[Vicky227]

What a difference between this OTL quick scan and the first one. It took hours for the first one, this one was done before I came back into the room to check on its progress.


OTL logfile created on: 1/26/2013 5:52:14 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.30% Memory free
7.81 Gb Paging File | 5.69 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.80 Gb Total Space | 212.78 Gb Free Space | 46.99% Space Free | Partition Type: NTFS
Drive D: | 12.76 Gb Total Space | 2.12 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 12:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Downloads\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/01/29 04:19:42 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010/01/13 17:49:58 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/07/24 20:24:14 | 000,275,840 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/07/24 20:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 13:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/06/26 06:23:44 | 000,825,152 | R--- | M] (SAC) -- C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/11 20:42:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/11 18:40:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 18:39:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 18:39:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/11 18:39:13 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 18:38:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 18:38:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 18:38:31 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013/01/11 18:38:29 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 18:38:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 18:38:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 18:36:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 18:36:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 18:36:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/07/05 14:40:49 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/13 17:45:44 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2009/07/24 20:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/24 20:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/07/24 20:24:16 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/07/24 20:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
MOD - [2009/07/23 13:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 19:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 19:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 19:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 19:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 19:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 19:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 19:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 19:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [1999/12/31 19:00:00 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [1999/12/31 19:00:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/01/10 12:21:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 04:19:42 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/07/24 20:24:14 | 000,275,840 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/21 11:08:46 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2012/10/19 09:51:50 | 000,074,120 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/02 15:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/21 03:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/12 15:57:04 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2011/09/22 18:52:02 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/09/13 13:30:50 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 02:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsnmea.sys -- (zghsnmea)
DRV:64bit: - [2011/01/13 02:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/01/13 02:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/07/08 10:54:00 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/01/11 15:19:24 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV:64bit: - [2010/01/11 15:13:28 | 001,631,488 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw72ATV.sys -- (hcw72ATV)
DRV:64bit: - [2010/01/11 15:09:00 | 000,038,912 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/20 18:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/12/09 14:26:50 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV:64bit: - [1999/12/31 19:00:00 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [1999/12/31 19:00:00 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [1999/12/31 19:00:00 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [1999/12/31 19:00:00 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {22348997-7FD7-4759-AB9D-EB2B7A365617}
IE:64bit: - HKLM\..\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {22348997-7FD7-4759-AB9D-EB2B7A365617}
IE - HKLM\..\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {268507ED-1AAF-4AF9-9E28-4B8595C54022}
IE - HKCU\..\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{1722BCEB-54FE-4484-B841-4AD3EFC90D93}: "URL" = http://www.facebook....q={searchTerms}
