09 15:30:53 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\TP
[2011/08/07 14:25:46 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\WinBatch
[2011/12/29 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Wise Registry Cleaner
[2011/12/20 18:31:52 | 000,032,552 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
lavenderchef45
Posted 16 January 2012 - 03:53 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I apologize but I could not find the "Options" button.
  • 0

#5
Gammo
Posted 16 January 2012 - 03:56 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#6
lavenderchef45
Posted 16 January 2012 - 04:06 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I JUST saw the other txt file "EXTRAS" and am posting it to you now.

OTL Extras logfile created on: 1/16/2012 4:35:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Angela\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 52.97% Memory free
5.20 Gb Paging File | 3.55 Gb Available in Paging File | 68.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 251.70 Gb Free Space | 88.23% Space Free | Partition Type: NTFS

Computer Name: LYDIA | User Name: Angela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Pegasus Mail" = Pegasus Mail
"Revo Uninstaller" = Revo Uninstaller 1.93
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 7:59:02 PM | Computer Name = Lydia | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/31/2011 1:42:27 PM | Computer Name = Lydia | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 1:43:53 PM | Computer Name = Lydia | Source = Application Error | ID = 1000
Description = Faulting application name: SynTPEnh.exe, version: 11.2.4.0, time stamp:
0x48a4e843 Faulting module name: SynTPEnh.exe, version: 11.2.4.0, time stamp: 0x48a4e843
Exception
code: 0xc0000005 Fault offset: 0x0000000000037a1d Faulting process id: 0xdd8 Faulting
application start time: 0x01ccc7e3c23d7f37 Faulting application path: C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe Faulting module path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Report
Id: 01054dd8-33d7-11e1-8845-00266cbf61b0

Error - 12/31/2011 2:15:08 PM | Computer Name = Lydia | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/1/2012 6:31:30 PM | Computer Name = Lydia | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2012 6:35:10 PM | Computer Name = Lydia | Source = Application Error | ID = 1000
Description = Faulting application name: SynTPEnh.exe, version: 11.2.4.0, time stamp:
0x48a4e843 Faulting module name: SynTPEnh.exe, version: 11.2.4.0, time stamp: 0x48a4e843
Exception
code: 0xc0000005 Fault offset: 0x0000000000037a1d Faulting process id: 0xd28 Faulting
application start time: 0x01ccc8d59cd46b7c Faulting application path: C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe Faulting module path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Report
Id: dc5d0993-34c8-11e1-aaa3-00266cbf61b0

Error - 1/1/2012 7:35:47 PM | Computer Name = Lydia | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/2/2012 2:36:39 AM | Computer Name = Lydia | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/2/2012 6:29:54 PM | Computer Name = Lydia | Source = WinMgmt | ID = 10
Description =

Error - 1/2/2012 6:30:49 PM | Computer Name = Lydia | Source = Application Error | ID = 1000
Description = Faulting application name: SynTPEnh.exe, version: 11.2.4.0, time stamp:
0x48a4e843 Faulting module name: SynTPEnh.exe, version: 11.2.4.0, time stamp: 0x48a4e843
Exception
code: 0xc0000005 Fault offset: 0x0000000000037a1d Faulting process id: 0xd44 Faulting
application start time: 0x01ccc99e2b3ca033 Faulting application path: C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe Faulting module path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Report
Id: 6b671bdc-3591-11e1-8253-00266cbf61b0

[ System Events ]
Error - 11/24/2011 9:15:27 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/25/2011 11:10:06 PM | Computer Name = Lydia | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:12:53 AM on ?11/?25/?2011 was unexpected.

