Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

pup.offerware question [Closed]

Started by Mara99 , Mar 04 2013 02:58 PM

This topic is locked

#1
Mara99

Posted 04 March 2013 - 02:58 PM

New Member

Member
5 posts

Last night I ran Malwarebytes and found 2 files with pup.offerware. I deleted them and rescanned my pc with malwarebytes and they weren't there on the second scan. My question: is my pc actually free of them since they didn't show up again? I normally would assume so but after reading this post http://www.geekstogo...espeed=noscript I had doubts.

I'm not sure what file to look for in Windows Task Manager to look for it.
I use Kaspersky Pure 2.0 for my antivirus and Firefox as my browser.

Here is my OTL:
OTL logfile created on: 3/4/2013 4:22:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tricia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 66.74% Memory free
15.98 Gb Paging File | 11.79 Gb Available in Paging File | 73.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 68.62 Gb Free Space | 7.37% Space Free | Partition Type: NTFS

Computer Name: TRICIA-VM | User Name: Tricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/04 16:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Downloads\OTL.exe
PRC - [2013/02/25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/02/19 15:05:48 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/20 09:41:08 | 000,050,688 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/09/22 15:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/25 07:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/19 15:05:48 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/19 11:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2009/09/22 15:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2006/11/24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 10:21:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/19 15:05:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/20 09:41:08 | 000,050,688 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/12/15 14:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/17 17:13:55 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/29 14:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/23 15:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 16:15:16 | 000,462,344 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/19 15:44:44 | 000,209,424 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2007/08/02 17:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2005/02/17 09:30:22 | 000,502,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/01/29 14:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.velocitymicro.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: safe%40cesaroliveira.net:1.1.2
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: citius@orbiscom:3.7.11.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 15:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 14:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 15:05:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 14:24:58 | 000,000,000 | ---D | M]

[2010/01/02 14:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions
[2010/01/02 14:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/04 08:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions
[2012/03/24 12:15:12 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/15 11:29:37 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]
[2012/03/07 16:12:50 | 000,017,623 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]
[2013/03/04 08:29:55 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/14 21:58:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/11 23:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/02/19 15:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/19 15:05:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/18 09:49:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 15:05:48 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/06/03 22:02:50 | 000,403,756 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13963 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73DB02C8-E4B3-4796-904E-E7B444AA2B4C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/04 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/04 09:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/04 09:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/04 09:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/04 09:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/03 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Documents\Calibre Library
[2013/03/03 23:31:58 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\calibre
[2013/03/03 23:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/03/03 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/02/26 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/20 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\HandBrake
[2013/02/20 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/02/20 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/02/20 14:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/02/19 15:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/02 20:19:37 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\SpinTop Games
[2013/02/02 20:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2010/06/22 11:57:36 | 002,869,784 | ---- | C] (Intel Corporation) -- C:\Users\Tricia\INF_allOS_9.1.2.1007_PV.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/04 16:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/04 14:42:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 14:42:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 14:31:28 | 000,001,724 | ---- | M] () -- C:\Users\Tricia\Desktop\Safe Run for Websites.lnk
[2013/03/04 14:30:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/04 14:30:42 | 2139,869,183 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 14:22:20 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/04 09:00:31 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/04 00:06:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/03 23:31:50 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/02/28 22:41:26 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/02/26 09:53:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/22 08:56:11 | 000,804,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/22 08:56:11 | 000,677,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/22 08:56:11 | 000,129,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/20 14:28:27 | 000,000,824 | ---- | M] () -- C:\Users\Tricia\Desktop\Handbrake.lnk
[2013/02/20 14:24:18 | 000,002,044 | ---- | M] () -- C:\Users\Tricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/14 13:48:25 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/02/14 13:47:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/02/14 13:42:57 | 000,453,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/02 20:18:55 | 000,001,470 | ---- | M] () -- C:\Users\Public\Desktop\Vacation Quest - The Hawaiian Islands.lnk
[2013/02/02 20:18:55 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/04 14:22:20 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/04 09:00:31 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/04 08:19:38 | 000,001,724 | ---- | C] () -- C:\Users\Tricia\Desktop\Safe Run for Websites.lnk
[2013/03/03 23:31:50 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/02/20 14:28:27 | 000,000,824 | ---- | C] () -- C:\Users\Tricia\Desktop\Handbrake.lnk
[2013/02/02 20:18:55 | 000,001,470 | ---- | C] () -- C:\Users\Public\Desktop\Vacation Quest - The Hawaiian Islands.lnk
[2013/02/02 20:18:55 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2013/01/07 21:24:07 | 000,003,584 | ---- | C] () -- C:\Users\Tricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/17 17:23:23 | 000,017,408 | ---- | C] () -- C:\Users\Tricia\AppData\Local\WebpageIcons.db
[2012/05/04 19:07:30 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cm.ini
[2012/02/29 15:09:59 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/19 18:43:14 | 000,000,028 | ---- | C] () -- C:\Windows\Disney.ini
[2011/10/10 08:57:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Themes
[2011/10/10 08:57:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Track Settings
[2011/10/10 08:57:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Textures
[2011/10/10 08:56:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\SystemConfiguration
[2011/10/10 08:56:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\StatusSheet
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/10 10:39:11 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\Techno Kit
[2011/07/10 10:39:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/07/10 10:39:10 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\Tables
[2011/07/10 10:39:10 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\SystemConfiguration
[2011/07/10 10:39:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/07/10 10:39:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/01/14 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Amazon
[2009/12/04 23:54:56 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\BitDefender
[2012/07/27 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Boomzap
[2012/01/20 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Brawsome
[2013/03/04 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\calibre
[2011/12/11 17:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Canon
[2011/10/19 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Faerie Solitaire
[2011/12/31 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\funkitron
[2013/02/28 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\HandBrake
[2011/12/29 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\LucasArts
[2011/07/10 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Nikon
[2009/12/10 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Razer
[2011/06/27 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SaveThePuppy
[2012/01/16 10:05:17 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Skip-Bo
[2013/02/02 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SpinTop Games
[2010/01/02 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Thunderbird
[2012/01/18 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Total Eclipse
[2012/01/16 09:41:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\UNOUndercover
[2012/11/07 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Warner Bros. Interactive Entertainment
[2012/08/07 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\WB Games

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >

Thank you so much for reading this and thanks in advance for any help!

Edited by Mara99, 04 March 2013 - 04:55 PM.

#2
Crowbar

Posted 05 March 2013 - 10:00 PM

Teacher

GeekU Moderator
4,798 posts

Hello Mara99 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

Please read all of my response through at least once before attempting to follow the procedures described.
Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
Please follow the steps exactly as written, in the same order.
If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi,
Could you post the Malwarebytes log that shows the 2 files found?
Kaspersky is not my choice for an anti virus, but it will do.
I will have you run an OTL script and then run a couple of other programs to have a look around.
I also have a question:
I see traces of bitdefender, is this the online scan or have you had the bitdefender anti virus installed at some point?
I would really like to see OTL run from your desktop. It is now living in your downloads folder, so please copy and paste it onto your desktop before we start.

First thing, I am going to need you to disable tea-timer and leave it disabled until we are done. Actually, I am not very hot for Spybot S&D, as it's rather inefective these days.
We need to disable Spybot S&D's Teatimer real-time protection temporarily as it may interfere with any fixes we might need to perform.

First step:

Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
For version 1.6, the steps are similar to either one of the below.
If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
If you have Version 1.4, click on Exit Spybot S&D Resident.

Second step, for either version:

Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go to the bottom of the vertical panel on the left, click Tools.
Then, also in left panel, click on Resident that shows a red/white shield.
If your firewall raises a question, say OK.
In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Exit Spybot S&D and reboot your machine for the changes to take effect.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:commands
[createrestorepoint]
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
:commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Scan

Posted Image

A log will be produced at C:\ADWCleaner[XX].txt please attach that in your next post

In your next reply I would like to see:

OTL fix log
Roguekiller log file
Adwcleaner log file
Answer to question about bitdefender
MalwareBytes log file showing the 2 files it found
Extras.txt file created when you first ran OTL (it should be in your downloads folder)

#3
Mara99

Posted 06 March 2013 - 10:30 PM

New Member

Topic Starter
Member
5 posts

I hope I did everything ok

Thank you SO much for helping me.
In your next reply I would like to see:
• OTL fix log

OTL logfile created on: 3/6/2013 9:36:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tricia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 74.74% Memory free
15.98 Gb Paging File | 13.89 Gb Available in Paging File | 86.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 51.41 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
Drive D: | 7.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TRICIA-VM | User Name: Tricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/04 16:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
PRC - [2013/02/25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/20 09:41:08 | 000,050,688 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/20 06:17:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/09/22 15:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/25 07:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/19 11:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2009/09/22 15:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2006/11/24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 10:21:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/19 15:05:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/20 09:41:08 | 000,050,688 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/12/15 14:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/17 17:13:55 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/29 14:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/23 15:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 16:15:16 | 000,462,344 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/19 15:44:44 | 000,209,424 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2007/08/02 17:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2005/02/17 09:30:22 | 000,502,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/01/29 14:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.velocitymicro.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: safe%40cesaroliveira.net:1.1.2
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: citius@orbiscom:3.7.11.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 15:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 14:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 15:05:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 14:24:58 | 000,000,000 | ---D | M]

[2010/01/02 14:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions
[2010/01/02 14:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/04 08:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions
[2012/03/24 12:15:12 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/15 11:29:37 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]
[2012/03/07 16:12:50 | 000,017,623 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]
[2013/03/04 08:29:55 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/14 21:58:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/11 23:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/02/19 15:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/19 15:05:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/18 09:49:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 15:05:48 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/06/03 22:02:50 | 000,403,756 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13963 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73DB02C8-E4B3-4796-904E-E7B444AA2B4C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/03/14 22:24:43 | 000,000,034 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/04 16:22:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
[2013/03/04 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/04 09:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/04 09:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/04 09:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/04 09:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/03 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Documents\Calibre Library
[2013/03/03 23:31:58 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\calibre
[2013/03/03 23:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/03/03 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/02/26 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/20 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\HandBrake
[2013/02/20 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/02/20 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/02/20 14:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/02/19 15:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/06/22 11:57:36 | 002,869,784 | ---- | C] (Intel Corporation) -- C:\Users\Tricia\INF_allOS_9.1.2.1007_PV.exe