IE - HKCU\..\SearchScopes\{268507ED-1AAF-4AF9-9E28-4B8595C54022}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{3CCF5400-1106-4D0A-8B49-65EC9E72B495}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKCU\..\SearchScopes\{3D52C47D-1F49-45E8-B078-DA03F2432A92}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{F432AD7E-C954-458D-A941-8F8855B1CFFB}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vicky\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vicky\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/05 00:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/01/19 09:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/01/10 12:07:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofpahiphpdfimjjeohcldngadhfbaan\2.2_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/22 18:56:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [SacReminder] C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe (SAC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B5D6DA7-0854-4233-AEB6-B9F36C31E2C7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/26 15:18:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/22 23:19:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/22 18:39:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/22 18:39:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/22 18:39:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/22 18:35:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/22 18:35:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/22 18:30:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{8DC06FA1-1C41-4711-851A-705EB84AF72D}
[2013/01/22 18:21:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{98228557-C1A8-4195-A8E2-00AA546AEF5D}
[2013/01/22 18:09:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{D31A5959-7943-4368-BB3C-B557480E74B3}
[2013/01/21 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{F169E0F2-21D9-4E5A-B066-D5193E4815CA}
[2013/01/20 11:44:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{D4B70B75-637C-4C47-83A8-D2C4434F0A38}
[2013/01/19 23:48:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/19 23:43:54 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{7F28C4C9-5CFC-4D4C-9F3D-7D8AF7E09FEC}
[2013/01/19 09:58:46 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{AD5DF2F9-EB8D-4F89-9DFE-130D88B27C5E}
[2013/01/15 13:44:40 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{113EAB08-8D79-4B65-83A9-B886F5894237}
[2013/01/14 09:51:55 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{FCA942C4-8E9F-4640-946B-D833A25DB89D}
[2013/01/13 15:14:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{B4DF21AE-9C5A-465F-9ECB-B794ECDC232A}
[2013/01/12 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{945CDACE-E77F-42DF-9BC6-EF767EA98AB5}
[2013/01/11 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\LogMeIn Rescue Applet
[2013/01/11 18:35:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{846E2B4F-9DF3-4202-AD0A-114829FFA503}
[2013/01/10 12:10:05 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\McAfee File Lock
[2013/01/10 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{E1E9CD68-D6CD-4295-9F6B-07B4BF088856}
[2013/01/08 13:55:31 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/01/08 13:53:19 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/01/08 11:35:16 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{CD2DCFB1-3BED-4AA6-B7A3-521E6C205432}
[2013/01/07 09:46:51 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{1A91DA4F-B7AA-430A-A57F-696B8609400F}
[2013/01/06 10:27:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{3214ECB9-812D-4201-AC10-3B2BEB654ED3}
[2013/01/05 22:27:31 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{6EDF2F38-0F2E-4FE4-85FC-6BE4A64FECE1}
[2013/01/05 10:27:09 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{1B3B1795-2F40-4290-999B-A04E97336A79}
[2013/01/05 01:02:31 | 001,209,856 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\agrsm64.sys
[2013/01/05 01:02:30 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\agrsmdel.exe
[2013/01/05 01:02:30 | 000,030,720 | ---- | C] (LSI Corporation) -- C:\Windows\agrdel64.exe
[2013/01/04 21:55:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{FA2A5D69-48AD-43A9-990D-BEB642F6E6F1}
[2013/01/03 02:32:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{4E8DE7A2-C06D-4E7B-8FE7-8729FE90E609}
[2013/01/03 01:30:58 | 000,000,000 | ---D | C] -- C:\found.000
[2013/01/02 08:54:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{04C34594-FCDC-4150-910E-730BA6564786}
[2013/01/01 13:01:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{37BD1C65-EF21-408C-A064-53FDF3A4EDD5}
[2012/12/31 11:48:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{296D108B-5572-440A-ACF1-0312F97867B3}
[2012/12/30 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\VS Revo Group
[2012/12/30 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\VS Revo Group
[2012/12/30 12:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/12/30 12:59:39 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2012/12/30 12:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/12/30 12:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/12/30 12:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/12/30 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\NCH Software
[2012/12/29 16:42:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{84E63BC7-0EDD-4880-8CDF-06CC88A54467}
[2012/12/28 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{6E5496C9-13B2-4163-9353-36E940FDAD91}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Vicky\Desktop\*.tmp files -> C:\Users\Vicky\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/26 17:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2632891822-2667611553-3761156971-1000UA.job
[2013/01/26 17:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2632891822-2667611553-3761156971-1000Core.job
[2013/01/26 17:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/26 17:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/26 17:15:50 | 000,000,752 | ---- | M] () -- C:\Users\Vicky\Desktop\SecurityCheck - Shortcut.lnk