Error - 11/25/2011 11:10:22 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%2

Error - 11/25/2011 11:10:22 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%2

Error - 11/25/2011 11:10:26 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7000
Description = The TOSHIBA Optical Disc Drive Service service failed to start due
to the following error: %%3

Error - 11/25/2011 11:12:12 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 11/25/2011 11:12:12 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/25/2011 11:12:32 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 11/25/2011 11:12:32 PM | Computer Name = Lydia | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 11/25/2011 11:12:33 PM | Computer Name = Lydia | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#7
lavenderchef45
Posted 16 January 2012 - 04:17 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
17:10:13.0622 5020 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
17:10:15.0299 5020 ============================================================
17:10:15.0299 5020 Current date / time: 2012/01/16 17:10:15.0299
17:10:15.0299 5020 SystemInfo:
17:10:15.0299 5020
17:10:15.0299 5020 OS Version: 6.1.7601 ServicePack: 1.0
17:10:15.0299 5020 Product type: Workstation
17:10:15.0300 5020 ComputerName: LYDIA
17:10:15.0300 5020 UserName: Angela
17:10:15.0300 5020 Windows directory: C:\windows
17:10:15.0300 5020 System windows directory: C:\windows
17:10:15.0300 5020 Running under WOW64
17:10:15.0300 5020 Processor architecture: Intel x64
17:10:15.0300 5020 Number of processors: 2
17:10:15.0300 5020 Page size: 0x1000
17:10:15.0300 5020 Boot type: Normal boot
17:10:15.0300 5020 ============================================================
17:10:18.0317 5020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
17:10:18.0377 5020 Initialize success
17:11:02.0224 0356 ============================================================
17:11:02.0224 0356 Scan started
17:11:02.0224 0356 Mode: Manual; SigCheck; TDLFS;
17:11:02.0224 0356 ============================================================
17:11:09.0972 0356 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
17:11:10.0395 0356 1394ohci - ok
17:11:10.0623 0356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
17:11:10.0668 0356 ACPI - ok
17:11:11.0121 0356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
17:11:11.0252 0356 AcpiPmi - ok
17:11:12.0038 0356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
17:11:12.0236 0356 adp94xx - ok
17:11:13.0086 0356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
17:11:13.0124 0356 adpahci - ok
17:11:13.0827 0356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
17:11:13.0856 0356 adpu320 - ok
17:11:14.0897 0356 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
17:11:15.0113 0356 AFD - ok
17:11:15.0357 0356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
17:11:15.0382 0356 agp440 - ok
17:11:15.0557 0356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
17:11:15.0580 0356 aliide - ok
17:11:15.0724 0356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
17:11:15.0774 0356 amdide - ok
17:11:16.0108 0356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
17:11:16.0165 0356 AmdK8 - ok
17:11:16.0933 0356 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys
17:11:17.0421 0356 amdkmdag - ok
17:11:17.0563 0356 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys
17:11:17.0620 0356 amdkmdap - ok
17:11:17.0816 0356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:11:17.0906 0356 AmdPPM - ok
17:11:18.0068 0356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
17:11:18.0121 0356 amdsata - ok
17:11:18.0352 0356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
17:11:18.0380 0356 amdsbs - ok
17:11:18.0646 0356 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
17:11:18.0697 0356 amdxata - ok
17:11:19.0303 0356 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
17:11:19.0356 0356 amd_sata - ok
17:11:19.0587 0356 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
17:11:19.0609 0356 amd_xata - ok
17:11:19.0728 0356 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
17:11:19.0852 0356 AppID - ok
17:11:20.0820 0356 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
17:11:20.0900 0356 arc - ok
17:11:21.0532 0356 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
17:11:21.0685 0356 arcsas - ok
17:11:22.0110 0356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:11:23.0162 0356 AsyncMac - ok
17:11:24.0421 0356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
17:11:24.0483 0356 atapi - ok
17:11:25.0091 0356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
17:11:25.0233 0356 b06bdrv - ok
17:11:25.0729 0356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:11:25.0928 0356 b57nd60a - ok