========== Files - Modified Within 30 Days ==========

[2013/03/06 21:41:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 21:41:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 21:34:11 | 000,001,718 | ---- | M] () -- C:\Users\Tricia\Desktop\Safe Run for Websites.lnk
[2013/03/06 21:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 21:31:37 | 2139,869,183 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 21:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 21:19:45 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/03/04 16:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
[2013/03/04 09:00:31 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/04 00:06:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/03 23:31:50 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/02/26 09:53:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/22 08:56:11 | 000,804,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/22 08:56:11 | 000,677,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/22 08:56:11 | 000,129,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/20 14:28:27 | 000,000,824 | ---- | M] () -- C:\Users\Tricia\Desktop\Handbrake.lnk
[2013/02/20 14:24:18 | 000,002,044 | ---- | M] () -- C:\Users\Tricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/14 13:48:25 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/02/14 13:47:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/02/14 13:42:57 | 000,453,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/03/04 09:00:31 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/04 08:19:38 | 000,001,718 | ---- | C] () -- C:\Users\Tricia\Desktop\Safe Run for Websites.lnk
[2013/03/03 23:31:50 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/02/20 14:28:27 | 000,000,824 | ---- | C] () -- C:\Users\Tricia\Desktop\Handbrake.lnk
[2013/01/07 21:24:07 | 000,003,584 | ---- | C] () -- C:\Users\Tricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/17 17:23:23 | 000,017,408 | ---- | C] () -- C:\Users\Tricia\AppData\Local\WebpageIcons.db
[2012/05/04 19:07:30 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cm.ini
[2012/02/29 15:09:59 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/19 18:43:14 | 000,000,028 | ---- | C] () -- C:\Windows\Disney.ini
[2011/10/10 08:57:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Themes
[2011/10/10 08:57:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Track Settings
[2011/10/10 08:57:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Textures
[2011/10/10 08:56:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\SystemConfiguration
[2011/10/10 08:56:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\StatusSheet
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/10 10:39:11 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\Techno Kit
[2011/07/10 10:39:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/07/10 10:39:10 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\Tables
[2011/07/10 10:39:10 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\SystemConfiguration
[2011/07/10 10:39:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/07/10 10:39:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/01/14 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Amazon
[2009/12/04 23:54:56 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\BitDefender
[2012/07/27 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Boomzap
[2012/01/20 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Brawsome
[2013/03/04 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\calibre
[2011/12/11 17:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Canon
[2011/10/19 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Faerie Solitaire
[2011/12/31 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\funkitron
[2013/02/28 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\HandBrake
[2011/12/29 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\LucasArts
[2011/07/10 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Nikon
[2009/12/10 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Razer
[2011/06/27 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SaveThePuppy
[2012/01/16 10:05:17 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Skip-Bo
[2013/02/02 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SpinTop Games
[2010/01/02 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Thunderbird
[2012/01/18 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Total Eclipse
[2012/01/16 09:41:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\UNOUndercover
[2012/11/07 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Warner Bros. Interactive Entertainment
[2012/08/07 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\WB Games

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >

===============================================
===============================================

• Roguekiller log file

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tricia [Admin rights]
Mode : Scan -- Date : 03/06/2013 22:11:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] OTL.exe -- C:\Users\Tricia\Desktop\OTL.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD102UJ ATA Device +++++
--- User ---
[MBR] 8057fff8f09acce505a8b77887fd0de4
[BSP] a08d14fa94796e9d6b7e0d470cf920c0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03062013_02d2211.txt >>
RKreport[1]_S_03062013_02d2211.txt

==================================================================
==================================================================

• Adwcleaner log file

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 22:19:51
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tricia - TRICIA-VM
# Boot Mode : Normal
# Running from : C:\Users\Tricia\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\Tricia\AppData\Local\Conduit
Folder Found : C:\Users\Tricia\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1009 octets] - [06/03/2013 22:19:51]

########## EOF - C:\AdwCleaner[R1].txt - [1069 octets] ##########

=======================================================================================================
=======================================================================================================

• Answer to question about bitdefender

I currently don't have bitdefender installed although I believe it was on my pc for a short time when I first got the pc.
I am also using the free version of malwarebytes so I didn't find anything to close.
I also don't have spybot installed. I looked in the list of programs to uninstall under control panel and it wasn't there. It's not in my tray either.

=======================================================================================================
=======================================================================================================

• MalwareBytes log file showing the 2 files it found

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tricia :: TRICIA-VM [administrator]
3/4/2013 12:10:53 AM
mbam-log-2013-03-04 (00-10-53).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 680976
Time elapsed: 7 hour(s), 28 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3608757080-218643213-1924915821-1001\$REAY105.exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\Tricia\Downloads\tools v5.6.2.exe (PUP.Offerware) -> Quarantined and deleted successfully.
(end)

=========================================================================================================
=========================================================================================================

• Extras.txt file created when you first ran OTL (it should be in your downloads folder)

OTL Extras logfile created on: 3/4/2013 4:22:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tricia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 66.74% Memory free
15.98 Gb Paging File | 11.79 Gb Available in Paging File | 73.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 68.62 Gb Free Space | 7.37% Space Free | Partition Type: NTFS