[2013/01/26 17:15:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 17:15:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 17:08:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/26 17:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/26 17:08:12 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/25 18:58:18 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVicky.job
[2013/01/24 15:24:10 | 000,000,512 | ---- | M] () -- C:\Users\Vicky\Desktop\MBR.dat
[2013/01/23 23:10:40 | 000,014,913 | ---- | M] () -- C:\Users\Vicky\Desktop\aswMBR - Shortcut.lnk
[2013/01/23 23:09:24 | 000,001,097 | ---- | M] () -- C:\Users\Vicky\Desktop\OTL - Shortcut.lnk
[2013/01/22 23:15:26 | 000,007,606 | ---- | M] () -- C:\Users\Vicky\AppData\Local\Resmon.ResmonCfg
[2013/01/22 19:04:15 | 000,014,939 | ---- | M] () -- C:\Users\Vicky\Desktop\ComboFix - Shortcut.lnk
[2013/01/22 18:56:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/21 11:45:56 | 000,000,178 | ---- | M] () -- C:\Users\Vicky\Desktop\When should I re-format How should I reinstall Security DSLReports.com, ISP Information.url
[2013/01/21 11:45:38 | 000,000,178 | ---- | M] () -- C:\Users\Vicky\Desktop\How to report ID theft, fraud, drive-by installs, hijacking and malware Security DSLReports.com, ISP Information.url
[2013/01/21 11:42:46 | 000,000,279 | ---- | M] () -- C:\Users\Vicky\Desktop\Graphics Driver not working; DOS-Aluron.A - Geeks to Go Forums.url
[2013/01/21 11:08:46 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/01/19 23:35:54 | 000,001,144 | ---- | M] () -- C:\Users\Vicky\Desktop\tdsskiller - Shortcut.lnk
[2013/01/13 23:26:17 | 000,001,256 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/11 18:34:09 | 000,460,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 21:18:26 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/01/06 22:59:47 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/12/30 14:02:13 | 043,311,029 | ---- | M] () -- C:\Users\Vicky\Documents\Pastor Fidel 12.30.2012 passion for God communion.wma
[2012/12/30 12:59:40 | 000,001,101 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/12/30 12:59:40 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Vicky\Desktop\*.tmp files -> C:\Users\Vicky\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/26 17:15:50 | 000,000,752 | ---- | C] () -- C:\Users\Vicky\Desktop\SecurityCheck - Shortcut.lnk
[2013/01/24 15:24:09 | 000,000,512 | ---- | C] () -- C:\Users\Vicky\Desktop\MBR.dat
[2013/01/23 23:10:40 | 000,014,913 | ---- | C] () -- C:\Users\Vicky\Desktop\aswMBR - Shortcut.lnk
[2013/01/23 23:09:24 | 000,001,097 | ---- | C] () -- C:\Users\Vicky\Desktop\OTL - Shortcut.lnk
[2013/01/22 19:04:15 | 000,014,939 | ---- | C] () -- C:\Users\Vicky\Desktop\ComboFix - Shortcut.lnk
[2013/01/22 18:39:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/22 18:39:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/22 18:39:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/22 18:39:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/22 18:39:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 11:45:56 | 000,000,178 | ---- | C] () -- C:\Users\Vicky\Desktop\When should I re-format How should I reinstall Security DSLReports.com, ISP Information.url
[2013/01/21 11:45:37 | 000,000,178 | ---- | C] () -- C:\Users\Vicky\Desktop\How to report ID theft, fraud, drive-by installs, hijacking and malware Security DSLReports.com, ISP Information.url
[2013/01/21 11:42:45 | 000,000,279 | ---- | C] () -- C:\Users\Vicky\Desktop\Graphics Driver not working; DOS-Aluron.A - Geeks to Go Forums.url
[2013/01/19 23:35:54 | 000,001,144 | ---- | C] () -- C:\Users\Vicky\Desktop\tdsskiller - Shortcut.lnk
[2013/01/08 13:54:47 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
[2013/01/08 13:54:46 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
[2013/01/06 22:59:47 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/12/30 14:02:13 | 043,311,029 | ---- | C] () -- C:\Users\Vicky\Documents\Pastor Fidel 12.30.2012 passion for God communion.wma
[2012/12/30 12:59:40 | 000,001,101 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/12/30 12:59:40 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/20 17:24:44 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/01/30 12:07:29 | 000,000,000 | ---- | C] () -- C:\Users\Vicky\AppData\Local\{9A705876-1C27-4615-B342-F7362611E79B}
[2011/08/20 12:41:07 | 000,034,305 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\UserTile.png
[2011/08/20 08:34:25 | 000,005,120 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/07 15:00:25 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011/08/07 14:37:52 | 000,207,637 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/03/02 13:56:09 | 000,001,854 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\GhostObjGAFix.xml
[2010/09/19 18:12:02 | 001,458,251 | ---- | C] () -- C:\Users\Vicky\AppData\Local\tmp039.JPG
[2010/07/15 22:20:36 | 000,007,606 | ---- | C] () -- C:\Users\Vicky\AppData\Local\Resmon.ResmonCfg
[2010/06/14 18:07:35 | 000,000,600 | ---- | C] () -- C:\Users\Vicky\PUTTY.RND
[2010/06/06 22:14:23 | 000,811,158 | ---- | C] () -- C:\Users\Vicky\AppData\Local\tmpFIRST UPLOAD BALCONY DEAUVILLE 5.22.2010 056.JPG
[2010/06/06 21:57:06 | 000,854,285 | ---- | C] () -- C:\Users\Vicky\AppData\Local\tmp073.JPG
[2010/06/06 09:11:17 | 001,145,161 | ---- | C] () -- C:\Users\Vicky\AppData\Local\tmp191.JPG
[2010/06/06 09:11:16 | 004,802,537 | ---- | C] () -- C:\Users\Vicky\AppData\Local\tmp191.0
[2010/05/19 23:26:36 | 000,000,238 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2009/07/13 23:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop(2039).ini
[2009/07/13 23:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop(2038).ini