17:11:26.0811 0356 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:11:26.0995 0356 Beep - ok
17:11:27.0577 0356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:11:27.0691 0356 blbdrive - ok
17:11:28.0211 0356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
17:11:28.0338 0356 bowser - ok
17:11:28.0867 0356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
17:11:28.0936 0356 BrFiltLo - ok
17:11:29.0100 0356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
17:11:29.0139 0356 BrFiltUp - ok
17:11:29.0477 0356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:11:29.0564 0356 Brserid - ok
17:11:29.0954 0356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:11:30.0096 0356 BrSerWdm - ok
17:11:30.0510 0356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:11:30.0741 0356 BrUsbMdm - ok
17:11:30.0877 0356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:11:30.0931 0356 BrUsbSer - ok
17:11:31.0170 0356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
17:11:31.0227 0356 BTHMODEM - ok
17:11:31.0368 0356 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:11:31.0492 0356 cdfs - ok
17:11:32.0096 0356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
17:11:32.0237 0356 cdrom - ok
17:11:32.0695 0356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
17:11:32.0744 0356 circlass - ok
17:11:32.0828 0356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:11:32.0885 0356 CLFS - ok
17:11:33.0609 0356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:11:33.0653 0356 CmBatt - ok
17:11:33.0865 0356 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
17:11:33.0893 0356 cmdide - ok
17:11:34.0672 0356 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
17:11:34.0859 0356 CNG - ok
17:11:35.0054 0356 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
17:11:35.0140 0356 CnxtHdAudService - ok
17:11:35.0274 0356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
17:11:35.0308 0356 Compbatt - ok
17:11:35.0430 0356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
17:11:35.0485 0356 CompositeBus - ok
17:11:35.0600 0356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
17:11:35.0645 0356 crcdisk - ok
17:11:35.0969 0356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
17:11:36.0149 0356 DfsC - ok
17:11:36.0313 0356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:11:36.0416 0356 discache - ok
17:11:36.0704 0356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
17:11:36.0745 0356 Disk - ok
17:11:36.0928 0356 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:11:36.0982 0356 drmkaud - ok
17:11:37.0126 0356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
17:11:37.0182 0356 DXGKrnl - ok
17:11:37.0390 0356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
17:11:37.0596 0356 ebdrv - ok
17:11:37.0834 0356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
17:11:37.0890 0356 elxstor - ok
17:11:38.0012 0356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
17:11:38.0061 0356 ErrDev - ok
17:11:38.0253 0356 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
17:11:38.0289 0356 ETD - ok
17:11:38.0451 0356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:11:38.0557 0356 exfat - ok
17:11:38.0688 0356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:11:38.0785 0356 fastfat - ok
17:11:38.0909 0356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
17:11:38.0962 0356 fdc - ok
17:11:39.0089 0356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:11:39.0122 0356 FileInfo - ok
17:11:39.0233 0356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:11:39.0349 0356 Filetrace - ok
17:11:39.0456 0356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
17:11:39.0495 0356 flpydisk - ok
17:11:39.0613 0356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
17:11:39.0658 0356 FltMgr - ok
17:11:39.0831 0356 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:11:39.0866 0356 FsDepends - ok
17:11:40.0042 0356 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
17:11:40.0077 0356 Fs_Rec - ok
17:11:40.0204 0356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
17:11:40.0243 0356 fvevol - ok
17:11:40.0417 0356 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
17:11:40.0533 0356 FwLnk - ok
17:11:40.0642 0356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
17:11:40.0675 0356 gagp30kx - ok
17:11:40.0790 0356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:11:40.0880 0356 hcw85cir - ok
17:11:41.0026 0356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
17:11:41.0096 0356 HdAudAddService - ok
17:11:41.0218 0356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:11:41.0277 0356 HDAudBus - ok
17:11:41.0401 0356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
17:11:41.0476 0356 HidBatt - ok
17:11:41.0704 0356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