Computer Name: TRICIA-VM | User Name: Tricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E0C833-1CE5-44B6-B3EA-3EC66E410AB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{121A8287-AD24-4FC3-835D-2D0E977252D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C453486-3C9D-4C93-B283-A443D0D9A425}" = lport=138 | protocol=17 | dir=in | app=system |
"{2737E688-0659-4A16-8447-2D59739FC528}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E10A429-B260-40DC-A1DF-86C07C548CC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BA43564-421C-4464-8434-3A4F0FFE8673}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D483A11-6600-4B60-B253-023576FCA0D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6278CDAB-F8E6-40F6-9936-565438A63E35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62AC4010-B167-4D98-B67F-81B24F719029}" = rport=445 | protocol=6 | dir=out | app=system |
"{7087952C-063E-49BA-8EF3-45BA0A5E5398}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75AED9E9-1075-4617-9C1F-6774C89C0A1F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CFD2587-3221-4F91-BDC2-D4E829D325BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89B19DD7-9B58-43FD-BFA8-C03F7CDAB68D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FD9CAD4-C1EA-41A8-9AF7-65524A89EA1C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A0F98D80-8C26-4593-8168-EA01C0D4313C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4A570FB-FC93-45A6-B364-BC125C5DBD6C}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4DDE445-C491-4960-B87C-13BD8446DCC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC3E4B13-1740-493B-8A73-E30F3FCB0CB2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D505A9E6-10DB-455B-B716-CFA4CE1BC780}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5F5412E-8C09-4136-8D74-6C8BC9B22D36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E179014C-A10D-4634-997A-98B5200EB7B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F10E6B94-6F49-4859-94D8-6BDCCE3AEBFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3AEA6A4-38F9-4349-9DEC-53BAAB18DFA1}" = rport=137 | protocol=17 | dir=out | app=system |
"{F4378F94-723A-4AF6-80C1-B898A1BCCD99}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B048E-CD1E-4806-ABAA-1D8321158087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{00EDB2E8-AD59-405F-AE5B-768E9FD38702}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{011AC090-97D6-4EEC-926F-6A3A8DBBD852}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uru cc\uruexplorer.exe |
"{01D12CD3-C799-4D80-841E-EE5A679BA92F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{078F5803-E8DD-4490-A006-38CAD29D3BC6}" = protocol=1 | dir=out | [email protected],-28544 |
"{07FA8BC7-E6C4-475C-9EFB-1AAE19A08A96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{09D563B8-7296-4656-AE53-87D2AC7DCE8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{0FB8B4AA-EB75-4C37-8040-5E73E698EB67}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10AB4695-BF81-4410-92F7-EFB1A7D09B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{127117A5-0747-43C9-ACD1-F305485D6189}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{19A1E6AA-3A41-4E31-BC9F-9F6EA06D5529}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{1DFCBB4C-844B-4171-A742-66D1303B4D2C}" = protocol=58 | dir=in | [email protected],-28545 |
"{1FC033F0-41ED-42BA-9265-47E1FD8326BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{213312B6-10CD-441F-BE43-8AC3D9545ECF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{22A7DD92-15DB-40AD-9309-5A6051A789CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24AD18E0-31CA-4B9A-ACAA-BF761E9A2B3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe |
"{2AA31666-6E63-4A53-A0C5-1CD78DD12BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B6542D8-9CA2-4AD4-B32C-B3B9378AE4C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe |
"{2DFC7D3F-75A2-4867-9C98-E3AE94CD9FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{2ED53717-4151-4397-9338-4C51BDFF6369}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{2F8A6B0A-3304-4D6E-AECB-4D03F3BD123C}" = protocol=6 | dir=out | app=system |
"{30CE1C16-3151-4431-A229-FF2615850251}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\manhole\manhole.exe |
"{3125A183-125D-41FE-A893-D5E0C6A127D8}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{338F18A3-54C6-44DC-BFAC-57A673A05C90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{3431C073-288E-4326-81A7-8EFE3BE46C81}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{35E97CF9-061F-4207-9A4E-FD469507FCD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3633A2AE-26A5-48F9-989E-C7066BDDC83B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{36C9445B-9661-4E7A-9DDA-0B7DD5009CEB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{37189599-5975-457A-A1CF-570D48F49F65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{379DAA21-5CD6-4F73-89D9-296A1DDF9986}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{39E1A4CC-4C63-4899-A9E3-1C3CF8B1A1B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{3B37C857-9590-47F9-8922-49831B3FAD65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe |
"{41E2D261-C81C-4BC0-8291-6E5A1470EB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{43DDEB12-EC8F-46B1-A229-2263A9BB5541}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{4475869A-D820-44C0-A8FE-BA8BA3561F9F}" = protocol=58 | dir=out | [email protected],-28546 |
"{47EE4585-7DE6-4E65-8F37-7705D5AEFFD3}" = protocol=1 | dir=in | [email protected],-28543 |
"{4DBEAE97-0268-4D71-8BD9-4CE1D02E2BD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E7ECB7A-714F-4957-8D30-58D5B88CB2BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe |
"{5622D36C-6BB3-4F9E-8326-E3CED93E5927}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{5731CDF2-8481-4520-B770-98B37C3C1B81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cosmic osmo\cosmic osmo.exe |
"{58C2E45A-0B47-4538-A608-C2A5215B5CF4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{595159EA-B5D8-4498-A83E-2F34BE81FB49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AF51316-EA7F-4A3F-8EB5-58DC498C076A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60D2037C-71C7-4470-9E0C-59E73507F392}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{64BE046B-349D-4E9B-8AE2-530390DCCB64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{67B35395-9EF6-42E7-8F22-22C3E62996BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spelunx\spelunx.exe |
"{691A2E6B-69BA-480B-9B3A-2A17DEF91893}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{6980E1A9-E13E-4913-B0AF-62EC35678F38}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{7C334390-E46F-4376-900F-5C8ABF37B5CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{7F167EC1-F145-4DF3-A540-D6D4CFC056A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8165114B-3214-4127-9088-C6AB3868F1C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jollyrover\jolly_rover.exe |
"{8272083A-4E06-4DC1-AC8F-1F2ED7F8A4DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uru cc\uruexplorer.exe |
"{858744DD-7525-4E04-8740-DDA054B28EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{864B216D-2E92-4CA3-B656-306FA57157EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cosmic osmo\cosmic osmo.exe |
"{877A5024-170D-4975-9888-6A24A4E393AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8866FABE-92C5-4CBD-BD1C-035F09BFD4D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{8A1FF810-D299-445C-BB06-1EFF55BE9DFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spelunx\spelunx.exe |
"{8AA5C46F-6C65-4468-A558-606552C68775}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the clockwork man 2\the clockwork man - the hidden world.exe |
"{8AF079D2-C40C-4B22-9175-C0014BFC91AB}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8E6B7409-F9B4-480F-9A00-59822C592187}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\big brain wolf\bigbrainwolf.exe |
"{919790AE-2369-411E-9D02-D0C1CA36E49D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92AA58E1-7B7A-418A-B16E-E3C52CED0396}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{92BE02FD-E44E-4CE5-82AA-946BDE60CA1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{933B8116-B04F-4792-B830-F0BC25C26926}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{943D9843-3C37-4C8E-B99F-366695E0D6B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jollyrover\jolly_rover.exe |
"{95D2B155-A947-42BA-9190-E76E5A98D62E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{99874E16-7D01-4296-B919-517AF6ABAFE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe |
"{9CC93FEF-BD69-4B99-91B0-1A5851F4FDEE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E820D5C-1B21-42D6-9A12-A14D0D9709F2}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{A0DD8A5E-BDE2-4F70-8CBB-A6ECA9AB3B44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{A5C3B142-21E8-4424-B49E-D023F311E6E5}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{A6532D95-4C72-4941-87E9-952FEACEDE46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe |
"{A790269E-00F0-49C0-B7DD-D1D3D37CE82D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7C5C5F1-7462-4EDA-8335-5C94CCF77C4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7F17471-09D8-4EAD-B7C8-FA2B5AD94609}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{AB459E0D-C52E-4148-8040-8EEDB0E6948C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{ADABF0CA-DBAE-408E-98BA-0677B36F9131}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ADE1AFF3-D41C-4B25-984F-5EB36D420195}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{B06277BE-5920-4AC0-8F59-AA95F8278D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe |
"{B1185509-F10C-434B-8878-BC6CC4B5B596}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB21AF0D-D6FA-42A3-97CE-2B3711E0F720}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BFCF377C-C050-4892-A6A5-E354A30A18F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BFD84EBE-C9F4-45EF-9A48-0268B00D6943}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\big brain wolf\bigbrainwolf.exe |
"{C493450E-968B-4D0D-954D-EF429FE67FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe |
"{C5BAC148-5913-4142-86CA-4EA7A3AE2D92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\manhole\manhole.exe |
"{C60AF9AE-F283-42F0-A012-35BE18221FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe |
"{CC487497-30BA-487D-8712-FE1C2C1F0DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{CE301A0F-D95C-459A-8893-D3CD9846FB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{D026039B-3786-46A4-B932-936662D90770}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D9B5F9C6-FD49-462E-9749-56D371B126D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{DD60187B-172F-496A-A06D-1BE3C22B55FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{DF23B33D-39E3-4E4E-ACBB-6C08A3FFF098}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{E429AC2E-44DC-4964-B1B9-596FEF2ADE71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E75E513C-B0B9-4BEE-86BE-74EAF48E75AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E78B1C76-A88A-4047-B178-EFBAF88CA80C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the clockwork man 2\the clockwork man - the hidden world.exe |
"{E80F7028-2E83-4BB8-93F3-C9E2F1AB700F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{ED0E3AFE-8FEE-4A63-9B27-BBE033A9A7B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3E730E9-3D13-4B54-AB41-26307BEAA995}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe |
"{F85E099A-3BF8-4E3A-9FDB-64EED70C01C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{FBE90AD3-FDA2-429A-89F7-138410AA87DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{FCBF33EB-6569-4372-9B20-0BDC495A3EB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF6EEB68-7CB4-4A42-B3C3-2718DDFA19A0}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"TCP Query User{5325CA7A-DC57-42EF-942A-91A63799E5AF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{80BAA26F-CC8B-44B9-8C3D-FCB6E468A26F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}" = Digital Cable Advisor(OEM)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2913230-094D-4F41-9EEF-CE9571C450D8}" = SpyroPortalDriver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}" = Scrapbook Factory Deluxe 3.0
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{388DC046-56AD-42F2-AEAD-81B7C47D05AE}" = Activision®
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5C5A944F-096E-4ADD-B8E8-887F18BA6228}" = LEGO® Harry Potter™: Years 5-7
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{63104E84-532C-4011-A4F4-AD6EDF8CC214}" = SpyroDriver
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87CE002F-33CD-4C3A-95CA-6EC98DC1A6C3}" = calibre
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter and the Deathly Hallows™ - Part 1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AnyDVD" = AnyDVD
"BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
"BFGC" = Big Fish Games: Game Manager
"BFG-Fairway Solitaire" = Fairway Solitaire
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®
"BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Ceville" = Ceville
"CloneDVD2" = CloneDVD2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exorcist" = Exorcist
"HandBrake" = HandBrake 0.9.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{388DC046-56AD-42F2-AEAD-81B7C47D05AE}" = Skylanders Spyro's Adventure™
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MyCamera" = Canon Utilities MyCamera
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Plants vs. Zombies" = Plants vs. Zombies
"Slingo Mystery" = Slingo Mystery (remove only)
"Slingo Supreme" = Slingo Supreme (remove only)
"Steam App 102600" = Orcs Must Die!
"Steam App 105600" = Terraria
"Steam App 111010" = The Clockwork Man: The Hidden World
"Steam App 11450" = Overlord
"Steam App 12710" = Overlord: Raising [bleep]
"Steam App 12810" = Overlord II
"Steam App 200710" = Torchlight II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 35600" = Big Brain Wolf
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 38600" = Faerie Solitaire
"Steam App 440" = Team Fortress 2
"Steam App 47890" = The Sims™ 3
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 58200" = Jolly Rover
"Steam App 63600" = realMyst
"Steam App 63610" = Riven
"Steam App 63620" = Cosmic Osmo
"Steam App 63630" = Manhole
"Steam App 63640" = Spelunx
"Steam App 63650" = Uru: Complete Chronicles
"Steam App 63660" = Myst: Masterpiece Edition
"Steam App 65800" = Dungeon Defenders
"THE GAME OF LIFE - Path to Success" = THE GAME OF LIFE - Path to Success (remove only)
"The Treasures of Mystery Island: The Ghost Ship" = The Treasures of Mystery Island: The Ghost Ship
"The Wonder Pets Save the Puppy!" = The Wonder Pets Save the Puppy!
"Uno & Skip-Bo" = Uno & Skip-Bo(remove only)
"Vacation Quest - The Hawaiian Islands" = Vacation Quest - The Hawaiian Islands
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2013 12:15:44 PM | Computer Name = Tricia-VM | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/24/2013 10:39:02 AM | Computer Name = Tricia-VM | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/24/2013 11:05:10 AM | Computer Name = Tricia-VM | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/27/2013 12:41:46 PM | Computer Name = Tricia-VM | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/27/2013 1:14:18 PM | Computer Name = Tricia-VM | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/27/2013 9:54:27 PM | Computer Name = Tricia-VM | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/28/2013 7:12:19 PM | Computer Name = Tricia-VM | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/28/2013 7:46:13 PM | Computer Name = Tricia-VM | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/4/2013 1:05:21 AM | Computer Name = Tricia-VM | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
time stamp: 0x50b8479b Exception code: 0x0000046b Fault offset: 0x0000000000009e5d
Faulting
process id: 0x1228 Faulting application start time: 0x01ce18944b1d2fb0 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 1ce6048e-8489-11e2-93da-00270e03d04b

Error - 3/4/2013 3:39:37 PM | Computer Name = Tricia-VM | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ OSession Events ]
Error - 5/14/2012 2:01:37 PM | Computer Name = Tricia-VM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/4/2013 4:30:38 PM | Computer Name = Tricia-VM | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 3/4/2013 4:30:38 PM | Computer Name = Tricia-VM | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 3/4/2013 4:30:38 PM | Computer Name = Tricia-VM | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 4 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 3/4/2013 4:30:38 PM | Computer Name = Tricia-VM | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 5 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 3/4/2013 4:30:38 PM | Computer Name = Tricia-VM | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 6 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 3/4/2013 4:30:38 PM | Computer Name = Tricia-VM | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 7 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 3/4/2013 4:31:12 PM | Computer Name = Tricia-VM | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%2

Error - 3/4/2013 4:33:34 PM | Computer Name = Tricia-VM | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 3/4/2013 4:33:34 PM | Computer Name = Tricia-VM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 3/4/2013 4:37:31 PM | Computer Name = Tricia-VM | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

< End of report >

#4
Crowbar

Posted 07 March 2013 - 10:39 AM

Teacher

GeekU Moderator
4,798 posts

Hi,

Thank you SO much for helping me.

You are welcome, I'm happy to assist.

First I want to point out that your system drive, c: is really low on available free space.

5.52% Space Free

Windows requires %15-%20 free space to be happy. You may want to archive some old stuff, or uninstall some old programs that you don't use any more to reach the %15.

I would love to see the OTL fix log from the fix you ran, and you should be able to find it in the c:\_OTL\MovedFiles folder. It will be a text file with the file name starting with 03062013

Let's just do these few things below, and take it from there, I don't see too much wrong, just a few little things, but the free space issue will really slow down your system.