========== ZeroAccess Check ==========

[2013/01/24 20:41:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/06/12 19:46:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Amazon
[2010/08/19 20:04:12 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/15 09:37:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Epson
[2012/02/06 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IObit
[2013/01/05 00:23:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\iolo
[2013/01/05 00:23:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\JawboneUpdater
[2011/05/23 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\OpenOffice.org
[2010/06/07 05:33:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Template
[2012/12/30 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\VS Revo Group
[2011/01/06 23:35:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\Users\Vicky\Documents\Steve Brown Key Biscayne Pres.tiff: 3or4kl4x13tuuug3Byamue2s4b````[/b][/u]

[Advertisements]

What a difference between this OTL quick scan and the first one. It took hours for the first one, this one was done before I came back into the room to check on its progress.

The joys of getting rid of the unwanted things on a computer I'll go through these logs and post to my instructor this evening. How is your computer running? Are you having any issues currently?

[Jasmyne]

What a difference between this OTL quick scan and the first one. It took hours for the first one, this one was done before I came back into the room to check on its progress.

The joys of getting rid of the unwanted things on a computer I'll go through these logs and post to my instructor this evening. How is your computer running? Are you having any issues currently?

[Vicky227]

Hello, Jasmyne! No issues with laptop to my knowledge (and I am VERY pleased about that). It had been running much worse than I realized until you started making it better. I have tried to limit internet usage until receiving the 'all clear' from you so I haven't been on it very often. Hope you've had a great weekend!

[Jasmyne]

It's been a great weekend here! I have an update and few final scans to make sure everything we can possibly see is gone and then I think you'll be ready to go!

Step 1 Update Acrobat Reader

Any software on your computer needs to stay up-to-date. Malware writers love to exploit vulnerabilities in old software.

Your Adobe Reader is out of date.

• Please uninstall your current version.
• Then, go here and update to the newest version.
  Be sure to uncheck the box next to "Yes, install McAfee Security Scan Plus."
• Then, To make it more secure for future use:
• Launch Adobe Reader.
• Click on Edit and select Preferences.
• On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
• Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
• Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
• Click the OK button

Step 2 Malwarebytes' Scan

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3 ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

• You will need to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
• Please go here then click on:
  
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Make sure that the option Remove found threats is NOT checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. Malwarebytes' Scan Log
2. ESET Scan Log

[Vicky227]

This post reminded me of two questions: 1) I disabled Java earlier this month due to publicized warnings about it being a security risk. Do I even need itor should I keep it and reactivate? 2) I noticed Mozilla Firefox showed up in the logs, but I did not install it on my laptop. Does HP ever include that as part of the software, or did I possibly purchase as new a laptop that had been previously sold and returned? Thanks again. I will get on these new scans shortly.

[Jasmyne]

Good Morning!! Good questions.

This post reminded me of two questions: 1) I disabled Java earlier this month due to publicized warnings about it being a security risk. Do I even need itor should I keep it and reactivate?

That was actually a very smart move to disable Java. The vast majority of people actually will never miss Java and I wouldn't recommending re-installing it unless you absolutely needed it.

2) I noticed Mozilla Firefox showed up in the logs, but I did not install it on my laptop. Does HP ever include that as part of the software, or did I possibly purchase as new a laptop that had been previously sold and returned?

I have found that HP does include Mozilla Firefox as part of it's pre-installed software on new laptops. Firefox is a good alternative browser to use or just to keep on hand in case something goes wacky with your main browser. I personally use Firefox as my primary browser.

Thanks again. I will get on these new scans shortly.

You're welcome and have a great day!