17:11:41.0761 0356 HidBth - ok
17:11:41.0929 0356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
17:11:41.0993 0356 HidIr - ok
17:11:42.0486 0356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
17:11:42.0552 0356 HidUsb - ok
17:11:42.0755 0356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
17:11:42.0796 0356 HpSAMD - ok
17:11:42.0969 0356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
17:11:43.0075 0356 HTTP - ok
17:11:43.0194 0356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
17:11:43.0224 0356 hwpolicy - ok
17:11:43.0376 0356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:11:43.0412 0356 i8042prt - ok
17:11:43.0624 0356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
17:11:43.0663 0356 iaStorV - ok
17:11:43.0773 0356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
17:11:43.0803 0356 iirsp - ok
17:11:44.0084 0356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
17:11:44.0118 0356 intelide - ok
17:11:44.0210 0356 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
17:11:44.0260 0356 intelppm - ok
17:11:44.0500 0356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:11:44.0582 0356 IpFilterDriver - ok
17:11:44.0690 0356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
17:11:44.0741 0356 IPMIDRV - ok
17:11:44.0847 0356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:11:44.0944 0356 IPNAT - ok
17:11:45.0259 0356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:11:45.0455 0356 IRENUM - ok
17:11:45.0615 0356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
17:11:45.0652 0356 isapnp - ok
17:11:46.0275 0356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
17:11:46.0334 0356 iScsiPrt - ok
17:11:46.0560 0356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:11:46.0597 0356 kbdclass - ok
17:11:46.0705 0356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
17:11:46.0749 0356 kbdhid - ok
17:11:46.0920 0356 KeyScrambler (d8080864c6f49b53e3c0158ac584d3dd) C:\windows\system32\drivers\keyscrambler.sys
17:11:47.0040 0356 KeyScrambler - ok
17:11:47.0253 0356 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
17:11:47.0294 0356 KL1 - ok
17:11:47.0922 0356 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
17:11:47.0976 0356 kl2 - ok
17:11:48.0377 0356 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
17:11:48.0431 0356 KLIF - ok
17:11:48.0645 0356 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
17:11:48.0689 0356 KLIM6 - ok
17:11:48.0949 0356 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
17:11:48.0990 0356 klmouflt - ok
17:11:49.0364 0356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
17:11:49.0428 0356 KSecDD - ok
17:11:49.0719 0356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
17:11:49.0835 0356 KSecPkg - ok
17:11:50.0461 0356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:11:50.0617 0356 ksthunk - ok
17:11:50.0919 0356 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
17:11:50.0953 0356 L1C - ok
17:11:51.0241 0356 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:11:51.0336 0356 lltdio - ok
17:11:51.0531 0356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
17:11:51.0569 0356 LSI_FC - ok
17:11:52.0156 0356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
17:11:52.0208 0356 LSI_SAS - ok
17:11:52.0347 0356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
17:11:52.0375 0356 LSI_SAS2 - ok
17:11:52.0472 0356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
17:11:52.0505 0356 LSI_SCSI - ok
17:11:52.0607 0356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:11:52.0732 0356 luafv - ok
17:11:52.0874 0356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
17:11:52.0914 0356 megasas - ok
17:11:53.0026 0356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
17:11:53.0072 0356 MegaSR - ok
17:11:53.0226 0356 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:11:53.0347 0356 Modem - ok
17:11:53.0449 0356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:11:53.0504 0356 monitor - ok
17:11:53.0639 0356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:11:53.0666 0356 mouclass - ok
17:11:53.0784 0356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:11:53.0835 0356 mouhid - ok
17:11:54.0019 0356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
17:11:54.0049 0356 mountmgr - ok
17:11:54.0601 0356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
17:11:54.0637 0356 mpio - ok
17:11:54.0779 0356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:11:54.0891 0356 mpsdrv - ok
17:11:54.0992 0356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
17:11:55.0051 0356 MRxDAV - ok
17:11:55.0224 0356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
17:11:55.0309 0356 mrxsmb - ok
17:11:55.0510 0356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:11:55.0550 0356 mrxsmb10 - ok