Step 1
Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:commands
[createrestorepoint]
:OTL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:260575F1

:commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

In your next reply I would like to see:

OTL fix log from first run
Checkup.txt from security check
OTL fix log from newest run
ADWcleaner log file

#5
Mara99

Posted 08 March 2013 - 10:09 PM

New Member

Topic Starter
Member
5 posts

I went through and deleted some folders (not programs, I'd uninstall

) so hopefully I've got at least 15%.

In your next reply I would like to see:

OTL fix log from first run

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\Windows\6833245EDD86479A882A8360D62C8194.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\6833245EDD86479A882A8360D62C8194.TMP folder deleted successfully.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.
C:\kleaner.tmp\klnFF25.tmp deleted successfully.
C:\kleaner.tmp folder deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tricia
->Temp folder emptied: 1273128 bytes
->Temporary Internet Files folder emptied: 5494594 bytes
->FireFox cache emptied: 70823064 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57342 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1147 bytes

Total Files Cleaned = 74.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03062013_212623

Files\Folders moved on Reboot...
File move failed. C:\Users\Tricia\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Tricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1E8350F5-5C43-4E48-8998-CC00C3099FC2}.tmp moved successfully.
C:\Users\Tricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{30204098-780A-4214-B8B5-FD3A454AA7A4}.tmp moved successfully.
C:\Users\Tricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4DCCAC9B-92CE-46EA-A67D-2C1C3B1EE656}.tmp moved successfully.
C:\Users\Tricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7CE26803-22BF-44B5-BA26-AF2581794166}.tmp moved successfully.
C:\Users\Tricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E07C07D9-B5A0-478A-AB0C-82E14A3FCD7D}.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

============================================================================================
============================================================================================
Checkup.txt from security check

To come soon

============================================================================================
============================================================================================
OTL fix log from newest run

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
ADS C:\ProgramData\TEMP:93F3E4C9 deleted successfully.
ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tricia
->Temp folder emptied: 3696239 bytes
->Temporary Internet Files folder emptied: 279117 bytes
->FireFox cache emptied: 6086786 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53284 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03082013_213807

Files\Folders moved on Reboot...
C:\Users\Tricia\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck.txt moved successfully.
C:\Users\Tricia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

============================================================================================
============================================================================================
ADWcleaner log file

# AdwCleaner v2.114 - Logfile created 03/08/2013 at 21:51:01
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tricia - TRICIA-VM
# Boot Mode : Normal
# Running from : C:\Users\Tricia\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Tricia\AppData\Local\Conduit
Folder Deleted : C:\Users\Tricia\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1138 octets] - [06/03/2013 22:19:51]
AdwCleaner[S1].txt - [1083 octets] - [08/03/2013 21:51:01]

########## EOF - C:\AdwCleaner[S1].txt - [1143 octets] ##########

#6
Crowbar

Posted 08 March 2013 - 10:35 PM

Teacher

GeekU Moderator
4,798 posts

We will see what your free space is shortly.
Good job so far :thumbsup:

Let's keep digging shall we?

Step 1
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Select All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3
I didn't see you run Security Check , so let's do that now.
Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:

TDSS killer log
OTL quick scan (there won't be an extras.txt this time)
Security Check log checkup.txt
How is your computer doing?

#7
Mara99

Posted 08 March 2013 - 10:40 PM

New Member

Topic Starter
Member
5 posts

Here is the log from checkup.txt. I tried to edit the last post but it kept hanging on "save changes".

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky PURE 2.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Skylanders Spyro's Adventure™
SpyroDriver
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.6.602.171
Adobe Reader XI
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 2.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

My computer is running ok, but slow. I'm not getting pop-ups at least.
I'll do the other scans now.
Thanks!

#8
Mara99

Posted 08 March 2013 - 10:59 PM

New Member

Topic Starter
Member
5 posts

It didn't offer a "cure" option, only skip, copy to quarantine or delete. I left "skip" on all of them.

22:40:59.0426 1136 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:40:59.0766 1136 ============================================================
22:40:59.0766 1136 Current date / time: 2013/03/08 22:40:59.0766
22:40:59.0766 1136 SystemInfo:
22:40:59.0766 1136
22:40:59.0766 1136 OS Version: 6.1.7601 ServicePack: 1.0
22:40:59.0766 1136 Product type: Workstation
22:40:59.0766 1136 ComputerName: TRICIA-VM
22:40:59.0766 1136 UserName: Tricia
22:40:59.0766 1136 Windows directory: C:\Windows
22:40:59.0766 1136 System windows directory: C:\Windows
22:40:59.0766 1136 Running under WOW64
22:40:59.0766 1136 Processor architecture: Intel x64
22:40:59.0766 1136 Number of processors: 8
22:40:59.0766 1136 Page size: 0x1000
22:40:59.0766 1136 Boot type: Normal boot
22:40:59.0766 1136 ============================================================
22:41:01.0299 1136 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:41:01.0319 1136 ============================================================
22:41:01.0319 1136 \Device\Harddisk0\DR0:
22:41:01.0320 1136 MBR partitions:
22:41:01.0320 1136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:41:01.0320 1136 ============================================================
22:41:01.0357 1136 C: <-> \Device\Harddisk0\DR0\Partition1
22:41:01.0357 1136 ============================================================
22:41:01.0357 1136 Initialize success
22:41:01.0357 1136 ============================================================
22:42:01.0908 1568 ============================================================
22:42:01.0908 1568 Scan started
22:42:01.0908 1568 Mode: Manual; SigCheck; TDLFS;
22:42:01.0908 1568 ============================================================
22:42:03.0156 1568 ================ Scan system memory ========================
22:42:03.0156 1568 System memory - ok
22:42:03.0157 1568 ================ Scan services =============================
22:42:03.0226 1568 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:42:03.0263 1568 !SASCORE - ok
22:42:03.0479 1568 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:42:03.0558 1568 1394ohci - ok
22:42:03.0696 1568 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:42:03.0711 1568 ACDaemon - ok
22:42:03.0765 1568 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:42:03.0780 1568 ACPI - ok
22:42:03.0798 1568 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:42:03.0878 1568 AcpiPmi - ok
22:42:03.0978 1568 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:42:03.0988 1568 AdobeARMservice - ok
22:42:04.0134 1568 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:42:04.0144 1568 AdobeFlashPlayerUpdateSvc - ok
22:42:04.0196 1568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:42:04.0216 1568 adp94xx - ok
22:42:04.0245 1568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:42:04.0261 1568 adpahci - ok
22:42:04.0285 1568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:42:04.0297 1568 adpu320 - ok
22:42:04.0323 1568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:42:04.0478 1568 AeLookupSvc - ok
22:42:04.0572 1568 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:42:04.0642 1568 AFD - ok
22:42:04.0696 1568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:42:04.0706 1568 agp440 - ok
22:42:04.0754 1568 [ DADA9751964A7D217A762C873C332B0E ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
22:42:04.0765 1568 ahcix64s - ok
22:42:04.0806 1568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:42:04.0985 1568 ALG - ok
22:42:05.0018 1568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:42:05.0028 1568 aliide - ok
22:42:05.0063 1568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:42:05.0088 1568 amdide - ok
22:42:05.0147 1568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:42:05.0208 1568 AmdK8 - ok
22:42:05.0223 1568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:42:05.0245 1568 AmdPPM - ok
22:42:05.0261 1568 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:42:05.0272 1568 amdsata - ok
22:42:05.0289 1568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:42:05.0302 1568 amdsbs - ok
22:42:05.0312 1568 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:42:05.0324 1568 amdxata - ok
22:42:05.0395 1568 [ 87C85800AD1C38933FDB8B6DF1E250FA ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
22:42:05.0406 1568 AnyDVD - ok
22:42:05.0454 1568 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:42:05.0589 1568 AppID - ok
22:42:05.0620 1568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:42:05.0725 1568 AppIDSvc - ok
22:42:05.0767 1568 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:42:05.0821 1568 Appinfo - ok
22:42:05.0982 1568 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:42:05.0992 1568 Apple Mobile Device - ok
22:42:06.0011 1568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:42:06.0023 1568 arc - ok
22:42:06.0058 1568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:42:06.0070 1568 arcsas - ok
22:42:06.0205 1568 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:42:06.0216 1568 aspnet_state - ok
22:42:06.0250 1568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:06.0316 1568 AsyncMac - ok
22:42:06.0351 1568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:42:06.0362 1568 atapi - ok
22:42:06.0502 1568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:42:06.0563 1568 AudioEndpointBuilder - ok
22:42:06.0571 1568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:42:06.0603 1568 AudioSrv - ok
22:42:06.0712 1568 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
22:42:06.0722 1568 AVP - ok
22:42:06.0774 1568 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:42:06.0868 1568 AxInstSV - ok
22:42:06.0895 1568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:42:06.0940 1568 b06bdrv - ok
22:42:06.0966 1568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:42:07.0022 1568 b57nd60a - ok
22:42:07.0065 1568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:42:07.0112 1568 BDESVC - ok
22:42:07.0144 1568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:42:07.0229 1568 Beep - ok
22:42:07.0321 1568 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:42:07.0381 1568 BFE - ok
22:42:07.0461 1568 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:42:07.0529 1568 BITS - ok
22:42:07.0565 1568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:42:07.0590 1568 blbdrive - ok
22:42:07.0711 1568 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:42:07.0723 1568 Bonjour Service - ok
22:42:07.0784 1568 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:42:07.0841 1568 bowser - ok
22:42:07.0890 1568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:42:07.0953 1568 BrFiltLo - ok
22:42:07.0963 1568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:42:07.0975 1568 BrFiltUp - ok
22:42:08.0007 1568 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:42:08.0045 1568 Browser - ok
22:42:08.0060 1568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:42:08.0127 1568 Brserid - ok
22:42:08.0151 1568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:42:08.0194 1568 BrSerWdm - ok
22:42:08.0216 1568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:42:08.0256 1568 BrUsbMdm - ok
22:42:08.0283 1568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:42:08.0318 1568 BrUsbSer - ok
22:42:08.0348 1568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:42:08.0375 1568 BTHMODEM - ok
22:42:08.0404 1568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:42:08.0500 1568 bthserv - ok
22:42:08.0528 1568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:42:08.0574 1568 cdfs - ok
22:42:08.0633 1568 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:42:08.0661 1568 cdrom - ok
22:42:08.0719 1568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:42:08.0791 1568 CertPropSvc - ok
22:42:09.0270 1568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:42:09.0339 1568 circlass - ok
22:42:09.0363 1568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:42:09.0376 1568 CLFS - ok
22:42:09.0435 1568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:42:09.0445 1568 clr_optimization_v2.0.50727_32 - ok
22:42:09.0500 1568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:42:09.0511 1568 clr_optimization_v2.0.50727_64 - ok
22:42:09.0631 1568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:42:09.0642 1568 clr_optimization_v4.0.30319_32 - ok
22:42:09.0687 1568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:42:09.0697 1568 clr_optimization_v4.0.30319_64 - ok
22:42:09.0725 1568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:42:09.0750 1568 CmBatt - ok
22:42:09.0767 1568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:42:09.0777 1568 cmdide - ok
22:42:09.0818 1568 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:42:09.0865 1568 CNG - ok
22:42:09.0917 1568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:42:09.0927 1568 Compbatt - ok
22:42:09.0993 1568 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:42:10.0034 1568 CompositeBus - ok
22:42:10.0055 1568 COMSysApp - ok
22:42:10.0084 1568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:42:10.0094 1568 crcdisk - ok
22:42:10.0202 1568 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:42:10.0282 1568 CryptSvc - ok
22:42:10.0330 1568 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
22:42:10.0338 1568 CSCrySec - ok
22:42:10.0491 1568 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
22:42:10.0510 1568 CSObjectsSrv - ok
22:42:10.0545 1568 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
22:42:10.0553 1568 CSVirtualDiskDrv - ok
22:42:10.0610 1568 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
22:42:10.0714 1568 DAdderFltr - ok
22:42:10.0835 1568 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
22:42:10.0844 1568 DAUpdaterSvc - ok
22:42:10.0922 1568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:42:10.0984 1568 DcomLaunch - ok
22:42:11.0021 1568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:42:11.0079 1568 defragsvc - ok
22:42:11.0117 1568 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:42:11.0163 1568 DfsC - ok
22:42:11.0197 1568 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:42:11.0252 1568 Dhcp - ok
22:42:11.0290 1568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:42:11.0340 1568 discache - ok
22:42:11.0384 1568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:42:11.0395 1568 Disk - ok
22:42:11.0430 1568 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:42:11.0496 1568 Dnscache - ok
22:42:11.0550 1568 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:42:11.0606 1568 dot3svc - ok
22:42:11.0658 1568 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:42:11.0717 1568 DPS - ok
22:42:11.0751 1568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:42:11.0766 1568 drmkaud - ok
22:42:11.0816 1568 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:42:11.0850 1568 DXGKrnl - ok
22:42:11.0882 1568 [ 52A482DC61F24B498C8268866B90BB44 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
22:42:11.0893 1568 e1kexpress - ok
22:42:11.0922 1568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:42:11.0972 1568 EapHost - ok
22:42:12.0025 1568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:42:12.0108 1568 ebdrv - ok
22:42:12.0137 1568 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:42:12.0189 1568 EFS - ok
22:42:12.0258 1568 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:42:12.0324 1568 ehRecvr - ok
22:42:12.0343 1568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:42:12.0419 1568 ehSched - ok
22:42:12.0480 1568 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
22:42:12.0489 1568 ElbyCDIO - ok
22:42:12.0535 1568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:42:12.0566 1568 elxstor - ok
22:42:12.0596 1568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:42:12.0634 1568 ErrDev - ok
22:42:12.0734 1568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:42:12.0836 1568 EventSystem - ok
22:42:12.0882 1568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:42:12.0911 1568 exfat - ok
22:42:12.0928 1568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:42:12.0973 1568 fastfat - ok
22:42:13.0025 1568 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:42:13.0075 1568 Fax - ok
22:42:13.0085 1568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:42:13.0119 1568 fdc - ok
22:42:13.0143 1568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:42:13.0194 1568 fdPHost - ok
22:42:13.0216 1568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:42:13.0265 1568 FDResPub - ok
22:42:13.0288 1568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:42:13.0299 1568 FileInfo - ok
22:42:13.0327 1568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:42:13.0381 1568 Filetrace - ok
22:42:13.0405 1568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:42:13.0417 1568 flpydisk - ok
22:42:13.0434 1568 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:42:13.0447 1568 FltMgr - ok
22:42:13.0502 1568 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:42:13.0531 1568 FontCache - ok
22:42:13.0586 1568 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:42:13.0595 1568 FontCache3.0.0.0 - ok
22:42:13.0615 1568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:42:13.0625 1568 FsDepends - ok
22:42:13.0660 1568 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:42:13.0691 1568 Fs_Rec - ok
22:42:13.0779 1568 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:42:13.0794 1568 fvevol - ok
22:42:13.0827 1568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:42:13.0837 1568 gagp30kx - ok
22:42:13.0915 1568 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:13.0923 1568 GEARAspiWDM - ok
22:42:14.0013 1568 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:42:14.0073 1568 gpsvc - ok
22:42:14.0091 1568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:42:14.0153 1568 hcw85cir - ok
22:42:14.0232 1568 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:42:14.0280 1568 HdAudAddService - ok
22:42:14.0314 1568 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:42:14.0363 1568 HDAudBus - ok
22:42:14.0366 1568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:42:14.0378 1568 HidBatt - ok
22:42:14.0395 1568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:42:14.0432 1568 HidBth - ok
22:42:14.0435 1568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:42:14.0462 1568 HidIr - ok
22:42:14.0482 1568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:42:14.0538 1568 hidserv - ok
22:42:14.0608 1568 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:42:14.0618 1568 HidUsb - ok
22:42:14.0653 1568 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:42:14.0708 1568 hkmsvc - ok
22:42:14.0746 1568 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:42:14.0801 1568 HomeGroupListener - ok
22:42:14.0866 1568 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:42:14.0917 1568 HomeGroupProvider - ok
22:42:14.0945 1568 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:42:14.0956 1568 HpSAMD - ok
22:42:15.0027 1568 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:42:15.0089 1568 HTTP - ok
22:42:15.0122 1568 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:42:15.0131 1568 hwpolicy - ok
22:42:15.0192 1568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:42:15.0203 1568 i8042prt - ok
22:42:15.0339 1568 [ 5F118F3081AFBC833A2D9CD1C213411A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:42:15.0506 1568 iaStor - ok
22:42:15.0540 1568 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:42:15.0556 1568 iaStorV - ok