[Vicky227]

The instructions from bleeping computer for disabling McAfee did not work for me. There is no "exit" option when I click on the McAfee icon in the lower right tray on my desktop. I manually closed the anti-virus, spam protection, real time scanning. There is also a program called Site Advisor that is supposed to be advised, but it does not show up in the browser address bar when I'm surfing the net, and I don't know where it is.

I thought the anti-virus was turned off, but when I tried to do the ESET scan, it "caught" the fact that there was security running. I repeated the process several times, each time with the same results.



Took a screen shot, but cannot figure out how to post it here.

[Jasmyne]

These are instructions I found in the McAfee Communities forum on disabling the antivirus. It's honestly been a long time since I've used McAfee. Let me know if this works for you:

• Double-click the taskbar icon to open SecurityCenter
• Click Virus and Spyware Protection
• Click Real-Time Scanning
• Turn off and tell it for how long you wish it to remain that way.

The SiteAdvisor in most cases is bundled with another installations (like Adobe Reader) and can be uninstalled.

If you'd like to attach a screenshot of the problem, just below the text editor box there should be an area that says Attachments. If not you may be using Fast Reply and you can click Use Full Editor below the text box and then you should see the option for Attachments. If you click Browse it will allow you to navigate to the picture. After selecting the picture click the button Attach This File below it and it should then show the file name and the size of the image just above the Browse Button. You can then place your cursor in the place in the text editor you would like to post the picture and click Add to Post on the right.

[Vicky227]

The instructions you posted are the ones I followed previously. They got me to this screen shot. I am going to repeat the process once again, and do another screen shot of what ESET says if it still won't scan.

Attached Thumbnails

• 

[Vicky227]

I await further instructions.
Thank you again, Jasmyne, for your patience.

[Vicky227]

Ummmmmmmm, I got brave and went ahead and pressed the scan button. It began downloading the virus signature database. I stopped it because you wrote that the scan might take several hours and it is almost midnight here.

Perhaps it is merely recognizing McAfee as being a security program on the computer as opposed to it being active on the computer?

[Jasmyne]

I'm going to look into this and see what I find. From your screenshots it appears to me that your AV is disabled but ESET is detecting it. I'm not 100% how much it would interfere with the scan, but I'll find out. Get some rest and I'll have you some instructions tomorrow.

[Jasmyne]

Good morning! My instructor has advised since McAfee is disabled in the screenshots, to go ahead and run the ESET scan. Just be sure when you open IE to run the scan that you right-click and choose Run As Administrator.

Jasmyne

[Vicky227]

done. Done. DONE!

3 hours + ... well worth the wait!






Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.28.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vicky :: LAPTOP [administrator]

1/28/2013 6:46:12 PM
mbam-log-2013-01-28 (18-46-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216470
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-29 07:46:48
# local_time=2013-01-29 02:46:48 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 88 0 121355786 0 0
# compatibility_mode=5893 16776574 100 94 1207258 111032258 0 0
# scanned=4177
# found=0
# cleaned=0
# scan_time=59
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-29 11:04:22
# local_time=2013-01-29 06:04:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 88 0 121367640 0 0
# compatibility_mode=5893 16776574 100 94 1219112 111044112 0 0
# scanned=284827
# found=2
# cleaned=0
# scan_time=11808
C:\TDSSKiller_Quarantine\19.01.2013_23.43.02\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan D1377D8E3E62D2D83A8374BC9C710B16F32A8288 I
C:\TDSSKiller_Quarantine\22.01.2013_18.21.05\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan D1377D8E3E62D2D83A8374BC9C710B16F32A8288 I

[Jasmyne]

Now for the best part:

Congratulations and Good Work, It looks like your log is clean.

Now for some final "housekeeping" procedures.

Step 1 Clear Old Restore Points

Create a new, clean System Restore point:

• Right click on Computer and select Properties >> System protection >> Create.
• Give this restore point a descriptive name and click Create.
• When the new restore point is created click on OK >> close the System Properties window.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:

• Next click Start (Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
  

  cleanmgr

• in the box and press OK.
• Select the system drive, C >> OK.
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
• Click on Clean up system files >> Select the system drive, C >> OK.
• Now click on the More Options tab.
• Under:

System Restore and Shadow Copies

• Click on Clean up... >> Delete >> OK >> Delete Files.

Step 2 OTL Cleanup

• Open OTL
• Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~

MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials or Avast! Antivirus both are FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~

Like antivirus, if for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~

Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

Happy surfing!