17:11:55.0736 0356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:11:55.0812 0356 mrxsmb20 - ok
17:11:55.0911 0356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
17:11:55.0940 0356 msahci - ok
17:11:56.0070 0356 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
17:11:56.0106 0356 msdsm - ok
17:11:56.0470 0356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:11:56.0547 0356 Msfs - ok
17:11:56.0929 0356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:11:57.0034 0356 mshidkmdf - ok
17:11:57.0147 0356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
17:11:57.0198 0356 msisadrv - ok
17:11:57.0299 0356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:11:57.0397 0356 MSKSSRV - ok
17:11:57.0532 0356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:11:57.0625 0356 MSPCLOCK - ok
17:11:57.0710 0356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:11:57.0917 0356 MSPQM - ok
17:11:58.0010 0356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
17:11:58.0051 0356 MsRPC - ok
17:11:58.0195 0356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:11:58.0223 0356 mssmbios - ok
17:11:58.0330 0356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:11:58.0424 0356 MSTEE - ok
17:11:58.0520 0356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
17:11:58.0572 0356 MTConfig - ok
17:11:58.0688 0356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:11:58.0717 0356 Mup - ok
17:11:58.0839 0356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:11:58.0911 0356 NativeWifiP - ok
17:11:59.0082 0356 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
17:11:59.0137 0356 NDIS - ok
17:11:59.0251 0356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:11:59.0337 0356 NdisCap - ok
17:11:59.0430 0356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:11:59.0518 0356 NdisTapi - ok
17:11:59.0619 0356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
17:11:59.0726 0356 Ndisuio - ok
17:12:00.0047 0356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
17:12:00.0160 0356 NdisWan - ok
17:12:00.0314 0356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
17:12:00.0391 0356 NDProxy - ok
17:12:00.0504 0356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:12:00.0600 0356 NetBIOS - ok
17:12:00.0788 0356 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
17:12:00.0871 0356 NetBT - ok
17:12:01.0007 0356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
17:12:01.0046 0356 nfrd960 - ok
17:12:01.0196 0356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:12:01.0282 0356 Npfs - ok
17:12:01.0396 0356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:12:01.0494 0356 nsiproxy - ok
17:12:01.0781 0356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
17:12:01.0945 0356 Ntfs - ok
17:12:02.0522 0356 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:12:03.0060 0356 Null - ok
17:12:03.0305 0356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
17:12:03.0369 0356 nvraid - ok
17:12:04.0240 0356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
17:12:04.0288 0356 nvstor - ok
17:12:04.0655 0356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
17:12:04.0688 0356 nv_agp - ok
17:12:04.0879 0356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
17:12:04.0918 0356 ohci1394 - ok
17:12:05.0184 0356 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
17:12:05.0223 0356 Parport - ok
17:12:05.0807 0356 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
17:12:05.0851 0356 partmgr - ok
17:12:06.0130 0356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
17:12:06.0198 0356 pci - ok
17:12:06.0312 0356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:12:06.0346 0356 pciide - ok
17:12:06.0519 0356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
17:12:06.0563 0356 pcmcia - ok
17:12:07.0119 0356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:12:07.0145 0356 pcw - ok
17:12:08.0142 0356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:12:08.0280 0356 PEAUTH - ok
17:12:09.0008 0356 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
17:12:09.0056 0356 PGEffect - ok
17:12:09.0220 0356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
17:12:09.0322 0356 PptpMiniport - ok
17:12:09.0521 0356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
17:12:09.0593 0356 Processor - ok
17:12:09.0760 0356 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
17:12:09.0908 0356 Psched - ok
17:12:10.0160 0356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
17:12:10.0239 0356 ql2300 - ok
17:12:10.0368 0356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
17:12:10.0399 0356 ql40xx - ok
17:12:10.0534 0356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:12:10.0592 0356 QWAVEdrv - ok
17:12:10.0756 0356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:12:10.0874 0356 RasAcd - ok