22:42:15.0638 1568 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:42:15.0649 1568 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:42:15.0649 1568 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:42:15.0742 1568 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:42:15.0780 1568 idsvc - ok
22:42:15.0802 1568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:42:15.0813 1568 iirsp - ok
22:42:15.0871 1568 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:42:15.0947 1568 IKEEXT - ok
22:42:16.0042 1568 [ 52D9171838BB92319F23656F502916E9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:42:16.0095 1568 IntcAzAudAddService - ok
22:42:16.0135 1568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:42:16.0145 1568 intelide - ok
22:42:16.0176 1568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:42:16.0214 1568 intelppm - ok
22:42:16.0250 1568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:42:16.0307 1568 IPBusEnum - ok
22:42:16.0337 1568 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:16.0394 1568 IpFilterDriver - ok
22:42:16.0444 1568 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:42:16.0520 1568 iphlpsvc - ok
22:42:16.0559 1568 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:42:16.0600 1568 IPMIDRV - ok
22:42:16.0636 1568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:42:16.0688 1568 IPNAT - ok
22:42:16.0814 1568 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:42:16.0827 1568 iPod Service - ok
22:42:16.0899 1568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:42:16.0951 1568 IRENUM - ok
22:42:16.0996 1568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:42:17.0005 1568 isapnp - ok
22:42:17.0070 1568 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:42:17.0091 1568 iScsiPrt - ok
22:42:17.0108 1568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:17.0118 1568 kbdclass - ok
22:42:17.0145 1568 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:17.0187 1568 kbdhid - ok
22:42:17.0212 1568 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:42:17.0224 1568 KeyIso - ok
22:42:17.0291 1568 [ 73BF91EFBE1F788D0615A396A9211A4B ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
22:42:17.0307 1568 kl1 - ok
22:42:17.0367 1568 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:42:17.0375 1568 kl2 - ok
22:42:17.0484 1568 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:42:17.0503 1568 KLIF - ok
22:42:17.0537 1568 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
22:42:17.0545 1568 KLIM6 - ok
22:42:17.0572 1568 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
22:42:17.0580 1568 klmouflt - ok
22:42:17.0618 1568 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:42:17.0642 1568 KSecDD - ok
22:42:17.0704 1568 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:42:17.0715 1568 KSecPkg - ok
22:42:17.0739 1568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:42:17.0797 1568 ksthunk - ok
22:42:17.0835 1568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:42:17.0897 1568 KtmRm - ok
22:42:17.0955 1568 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:42:18.0008 1568 LanmanServer - ok
22:42:18.0041 1568 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:42:18.0091 1568 LanmanWorkstation - ok
22:42:18.0153 1568 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
22:42:18.0162 1568 LGBusEnum - ok
22:42:18.0222 1568 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
22:42:18.0230 1568 LGVirHid - ok
22:42:18.0260 1568 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:42:18.0264 1568 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:42:18.0264 1568 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:42:18.0311 1568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:42:18.0354 1568 lltdio - ok
22:42:18.0383 1568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:42:18.0444 1568 lltdsvc - ok
22:42:18.0464 1568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:42:18.0512 1568 lmhosts - ok
22:42:18.0560 1568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:42:18.0571 1568 LSI_FC - ok
22:42:18.0574 1568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:42:18.0586 1568 LSI_SAS - ok
22:42:18.0595 1568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:42:18.0606 1568 LSI_SAS2 - ok
22:42:18.0621 1568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:42:18.0633 1568 LSI_SCSI - ok
22:42:18.0664 1568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:42:18.0741 1568 luafv - ok
22:42:18.0772 1568 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:42:18.0801 1568 Mcx2Svc - ok
22:42:18.0819 1568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:42:18.0831 1568 megasas - ok
22:42:18.0848 1568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:42:18.0866 1568 MegaSR - ok
22:42:18.0900 1568 [ 99F2B93C85F76722919133F656EA2958 ] MegaSR1 C:\Windows\system32\DRIVERS\MegaSR1.sys
22:42:18.0923 1568 MegaSR1 - ok
22:42:18.0939 1568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:42:18.0981 1568 MMCSS - ok
22:42:19.0001 1568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:42:19.0060 1568 Modem - ok
22:42:19.0101 1568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:42:19.0132 1568 monitor - ok
22:42:19.0160 1568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:42:19.0170 1568 mouclass - ok
22:42:19.0188 1568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:42:19.0230 1568 mouhid - ok
22:42:19.0256 1568 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:42:19.0266 1568 mountmgr - ok
22:42:19.0331 1568 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:42:19.0341 1568 MozillaMaintenance - ok
22:42:19.0385 1568 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:42:19.0397 1568 mpio - ok
22:42:19.0419 1568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:42:19.0447 1568 mpsdrv - ok
22:42:19.0537 1568 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:42:19.0607 1568 MpsSvc - ok
22:42:19.0680 1568 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:42:19.0720 1568 MRxDAV - ok
22:42:19.0820 1568 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:19.0900 1568 mrxsmb - ok
22:42:19.0968 1568 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:20.0017 1568 mrxsmb10 - ok
22:42:20.0053 1568 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:20.0083 1568 mrxsmb20 - ok
22:42:20.0110 1568 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:42:20.0120 1568 msahci - ok
22:42:20.0142 1568 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:42:20.0154 1568 msdsm - ok
22:42:20.0164 1568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:42:20.0194 1568 MSDTC - ok
22:42:20.0224 1568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:42:20.0253 1568 Msfs - ok
22:42:20.0264 1568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:42:20.0315 1568 mshidkmdf - ok
22:42:20.0332 1568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:42:20.0341 1568 msisadrv - ok
22:42:20.0379 1568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:42:20.0431 1568 MSiSCSI - ok
22:42:20.0434 1568 msiserver - ok
22:42:20.0472 1568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:42:20.0501 1568 MSKSSRV - ok
22:42:20.0516 1568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:20.0555 1568 MSPCLOCK - ok
22:42:20.0570 1568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:42:20.0625 1568 MSPQM - ok
22:42:20.0679 1568 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:42:20.0697 1568 MsRPC - ok
22:42:20.0731 1568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:42:20.0741 1568 mssmbios - ok
22:42:20.0791 1568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:42:20.0852 1568 MSTEE - ok
22:42:20.0879 1568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:42:20.0923 1568 MTConfig - ok
22:42:20.0954 1568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:42:20.0964 1568 Mup - ok
22:42:21.0009 1568 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:42:21.0072 1568 napagent - ok
22:42:21.0101 1568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:42:21.0147 1568 NativeWifiP - ok
22:42:21.0219 1568 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:42:21.0262 1568 NDIS - ok
22:42:21.0280 1568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:42:21.0321 1568 NdisCap - ok
22:42:21.0349 1568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:21.0379 1568 NdisTapi - ok
22:42:21.0425 1568 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:21.0453 1568 Ndisuio - ok
22:42:21.0501 1568 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:21.0550 1568 NdisWan - ok
22:42:22.0029 1568 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:42:22.0130 1568 NDProxy - ok
22:42:22.0151 1568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:42:22.0198 1568 NetBIOS - ok
22:42:22.0272 1568 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:42:22.0300 1568 NetBT - ok
22:42:22.0312 1568 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:42:22.0323 1568 Netlogon - ok
22:42:22.0361 1568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:42:22.0419 1568 Netman - ok
22:42:22.0474 1568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:22.0484 1568 NetMsmqActivator - ok
22:42:22.0492 1568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:22.0501 1568 NetPipeActivator - ok
22:42:22.0521 1568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:42:22.0575 1568 netprofm - ok
22:42:22.0594 1568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:22.0603 1568 NetTcpActivator - ok
22:42:22.0606 1568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:22.0614 1568 NetTcpPortSharing - ok
22:42:22.0632 1568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:42:22.0643 1568 nfrd960 - ok
22:42:22.0677 1568 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:42:22.0733 1568 NlaSvc - ok
22:42:22.0735 1568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:42:22.0764 1568 Npfs - ok
22:42:22.0834 1568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:42:22.0885 1568 nsi - ok
22:42:22.0902 1568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:42:22.0941 1568 nsiproxy - ok
22:42:23.0001 1568 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:42:23.0041 1568 Ntfs - ok
22:42:23.0056 1568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:42:23.0117 1568 Null - ok
22:42:23.0604 1568 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:42:23.0905 1568 nvlddmkm - ok
22:42:23.0925 1568 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:42:23.0937 1568 nvraid - ok
22:42:23.0968 1568 [ 8787D3EECE88611A313DE7608C44C04D ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
22:42:23.0977 1568 nvrd64 - ok
22:42:24.0013 1568 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:42:24.0025 1568 nvstor - ok
22:42:24.0051 1568 [ F3D7B0EDE156583F6FD3D2B5E898E2B6 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:42:24.0061 1568 nvstor64 - ok
22:42:24.0117 1568 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:42:24.0136 1568 nvsvc - ok
22:42:24.0282 1568 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:42:24.0320 1568 nvUpdatusService - ok
22:42:24.0357 1568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:42:24.0384 1568 nv_agp - ok
22:42:24.0505 1568 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:42:24.0520 1568 odserv - ok
22:42:24.0553 1568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:42:24.0567 1568 ohci1394 - ok
22:42:24.0619 1568 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:24.0629 1568 ose - ok
22:42:24.0673 1568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:42:24.0738 1568 p2pimsvc - ok
22:42:24.0776 1568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:42:24.0807 1568 p2psvc - ok
22:42:24.0842 1568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:42:24.0854 1568 Parport - ok
22:42:24.0888 1568 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:42:24.0899 1568 partmgr - ok
22:42:24.0929 1568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:42:24.0969 1568 PcaSvc - ok
22:42:25.0007 1568 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:42:25.0019 1568 pci - ok
22:42:25.0050 1568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:42:25.0061 1568 pciide - ok
22:42:25.0075 1568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:25.0089 1568 pcmcia - ok
22:42:25.0111 1568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:42:25.0122 1568 pcw - ok
22:42:25.0145 1568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:42:25.0198 1568 PEAUTH - ok
22:42:25.0400 1568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:42:25.0440 1568 PerfHost - ok
22:42:25.0597 1568 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:42:25.0733 1568 pla - ok
22:42:25.0840 1568 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:42:25.0990 1568 PlugPlay - ok
22:42:26.0011 1568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:42:26.0028 1568 PNRPAutoReg - ok
22:42:26.0041 1568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:42:26.0054 1568 PNRPsvc - ok
22:42:26.0102 1568 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:42:26.0160 1568 PolicyAgent - ok
22:42:26.0200 1568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:42:26.0253 1568 Power - ok
22:42:26.0289 1568 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:42:26.0317 1568 PptpMiniport - ok
22:42:26.0352 1568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:42:26.0385 1568 Processor - ok
22:42:26.0428 1568 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:42:26.0483 1568 ProfSvc - ok
22:42:26.0501 1568 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:42:26.0511 1568 ProtectedStorage - ok
22:42:26.0572 1568 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:42:26.0625 1568 Psched - ok
22:42:26.0724 1568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:42:26.0770 1568 ql2300 - ok
22:42:26.0807 1568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:42:26.0832 1568 ql40xx - ok
22:42:26.0871 1568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:42:26.0889 1568 QWAVE - ok
22:42:26.0910 1568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:42:26.0942 1568 QWAVEdrv - ok
22:42:26.0959 1568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:42:26.0989 1568 RasAcd - ok
22:42:27.0023 1568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:42:27.0051 1568 RasAgileVpn - ok
22:42:27.0061 1568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:42:27.0121 1568 RasAuto - ok
22:42:27.0158 1568 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:27.0212 1568 Rasl2tp - ok
22:42:27.0240 1568 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:42:27.0293 1568 RasMan - ok
22:42:27.0317 1568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:27.0369 1568 RasPppoe - ok
22:42:27.0393 1568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:42:27.0442 1568 RasSstp - ok
22:42:27.0497 1568 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:42:27.0536 1568 rdbss - ok
22:42:27.0551 1568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:42:27.0594 1568 rdpbus - ok
22:42:27.0617 1568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:27.0672 1568 RDPCDD - ok
22:42:27.0699 1568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:42:27.0742 1568 RDPENCDD - ok
22:42:27.0763 1568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:42:27.0789 1568 RDPREFMP - ok
22:42:27.0828 1568 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:42:27.0893 1568 RDPWD - ok
22:42:27.0931 1568 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:42:27.0944 1568 rdyboost - ok
22:42:27.0972 1568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:42:28.0030 1568 RemoteAccess - ok
22:42:28.0060 1568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:42:28.0117 1568 RemoteRegistry - ok
22:42:28.0145 1568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:42:28.0209 1568 RpcEptMapper - ok
22:42:28.0228 1568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:42:28.0254 1568 RpcLocator - ok
22:42:28.0297 1568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:42:28.0330 1568 RpcSs - ok
22:42:28.0367 1568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:42:28.0395 1568 rspndr - ok
22:42:28.0400 1568 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:42:28.0413 1568 SamSs - ok
22:42:28.0457 1568 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:42:28.0465 1568 SASDIFSV - ok
22:42:28.0490 1568 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:42:28.0498 1568 SASKUTIL - ok
22:42:28.0533 1568 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:42:28.0544 1568 sbp2port - ok
22:42:28.0576 1568 SBSDWSCService - ok
22:42:28.0597 1568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:42:28.0628 1568 SCardSvr - ok
22:42:28.0705 1568 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:42:28.0754 1568 scfilter - ok
22:42:28.0820 1568 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:42:28.0877 1568 Schedule - ok
22:42:28.0899 1568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:42:28.0926 1568 SCPolicySvc - ok
22:42:28.0959 1568 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:42:28.0999 1568 SDRSVC - ok
22:42:29.0047 1568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:42:29.0094 1568 secdrv - ok
22:42:29.0129 1568 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:42:29.0158 1568 seclogon - ok
22:42:29.0174 1568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:42:29.0204 1568 SENS - ok
22:42:29.0219 1568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:42:29.0238 1568 SensrSvc - ok
22:42:29.0244 1568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:42:29.0278 1568 Serenum - ok
22:42:29.0316 1568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:42:29.0329 1568 Serial - ok
22:42:29.0338 1568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:42:29.0348 1568 sermouse - ok
22:42:29.0393 1568 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:42:29.0457 1568 SessionEnv - ok
22:42:29.0486 1568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:42:29.0524 1568 sffdisk - ok
22:42:29.0547 1568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:42:29.0596 1568 sffp_mmc - ok
22:42:29.0616 1568 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:42:29.0652 1568 sffp_sd - ok
22:42:29.0697 1568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:42:29.0708 1568 sfloppy - ok
22:42:29.0790 1568 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:42:29.0822 1568 SharedAccess - ok
22:42:29.0888 1568 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:42:29.0939 1568 ShellHWDetection - ok
22:42:29.0966 1568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:42:29.0977 1568 SiSRaid2 - ok
22:42:29.0998 1568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:42:30.0009 1568 SiSRaid4 - ok
22:42:30.0026 1568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:42:30.0072 1568 Smb - ok
22:42:30.0102 1568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:42:30.0133 1568 SNMPTRAP - ok
22:42:30.0157 1568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:42:30.0167 1568 spldr - ok
22:42:30.0214 1568 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:42:30.0251 1568 Spooler - ok
22:42:30.0330 1568 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:42:30.0438 1568 sppsvc - ok
22:42:30.0485 1568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:42:30.0549 1568 sppuinotify - ok
22:42:30.0661 1568 [ 6FBEB99A5AB20BC6AD390BE2AA12CDF9 ] SpyroService C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
22:42:30.0689 1568 SpyroService ( UnsignedFile.Multi.Generic ) - warning
22:42:30.0689 1568 SpyroService - detected UnsignedFile.Multi.Generic (1)
22:42:30.0726 1568 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:42:30.0829 1568 srv - ok
22:42:30.0880 1568 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:42:30.0936 1568 srv2 - ok
22:42:30.0955 1568 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:42:30.0993 1568 srvnet - ok
22:42:31.0052 1568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:42:31.0120 1568 SSDPSRV - ok
22:42:31.0141 1568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:42:31.0172 1568 SstpSvc - ok
22:42:31.0222 1568 Steam Client Service - ok
22:42:31.0403 1568 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:42:31.0415 1568 Stereo Service - ok
22:42:31.0465 1568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:42:31.0476 1568 stexstor - ok
22:42:31.0525 1568 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:42:31.0574 1568 stisvc - ok
22:42:31.0607 1568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:42:31.0616 1568 swenum - ok
22:42:31.0669 1568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:42:31.0759 1568 swprv - ok
22:42:31.0853 1568 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:42:31.0950 1568 SysMain - ok
22:42:31.0988 1568 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:42:32.0032 1568 TabletInputService - ok
22:42:32.0058 1568 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:42:32.0117 1568 TapiSrv - ok
22:42:32.0146 1568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:42:32.0175 1568 TBS - ok
22:42:32.0338 1568 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:42:32.0414 1568 Tcpip - ok
22:42:32.0448 1568 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:42:32.0478 1568 TCPIP6 - ok
22:42:32.0522 1568 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:42:32.0579 1568 tcpipreg - ok
22:42:32.0614 1568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:42:32.0698 1568 TDPIPE - ok
22:42:32.0733 1568 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:42:32.0773 1568 TDTCP - ok
22:42:32.0831 1568 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:42:32.0858 1568 tdx - ok
22:42:32.0889 1568 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:42:32.0900 1568 TermDD - ok
22:42:32.0943 1568 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:42:33.0008 1568 TermService - ok
22:42:33.0043 1568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:42:33.0069 1568 Themes - ok
22:42:33.0096 1568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:42:33.0123 1568 THREADORDER - ok
22:42:33.0140 1568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:42:33.0170 1568 TrkWks - ok
22:42:33.0235 1568 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:42:33.0286 1568 TrustedInstaller - ok
22:42:33.0348 1568 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:33.0426 1568 tssecsrv - ok
22:42:33.0483 1568 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:42:33.0530 1568 TsUsbFlt - ok
22:42:33.0572 1568 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:42:33.0619 1568 tunnel - ok
22:42:33.0702 1568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:42:33.0713 1568 uagp35 - ok
22:42:33.0766 1568 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:42:33.0827 1568 udfs - ok
22:42:33.0862 1568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:42:33.0874 1568 UI0Detect - ok
22:42:33.0913 1568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:42:33.0923 1568 uliagpkx - ok
22:42:33.0986 1568 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:42:34.0019 1568 umbus - ok
22:42:34.0046 1568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:42:34.0086 1568 UmPass - ok
22:42:34.0109 1568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:42:34.0154 1568 upnphost - ok
22:42:34.0195 1568 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:42:34.0214 1568 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:42:34.0214 1568 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:42:34.0239 1568 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:42:34.0260 1568 usbaudio - ok
22:42:34.0287 1568 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:34.0343 1568 usbccgp - ok
22:42:34.0366 1568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:42:34.0381 1568 usbcir - ok
22:42:34.0408 1568 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:42:35.0036 1568 usbehci - ok
22:42:35.0201 1568 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:42:35.0246 1568 usbhub - ok
22:42:35.0269 1568 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:42:35.0307 1568 usbohci - ok
22:42:35.0336 1568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:42:35.0370 1568 usbprint - ok
22:42:35.0404 1568 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:42:35.0453 1568 usbscan - ok
22:42:35.0481 1568 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:35.0520 1568 USBSTOR - ok
22:42:35.0527 1568 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:42:35.0557 1568 usbuhci - ok
22:42:35.0587 1568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:42:35.0618 1568 UxSms - ok
22:42:35.0624 1568 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:42:35.0635 1568 VaultSvc - ok
22:42:35.0711 1568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:42:35.0722 1568 vdrvroot - ok
22:42:35.0758 1568 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:42:35.0804 1568 vds - ok
22:42:35.0832 1568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:35.0846 1568 vga - ok
22:42:35.0859 1568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:42:35.0907 1568 VgaSave - ok
22:42:35.0937 1568 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:42:35.0950 1568 vhdmp - ok
22:42:35.0969 1568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:42:35.0980 1568 viaide - ok
22:42:35.0996 1568 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:42:36.0007 1568 volmgr - ok
22:42:36.0039 1568 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:42:36.0055 1568 volmgrx - ok
22:42:36.0066 1568 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:42:36.0082 1568 volsnap - ok
22:42:36.0110 1568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:42:36.0122 1568 vsmraid - ok
22:42:36.0198 1568 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:42:36.0270 1568 VSS - ok
22:42:36.0292 1568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:42:36.0324 1568 vwifibus - ok
22:42:36.0375 1568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:42:36.0435 1568 W32Time - ok
22:42:36.0453 1568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:42:36.0479 1568 WacomPen - ok
22:42:36.0502 1568 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:42:36.0552 1568 WANARP - ok
22:42:36.0575 1568 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:42:36.0604 1568 Wanarpv6 - ok
22:42:36.0687 1568 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:42:36.0731 1568 WatAdminSvc - ok
22:42:36.0816 1568 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:42:36.0918 1568 wbengine - ok
22:42:36.0952 1568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:42:36.0969 1568 WbioSrvc - ok
22:42:37.0002 1568 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:42:37.0040 1568 wcncsvc - ok
22:42:37.0060 1568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:42:37.0115 1568 WcsPlugInService - ok
22:42:37.0130 1568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:42:37.0141 1568 Wd - ok
22:42:37.0184 1568 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:42:37.0216 1568 Wdf01000 - ok
22:42:37.0241 1568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:42:37.0347 1568 WdiServiceHost - ok
22:42:37.0356 1568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:42:37.0370 1568 WdiSystemHost - ok
22:42:37.0405 1568 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:42:37.0455 1568 WebClient - ok
22:42:37.0487 1568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:42:37.0548 1568 Wecsvc - ok
22:42:37.0564 1568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:42:37.0611 1568 wercplsupport - ok
22:42:37.0633 1568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:42:37.0675 1568 WerSvc - ok
22:42:37.0716 1568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:42:37.0742 1568 WfpLwf - ok
22:42:37.0771 1568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:42:37.0781 1568 WIMMount - ok
22:42:37.0809 1568 WinDefend - ok
22:42:37.0813 1568 WinHttpAutoProxySvc - ok
22:42:37.0933 1568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:42:37.0982 1568 Winmgmt - ok
22:42:38.0036 1568 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:42:38.0112 1568 WinRM - ok
22:42:38.0193 1568 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:42:38.0236 1568 WinUsb - ok
22:42:38.0276 1568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:42:38.0342 1568 Wlansvc - ok
22:42:38.0469 1568 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:42:38.0518 1568 wlidsvc - ok
22:42:38.0555 1568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:42:38.0576 1568 WmiAcpi - ok
22:42:38.0605 1568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:42:38.0643 1568 wmiApSrv - ok
22:42:38.0688 1568 WMPNetworkSvc - ok
22:42:38.0702 1568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:42:38.0725 1568 WPCSvc - ok
22:42:38.0786 1568 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:42:38.0801 1568 WPDBusEnum - ok
22:42:38.0835 1568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:42:38.0864 1568 ws2ifsl - ok
22:42:38.0896 1568 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:42:38.0948 1568 wscsvc - ok
22:42:38.0951 1568 WSearch - ok
22:42:39.0113 1568 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:42:39.0180 1568 wuauserv - ok
22:42:39.0220 1568 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:42:39.0272 1568 WudfPf - ok
22:42:39.0323 1568 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:39.0372 1568 WUDFRd - ok
22:42:39.0401 1568 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:42:39.0444 1568 wudfsvc - ok
22:42:39.0487 1568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:42:39.0516 1568 WwanSvc - ok
22:42:39.0519 1568 ================ Scan global ===============================
22:42:39.0550 1568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:42:39.0592 1568 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:42:39.0610 1568 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:42:39.0643 1568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:42:39.0667 1568 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:42:39.0670 1568 [Global] - ok
22:42:39.0670 1568 ================ Scan MBR ==================================
22:42:39.0684 1568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:42:40.0306 1568 \Device\Harddisk0\DR0 - ok
22:42:40.0306 1568 ================ Scan VBR ==================================
22:42:40.0327 1568 [ FF6E1E83D0B90635DA9FE83562C20328 ] \Device\Harddisk0\DR0\Partition1
22:42:40.0328 1568 \Device\Harddisk0\DR0\Partition1 - ok
22:42:40.0328 1568 ============================================================
22:42:40.0328 1568 Scan finished
22:42:40.0328 1568 ============================================================
22:42:40.0334 5828 Detected object count: 4
22:42:40.0334 5828 Actual detected object count: 4
22:43:38.0897 5828 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:38.0897 5828 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:38.0898 5828 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:38.0898 5828 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:38.0899 5828 SpyroService ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:38.0899 5828 SpyroService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:38.0900 5828 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:38.0900 5828 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:44.0715 5644 Deinitialize success

===============================================================

OTL logfile created on: 3/8/2013 10:46:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tricia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 62.46% Memory free
15.98 Gb Paging File | 11.81 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 62.88 Gb Free Space | 6.75% Space Free | Partition Type: NTFS

Computer Name: TRICIA-VM | User Name: Tricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/08 13:09:53 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/04 16:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
PRC - [2013/02/25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/20 09:41:08 | 000,050,688 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/09/22 15:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/08 13:09:53 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/25 07:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/19 11:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2009/09/22 15:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2006/11/24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/08 13:09:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 10:21:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/20 09:41:08 | 000,050,688 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/12/15 14:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/17 17:13:55 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/29 14:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/23 15:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 16:15:16 | 000,462,344 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/19 15:44:44 | 000,209,424 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2007/08/02 17:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2005/02/17 09:30:22 | 000,502,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/01/29 14:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.velocitymicro.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: safe%40cesaroliveira.net:1.1.2
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: citius@orbiscom:3.7.11.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/12/17 17:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 13:09:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 13:09:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 13:09:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 13:09:50 | 000,000,000 | ---D | M]

[2010/01/02 14:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions
[2010/01/02 14:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/04 08:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions
[2012/03/24 12:15:12 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/15 11:29:37 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]
[2012/03/07 16:12:50 | 000,017,623 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]
[2013/03/04 08:29:55 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/14 21:58:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/11 23:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\fi09fkm6.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/03/08 13:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 13:09:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/18 09:49:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 15:05:48 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/06/03 22:02:50 | 000,403,756 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13963 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73DB02C8-E4B3-4796-904E-E7B444AA2B4C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/08 22:37:57 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tricia\Desktop\tdsskiller.exe
[2013/03/08 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 12:49:10 | 000,000,000 | ---D | C] -- C:\TIMGREEN_EXTRAS
[2013/03/08 12:37:26 | 000,000,000 | ---D | C] -- C:\TIMGREEN
[2013/03/08 12:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/08 12:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/03/08 12:33:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/06 22:08:48 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\RK_Quarantine
[2013/03/06 21:26:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/06 21:20:05 | 000,000,000 | ---D | C] -- C:\NOIMPACT2
[2013/03/06 21:11:59 | 000,000,000 | ---D | C] -- C:\NOIMPACT1
[2013/03/06 17:43:56 | 000,000,000 | ---D | C] -- C:\VEGUCATED
[2013/03/06 17:35:13 | 000,000,000 | ---D | C] -- C:\CHOWDOWN
[2013/03/06 17:18:19 | 000,000,000 | ---D | C] -- C:\FOODMATTERS
[2013/03/04 16:22:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
[2013/03/04 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/04 09:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/04 09:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/04 09:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/04 09:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/03 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Documents\Calibre Library
[2013/03/03 23:31:58 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\calibre
[2013/03/03 23:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/03/03 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/02/28 22:42:17 | 000,000,000 | ---D | C] -- C:\HUNGERGAMES
[2013/02/27 11:43:11 | 000,000,000 | ---D | C] -- C:\MRPOPPERS
[2013/02/27 11:20:21 | 000,000,000 | ---D | C] -- C:\HOTELTRANS
[2013/02/26 10:04:10 | 000,000,000 | ---D | C] -- C:\PARANORMAN
[2013/02/26 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/26 09:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/26 09:10:29 | 000,000,000 | ---D | C] -- C:\LOOPER
[2013/02/24 11:59:49 | 000,000,000 | ---D | C] -- C:\ICEAGE_DRIFT
[2013/02/20 18:45:32 | 000,000,000 | ---D | C] -- C:\LORAX
[2013/02/20 18:34:50 | 000,000,000 | ---D | C] -- C:\MADAGASCAR3
[2013/02/20 14:31:47 | 000,000,000 | ---D | C] -- C:\_HANDBRAKE
[2013/02/20 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\HandBrake
[2013/02/20 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/02/20 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/02/20 14:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/02/12 09:55:37 | 000,000,000 | ---D | C] -- C:\YOGAWORKS_BEG
[2013/02/12 09:12:12 | 000,000,000 | ---D | C] -- C:\FRANKENWEENIE2
[2010/06/22 11:57:36 | 002,869,784 | ---- | C] (Intel Corporation) -- C:\Users\Tricia\INF_allOS_9.1.2.1007_PV.exe

========== Files - Modified Within 30 Days ==========

[2013/03/08 22:38:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tricia\Desktop\tdsskiller.exe
[2013/03/08 22:21:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/08 22:07:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 22:07:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 21:57:35 | 000,001,718 | ---- | M] () -- C:\Users\Tricia\Desktop\Safe Run for Websites.lnk
[2013/03/08 21:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/08 21:56:55 | 2139,869,183 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/08 21:20:51 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/03/08 20:24:25 | 000,881,950 | ---- | M] () -- C:\Users\Tricia\Desktop\SecurityCheck.exe
[2013/03/08 20:14:38 | 000,002,044 | ---- | M] () -- C:\Users\Tricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/06 21:44:17 | 000,597,667 | ---- | M] () -- C:\Users\Tricia\Desktop\adwcleaner.exe
[2013/03/06 21:43:25 | 000,816,640 | ---- | M] () -- C:\Users\Tricia\Desktop\RogueKiller.exe
[2013/03/04 16:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
[2013/03/04 09:00:31 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/04 00:06:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/03 23:31:50 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/02/26 09:53:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/22 08:56:11 | 000,804,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/22 08:56:11 | 000,677,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/22 08:56:11 | 000,129,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/20 14:28:27 | 000,000,824 | ---- | M] () -- C:\Users\Tricia\Desktop\Handbrake.lnk
[2013/02/14 13:48:25 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/02/14 13:47:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/02/14 13:42:57 | 000,453,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/03/08 20:23:01 | 000,881,950 | ---- | C] () -- C:\Users\Tricia\Desktop\SecurityCheck.exe
[2013/03/08 12:34:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/06 21:44:12 | 000,597,667 | ---- | C] () -- C:\Users\Tricia\Desktop\adwcleaner.exe
[2013/03/06 21:43:17 | 000,816,640 | ---- | C] () -- C:\Users\Tricia\Desktop\RogueKiller.exe
[2013/03/04 09:00:31 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/04 08:19:38 | 000,001,718 | ---- | C] () -- C:\Users\Tricia\Desktop\Safe Run for Websites.lnk
[2013/03/03 23:31:50 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/02/20 14:28:27 | 000,000,824 | ---- | C] () -- C:\Users\Tricia\Desktop\Handbrake.lnk
[2013/01/07 21:24:07 | 000,003,584 | ---- | C] () -- C:\Users\Tricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/17 17:23:23 | 000,017,408 | ---- | C] () -- C:\Users\Tricia\AppData\Local\WebpageIcons.db
[2012/05/04 19:07:30 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cm.ini
[2012/02/29 15:09:59 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/19 18:43:14 | 000,000,028 | ---- | C] () -- C:\Windows\Disney.ini
[2011/10/10 08:57:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Themes
[2011/10/10 08:57:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Track Settings
[2011/10/10 08:57:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Textures
[2011/10/10 08:56:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\SystemConfiguration
[2011/10/10 08:56:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\StatusSheet
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/10 10:39:11 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\Techno Kit
[2011/07/10 10:39:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/07/10 10:39:10 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\Tables
[2011/07/10 10:39:10 | 000,000,268 | RH-- | C] () -- C:\Users\Tricia\AppData\Roaming\SystemConfiguration
[2011/07/10 10:39:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/07/10 10:39:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/01/14 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Amazon
[2009/12/04 23:54:56 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\BitDefender
[2012/07/27 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Boomzap
[2012/01/20 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Brawsome
[2013/03/04 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\calibre
[2011/12/11 17:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Canon
[2011/10/19 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Faerie Solitaire
[2011/12/31 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\funkitron
[2013/02/28 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\HandBrake
[2011/12/29 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\LucasArts
[2011/07/10 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Nikon
[2009/12/10 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Razer
[2011/06/27 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SaveThePuppy
[2012/01/16 10:05:17 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Skip-Bo
[2013/02/02 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SpinTop Games
[2010/01/02 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Thunderbird
[2012/01/18 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Total Eclipse
[2012/01/16 09:41:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\UNOUndercover
[2012/11/07 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Warner Bros. Interactive Entertainment
[2012/08/07 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\WB Games

========== Purity Check ==========

< End of report >

I saw I only got it down to 6.75% so I'll work on more of that.

#9
Crowbar

Posted 09 March 2013 - 08:30 AM

Teacher

GeekU Moderator
4,798 posts

I saw I only got it down to 6.75% so I'll work on more of that.

Yes, I see that too. I'm no math geek, but my calculator says you need to get to about 140 gb free to get to %15 free. See if you can get close to that, we cleaned up your temp files and folders, so you are going to have to remove some files, or programs to hit that mark. You seem to have a lot of games, are there any that you don't really use any more? I'm a digital hoarder myself, and also struggle to keep enough free space on my laptop, so I can sympathize :lol:

I will leave you to that task and I will be back later today to look at your OTL log, I have some snow removal to keep me busy for a while :upset:

#10
Crowbar

Posted 10 March 2013 - 06:52 AM

Teacher

GeekU Moderator
4,798 posts

Hi again,
I don't see anything that concerns me in your OTL log and nothing lurking in the TDSSKiller log, so I would like to keep moving forward, and sweep for any remnants -
How are you doing with reclaiming your free space?

Step 1
Posted Image

Please run Malwarebytes' Anti-Malware

Go to the Update tab and check for updates, please install any updates found.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on:
When prompted allow Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:

MalwareBytes log file
ESET scan log (careful, this one is easy to miss)
How much free space do you have now?

#11
Crowbar

Posted 14 March 2013 - 07:13 AM

Teacher

GeekU Moderator
4,798 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.