17:12:11.0169 0356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:12:11.0276 0356 RasAgileVpn - ok
17:12:11.0404 0356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
17:12:11.0619 0356 Rasl2tp - ok
17:12:11.0739 0356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:12:11.0839 0356 RasPppoe - ok
17:12:11.0965 0356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:12:12.0067 0356 RasSstp - ok
17:12:12.0184 0356 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
17:12:12.0290 0356 rdbss - ok
17:12:12.0393 0356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
17:12:12.0445 0356 rdpbus - ok
17:12:12.0576 0356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:12:12.0675 0356 RDPCDD - ok
17:12:12.0778 0356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:12:12.0873 0356 RDPENCDD - ok
17:12:12.0971 0356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:12:13.0061 0356 RDPREFMP - ok
17:12:13.0152 0356 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
17:12:13.0248 0356 RDPWD - ok
17:12:13.0423 0356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
17:12:13.0519 0356 rdyboost - ok
17:12:13.0838 0356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:12:14.0055 0356 rspndr - ok
17:12:14.0279 0356 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
17:12:14.0431 0356 RSUSBSTOR - ok
17:12:15.0019 0356 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
17:12:15.0093 0356 RTL8192Ce - ok
17:12:15.0205 0356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
17:12:15.0238 0356 sbp2port - ok
17:12:15.0438 0356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
17:12:15.0564 0356 scfilter - ok
17:12:16.0064 0356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:12:16.0173 0356 secdrv - ok
17:12:16.0465 0356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
17:12:16.0515 0356 Serenum - ok
17:12:16.0613 0356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
17:12:16.0658 0356 Serial - ok
17:12:16.0869 0356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
17:12:16.0920 0356 sermouse - ok
17:12:17.0080 0356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
17:12:17.0130 0356 sffdisk - ok
17:12:17.0236 0356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
17:12:17.0299 0356 sffp_mmc - ok
17:12:17.0436 0356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
17:12:17.0488 0356 sffp_sd - ok
17:12:17.0581 0356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
17:12:17.0629 0356 sfloppy - ok
17:12:18.0292 0356 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
17:12:18.0362 0356 Sftfs - ok
17:12:18.0607 0356 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
17:12:19.0064 0356 Sftplay - ok
17:12:19.0398 0356 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
17:12:19.0434 0356 Sftredir - ok
17:12:19.0696 0356 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
17:12:19.0736 0356 Sftvol - ok
17:12:20.0026 0356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
17:12:20.0056 0356 SiSRaid2 - ok
17:12:20.0195 0356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
17:12:20.0232 0356 SiSRaid4 - ok
17:12:20.0375 0356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:12:20.0485 0356 Smb - ok
17:12:20.0741 0356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:12:20.0774 0356 spldr - ok
17:12:21.0008 0356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
17:12:21.0083 0356 srv - ok
17:12:21.0433 0356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
17:12:21.0507 0356 srv2 - ok
17:12:21.0767 0356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
17:12:21.0812 0356 srvnet - ok
17:12:21.0918 0356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
17:12:21.0946 0356 stexstor - ok
17:12:22.0076 0356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:12:22.0110 0356 swenum - ok
17:12:22.0284 0356 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\windows\system32\DRIVERS\SynTP.sys
17:12:22.0339 0356 SynTP - ok
17:12:22.0981 0356 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
17:12:23.0178 0356 Tcpip - ok
17:12:23.0767 0356 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
17:12:23.0875 0356 TCPIP6 - ok
17:12:24.0028 0356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
17:12:24.0156 0356 tcpipreg - ok
17:12:24.0352 0356 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
17:12:24.0433 0356 tdcmdpst - ok
17:12:24.0529 0356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:12:24.0641 0356 TDPIPE - ok
17:12:24.0818 0356 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
17:12:24.0932 0356 TDTCP - ok
17:12:25.0045 0356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
17:12:25.0152 0356 tdx - ok
17:12:25.0257 0356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
17:12:25.0289 0356 TermDD - ok
17:12:25.0590 0356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
17:12:25.0693 0356 tssecsrv - ok
17:12:25.0802 0356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
17:12:26.0008 0356 TsUsbFlt - ok
17:12:26.0181 0356 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
17:12:26.0232 0356 TsUsbGD - ok
17:12:26.0364 0356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
17:12:26.0481 0356 tunnel - ok
17:12:26.0854 0356 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:12:26.0902 0356 TVALZ - ok
17:12:27.0254 0356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
17:12:27.0291 0356 uagp35 - ok
17:12:27.0438 0356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
17:12:27.0563 0356 udfs - ok
17:12:27.0815 0356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
17:12:27.0852 0356 uliagpkx - ok
17:12:27.0983 0356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
17:12:28.0073 0356 umbus - ok
17:12:28.0238 0356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
17:12:28.0339 0356 UmPass - ok
17:12:28.0573 0356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
17:12:29.0069 0356 usbccgp - ok
17:12:29.0188 0356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
17:12:29.0245 0356 usbcir - ok
17:12:29.0514 0356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
17:12:29.0567 0356 usbehci - ok
17:12:30.0139 0356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
17:12:30.0180 0356 usbhub - ok
17:12:30.0376 0356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
17:12:30.0429 0356 usbohci - ok
17:12:30.0552 0356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:12:30.0606 0356 usbprint - ok
17:12:30.0759 0356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:12:30.0972 0356 USBSTOR - ok
17:12:31.0165 0356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
17:12:31.0275 0356 usbuhci - ok
17:12:31.0382 0356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
17:12:31.0437 0356 usbvideo - ok
17:12:31.0561 0356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
17:12:31.0597 0356 vdrvroot - ok
17:12:31.0708 0356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:12:31.0757 0356 vga - ok
17:12:31.0850 0356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:12:31.0980 0356 VgaSave - ok
17:12:32.0122 0356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
17:12:32.0159 0356 vhdmp - ok
17:12:32.0299 0356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
17:12:32.0341 0356 viaide - ok
17:12:32.0437 0356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
17:12:32.0465 0356 volmgr - ok
17:12:32.0655 0356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
17:12:32.0695 0356 volmgrx - ok
17:12:32.0797 0356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
17:12:32.0841 0356 volsnap - ok
17:12:32.0948 0356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
17:12:33.0410 0356 vsmraid - ok
17:12:33.0643 0356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:12:33.0772 0356 vwifibus - ok
17:12:34.0036 0356 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:12:34.0108 0356 vwififlt - ok
17:12:34.0223 0356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
17:12:34.0290 0356 WacomPen - ok
17:12:34.0392 0356 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:12:34.0491 0356 WANARP - ok
17:12:34.0513 0356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:12:34.0597 0356 Wanarpv6 - ok
17:12:34.0793 0356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
17:12:34.0847 0356 Wd - ok
17:12:35.0105 0356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:12:35.0166 0356 Wdf01000 - ok
17:12:35.0359 0356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:12:35.0454 0356 WfpLwf - ok
17:12:35.0623 0356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:12:35.0667 0356 WIMMount - ok
17:12:35.0879 0356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
17:12:35.0925 0356 WmiAcpi - ok
17:12:36.0103 0356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:12:36.0218 0356 ws2ifsl - ok
17:12:36.0370 0356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
17:12:36.0460 0356 WudfPf - ok
17:12:36.0564 0356 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
17:12:36.0665 0356 WUDFRd - ok
17:12:36.0771 0356 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:12:37.0084 0356 \Device\Harddisk0\DR0 - ok
17:12:37.0144 0356 Boot (0x1200) (80ff801dbe2bbb8d72c04df77d231689) \Device\Harddisk0\DR0\Partition0
17:12:37.0148 0356 \Device\Harddisk0\DR0\Partition0 - ok
17:12:37.0149 0356 ============================================================
17:12:37.0149 0356 Scan finished
17:12:37.0149 0356 ============================================================
17:12:37.0181 2552 Detected object count: 0
17:12:37.0181 2552 Actual detected object count: 0
  • 0

#8
lavenderchef45
Posted 16 January 2012 - 05:05 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
WOW! Well, system took the usual extremely long time closing down and reloading. Then, when I attempted to open firefox and finally IE a box popped up each time that displayed "Illegal operation attempted on a registry key that has been marked for deletion" Same thing with Kaspersky. Only way I got to this was by clicking on a desktop shortcut. Oh my, what now?
  • 0

#9
lavenderchef45
Posted 16 January 2012 - 05:09 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, just tried to open combofix txt on desktop and got the same illegal operation message that this file has been marked for deletion. What can I do to fix this?
  • 0

#10
Gammo
Posted 16 January 2012 - 05:10 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Don't worry. There is a very simple fix for that: restart your PC. ;)

After doing that, please post the ComboFix log.
  • 0

Advertisements

#11
lavenderchef45
Posted 16 January 2012 - 05:16 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I got an email from you at 610 but there was no content.
  • 0

#12
Gammo
Posted 16 January 2012 - 05:21 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I didn't send you an email. Must have been a notification email from Geeks to Go. I wouldn't worry about it.

Did the restart fix the error? Can you post the ComboFix log?
  • 0

#13
lavenderchef45
Posted 16 January 2012 - 05:27 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ComboFix 12-01-16.02 - Angela 01/16/2012 17:21:59.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1182 [GMT -5:00]
Running from: c:\users\Angela\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 22:34 . 2012-01-16 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 00:27 . 2012-01-15 00:27 -------- d-----w- c:\users\Angela\AppData\Roaming\OpenOffice.org
2012-01-15 00:21 . 2012-01-15 00:21 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-01-15 00:20 . 2012-01-15 00:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-15 00:17 . 2012-01-15 00:17 -------- d-----w- c:\program files (x86)\Java
2012-01-04 00:36 . 2012-01-04 01:01 -------- d-----w- c:\programdata\iolo
2012-01-04 00:21 . 2012-01-04 00:21 -------- d-----w- c:\users\Angela\AppData\Local\PC_Drivers_Headquarters
2012-01-04 00:21 . 2012-01-04 00:21 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-12-30 04:42 . 2011-12-30 04:46 -------- d-----w- c:\program files (x86)\Eusing Free Registry Defrag
2011-12-30 03:55 . 2011-12-30 04:01 -------- d-----w- c:\users\Angela\AppData\Roaming\Wise Registry Cleaner
2011-12-30 03:54 . 2011-12-30 03:54 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner
2011-12-30 02:00 . 2011-12-30 02:00 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 02:00 . 2011-12-30 02:00 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-30 02:00 . 2011-12-30 02:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-30 02:00 . 2011-12-30 02:00 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-30 01:51 . 2011-12-30 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 00:36 . 2011-12-30 00:36 -------- d-----w- c:\users\Angela\AppData\Local\Adobe
2011-12-23 23:08 . 2012-01-04 00:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 22:41 . 2012-01-16 22:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F847027-5810-4869-9834-B3ECE1BEB239}\offreg.dll
2012-01-15 00:17 . 2011-03-30 02:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-10 20:24 . 2011-08-27 06:12 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 06:39 . 2011-11-25 06:39 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-21 11:40 . 2012-01-14 17:48 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F847027-5810-4869-9834-B3ECE1BEB239}\mpengine.dll
2011-11-15 19:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 204.111.1.210 204.111.1.195
FF - ProfilePath - c:\users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\81d8y8d2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-COMODO System Cleaner SafeDelete - f:\csc_setup_2.2.335611.5_xp_vista_server2003_win7_32bit\COMODO System-Cleaner\CSC.EXE
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-16 17:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-16 22:47
.
Pre-Run: 270,154,706,944 bytes free
Post-Run: 269,846,048,768 bytes free
.
- - End Of File - - 1311F78E7EB02555D1A1F1563A5243A3
  • 0

#14
Gammo
Posted 16 January 2012 - 05:30 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

If you're asked whether you want to download the latest Avast virus definitions, choose "Yes".

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#15
lavenderchef45
Posted 16 January 2012 - 08:24 PM

lavenderchef45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Angela :: LYDIA [administrator]

1/16/2012 7:22:51 PM
mbam-log-2012-01-16 (19-22-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283521
Time elapsed: 1 hour(s), 52 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Angela :: LYDIA [administrator]

1/16/2012 7:00:37 PM
mbam-log-2012-01-16 (19-00-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177497
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Angela\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP