Jump to content

Removing Play Sushi Help


Recommended Posts

Please speak to me in mild terms I'm pretty savy with stuff like this but might not know all techy words.......... I've used add/remove hardware and tried a few other things but when I try using google or searching in the address bar play sushi always runs my search and I can't get it gone!

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:20:16 AM, on 2/1/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 8300 Series\lxcjmon.exe

C:\Program Files\Lexmark 8300 Series\ezprint.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\John Dean\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\John Dean\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\Users\John Dean\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\rundll32.exe

C:\Users\John Dean\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\John Dean\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcj_device - - C:\Windows\system32\lxcjcoms.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

Link to comment
Share on other sites

OLT.exe-----

 

 

OTL logfile created on: 2/8/2012 9:00:29 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJohn DeanDownloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.75 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 67.52% Memory free

5.49 Gb Paging File | 4.60 Gb Available in Paging File | 83.79% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files

Drive C: | 288.71 Gb Total Space | 254.44 Gb Free Space | 88.13% Space Free | Partition Type: NTFS

 

Computer Name: JOHNDEAN-PC | User Name: John Dean | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/02/08 08:40:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersJohn DeanDownloadsOTL.exe

PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:Program FilesAsk.comUpdaterUpdater.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe

PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32taskhost.exe

PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:Windowsexplorer.exe

PRC - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe

PRC - [2010/08/05 07:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:Program FilesCommon FilesPC ToolssMonitorSSDMonitor.exe

PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:WindowsSystem32atieclxx.exe

PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:WindowsSystem32atiesrxx.exe

PRC - [2007/05/08 15:13:08 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:Program FilesLexmark 8300 Seriesezprint.exe

PRC - [2007/05/08 15:09:00 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:Program FilesLexmark 8300 Serieslxcjmon.exe

PRC - [2007/02/08 04:52:50 | 000,537,520 | ---- | M] ( ) -- C:WindowsSystem32lxcjcoms.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportlibxml2.dll

MOD - [2005/12/20 13:25:56 | 000,118,784 | ---- | M] () -- C:Program FilesLexmark 8300 Serieslxcjdrec.dll

MOD - [2005/06/14 16:08:28 | 000,196,608 | ---- | M] () -- C:Program FilesLexmark 8300 Seriesiptk.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2010/04/18 16:23:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:WindowsSystem32atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

SRV - [2007/02/08 04:52:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:WindowsSystem32lxcjcoms.exe -- (lxcj_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

DRV - [2011/01/06 19:37:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversdc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driverswinusb.sys -- (WinUsb)

DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversatikmdag.sys -- (atikmdag)

DRV - [2008/08/22 09:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversRTL8187Se.sys -- (RTL8187Se)

DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERSTVALZ_O.SYS -- (TVALZ)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = F4 63 0C 29 0F E1 CC 01 [binary data]

IE - HKCU..URLSearchHook: - No CLSID value found

IE - HKCU..URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll ()

FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()

FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersJohn DeanAppDataLocalGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersJohn DeanAppDataLocalGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)

 

 

[2011/09/06 10:23:14 | 000,000,000 | ---D | M] (No name found) -- C:UsersJohn DeanAppDataRoamingMozillaExtensions

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:Windowssystem32MacromedFlashNPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:Windowssystem32AdobeDirectornp32dsw.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77pdf.dll

CHR - plugin: Play Pickle Textlinks Plugin (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionsbllefkbpbefdodiiefpkcnigpicmhohenpptl.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.3_0

CHR - Extension: Google Search = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.16_0

CHR - Extension: Gmail = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2011/12/23 17:40:43 | 000,000,698 | ---- | M]) - C:WindowsSystem32driversetcHOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)

O3 - HKLM..Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)

O3 - HKCU..ToolbarWebBrowser: (no name) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [ApnUpdater] C:Program FilesAsk.comUpdaterUpdater.exe (Ask)

O4 - HKLM..Run: [APSDaemon] C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [EzPrint] C:Program FilesLexmark 8300 Seriesezprint.exe (Lexmark International Inc.)

O4 - HKLM..Run: [LXCJCATS] C:WindowsSystem32spoolDRIVERSW32X863LXCJtime.DLL (Lexmark International Inc.)

O4 - HKLM..Run: [lxcjmon.exe] C:Program FilesLexmark 8300 Serieslxcjmon.exe (Lexmark International, Inc.)

O4 - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4 - HKLM..Run: [sSDMonitor] C:Program FilesCommon FilesPC ToolssMonitorSSDMonitor.exe (PC Tools)

O4 - HKCU..Run: [KcastWin7] File not found

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1

O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{02779B41-D29C-403E-B494-9437DD805D38}: DhcpNameServer = 68.87.64.150 68.87.75.198

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{366FC7DF-29D5-4A59-A752-BA6DD94C89A5}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18 - ProtocolFilterapplication/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - ProtocolFilterapplication/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - ProtocolFilterapplication/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:Windowsexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSystem32userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:autoexec.bat -- [ NTFS ]

O33 - MountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7}Shell - "" = AutoRun

O33 - MountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7}ShellAutoRuncommand - "" = E:LaunchU3.exe -a

O33 - MountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963}Shell - "" = AutoRun

O33 - MountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963}ShellAutoRuncommand - "" = D:Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:WindowsSystem32ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 90 Days ==========

 

[2012/02/01 10:10:04 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/02/01 10:09:16 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/02/01 10:09:15 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/02/01 10:05:34 | 000,000,000 | ---D | C] -- C:UsersJohn DeanAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/02/01 10:05:31 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2012/02/01 10:04:42 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime

[2012/02/01 10:04:22 | 000,000,000 | ---D | C] -- C:Program FilesQuickTime

[2012/02/01 09:56:06 | 000,000,000 | ---D | C] -- C:Program FilesAdobe

[2012/02/01 09:55:35 | 000,000,000 | -HSD | C] -- C:Config.Msi

[2012/02/01 08:37:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32packager.dll

[2012/02/01 08:37:13 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32quartz.dll

[2012/02/01 08:37:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32qdvd.dll

[2012/02/01 08:37:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32webio.dll

[2012/02/01 08:37:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32sspisrv.dll

[2011/12/23 17:51:41 | 000,000,000 | ---D | C] -- C:Program FilesBonjour

[2011/12/23 17:28:16 | 000,000,000 | ---D | C] -- C:_OTM

[2011/12/23 17:11:12 | 000,000,000 | ---D | C] -- C:Program FilesApple Software Update

[2011/12/21 10:03:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32mshtml.tlb

[2011/12/21 10:03:38 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jscript9.dll

[2011/12/21 10:03:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32url.dll

[2011/12/21 10:03:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieui.dll

[2011/12/21 10:03:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jsproxy.dll

[2011/12/21 10:03:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32inetcpl.cpl

[2011/12/19 16:03:43 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32win32k.sys

[2011/12/19 16:03:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32tzres.dll

[2011/12/19 16:03:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32EncDec.dll

[2011/12/19 16:03:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32csrsrv.dll

[2011/12/19 16:03:29 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ntoskrnl.exe

[2011/12/19 16:03:28 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ntkrnlpa.exe

[2011/12/02 23:13:26 | 000,000,000 | ---D | C] -- C:UsersJohn Dean.android

[2011/12/02 23:12:01 | 000,000,000 | ---D | C] -- C:ntroot

[2011/11/19 08:04:59 | 000,000,000 | R--D | C] -- C:UsersJohn DeanSaved Games

[2011/11/17 18:15:25 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msrating.dll

[2011/11/17 18:15:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msls31.dll

[2011/11/17 18:15:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieakeng.dll

[2011/11/17 18:15:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32IEAdvpack.dll

[2011/11/17 18:15:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32RegisterIEPKEYs.exe

[2011/11/17 18:15:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeedsbs.dll

[2011/11/17 18:15:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeedssync.exe

[2011/11/17 18:15:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieapfltr.dat

[2011/11/17 18:15:24 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeeds.dll

[2011/11/17 18:15:24 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieapfltr.dll

[2011/11/17 18:15:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32html.iec

[2011/11/17 18:15:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32dxtmsft.dll

[2011/11/17 18:15:24 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iedkcs32.dll

[2011/11/17 18:15:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32dxtrans.dll

[2011/11/17 18:15:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32wextract.exe

[2011/11/17 18:15:24 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iexpress.exe

[2011/11/17 18:15:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iesysprep.dll

[2011/11/17 18:15:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32inseng.dll

[2011/11/17 18:15:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32SetIEInstalledDate.exe

[2011/11/17 18:15:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iesetup.dll

[2011/11/17 18:15:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ie4uinit.exe

[2011/11/17 18:15:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32mshtmler.dll

[2011/11/17 18:15:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iernonce.dll

[2011/11/17 18:15:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32licmgr10.dll

[2011/11/17 18:15:23 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieaksie.dll

[2011/11/17 18:15:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieakui.dll

[2011/11/17 18:15:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieUnatt.exe

[2011/11/17 18:15:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iepeers.dll

[2011/11/17 18:15:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32admparse.dll

[2011/11/17 18:15:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32pngfilt.dll

[2011/11/17 18:15:23 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32imgutil.dll

[2011/11/17 15:50:00 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Earth

[2011/11/17 11:18:38 | 000,000,000 | ---D | C] -- C:WindowsSystem32SPReview

[2011/11/17 11:00:00 | 000,000,000 | ---D | C] -- C:WindowsSystem32EventProviders

[2011/11/12 16:02:25 | 000,000,000 | ---D | C] -- C:WindowsTempD212A8AD-8BBD-B003-D4F6-7D43E7707340-Signatures

[2011/11/12 16:02:14 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Security Client

[2011/11/12 11:37:41 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSystem32FlashPlayerCPLApp.cpl

[2011/11/12 11:17:48 | 000,000,000 | ---D | C] -- C:Program FilesCisco Systems

[2010/05/16 18:58:15 | 000,413,696 | ---- | C] ( ) -- C:WindowsSystem32lxcjinpa.dll

[2010/05/16 18:58:15 | 000,397,312 | ---- | C] ( ) -- C:WindowsSystem32lxcjiesc.dll

[2010/05/16 18:58:15 | 000,323,584 | ---- | C] ( ) -- C:WindowsSystem32lxcjhcp.dll

[2010/05/16 18:58:14 | 001,224,704 | ---- | C] ( ) -- C:WindowsSystem32lxcjserv.dll

[2010/05/16 18:58:14 | 000,991,232 | ---- | C] ( ) -- C:WindowsSystem32lxcjusb1.dll

[2010/05/16 18:58:14 | 000,696,320 | ---- | C] ( ) -- C:WindowsSystem32lxcjhbn3.dll

[2010/05/16 18:58:14 | 000,643,072 | ---- | C] ( ) -- C:WindowsSystem32lxcjpmui.dll

[2010/05/16 18:58:14 | 000,585,728 | ---- | C] ( ) -- C:WindowsSystem32lxcjlmpm.dll

[2010/05/16 18:58:14 | 000,385,968 | ---- | C] ( ) -- C:WindowsSystem32lxcjih.exe

[2010/05/16 18:58:14 | 000,163,840 | ---- | C] ( ) -- C:WindowsSystem32lxcjprox.dll

[2010/05/16 18:58:14 | 000,094,208 | ---- | C] ( ) -- C:WindowsSystem32lxcjpplc.dll

[2010/05/16 18:58:13 | 000,684,032 | ---- | C] ( ) -- C:WindowsSystem32lxcjcomc.dll

[2010/05/16 18:58:13 | 000,537,520 | ---- | C] ( ) -- C:WindowsSystem32lxcjcoms.exe

[2010/05/16 18:58:13 | 000,421,888 | ---- | C] ( ) -- C:WindowsSystem32lxcjcomm.dll

[2010/05/16 18:58:13 | 000,381,872 | ---- | C] ( ) -- C:WindowsSystem32lxcjcfg.exe

 

========== Files - Modified Within 90 Days ==========

 

[2012/02/08 09:01:14 | 000,015,648 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/08 09:01:14 | 000,015,648 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/08 08:58:12 | 000,626,278 | ---- | M] () -- C:WindowsSystem32perfh009.dat

[2012/02/08 08:58:12 | 000,107,522 | ---- | M] () -- C:WindowsSystem32perfc009.dat

[2012/02/08 08:55:37 | 000,000,888 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/02/08 08:54:04 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/02/08 08:53:42 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/02/08 08:53:39 | 2211,577,856 | -HS- | M] () -- C:hiberfil.sys

[2012/02/08 08:50:02 | 000,000,924 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3989152332-3621508421-2473899562-1000UA.job

[2012/02/08 08:50:01 | 000,000,872 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3989152332-3621508421-2473899562-1000Core.job

[2012/02/08 08:36:34 | 000,000,262 | ---- | M] () -- C:WindowstasksRMSchedule.job

[2012/02/01 10:10:04 | 000,001,713 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/02/01 10:05:34 | 000,002,983 | ---- | M] () -- C:UsersJohn DeanDesktopHiJackThis.lnk

[2012/02/01 10:04:42 | 000,001,775 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2012/02/01 09:56:17 | 000,001,944 | ---- | M] () -- C:UsersPublicDesktopAdobe Reader 9.lnk

[2012/02/01 08:46:47 | 000,001,797 | ---- | M] () -- C:UsersPublicDesktopKcast for Windows.lnk

[2012/02/01 08:40:44 | 000,002,424 | ---- | M] () -- C:UsersJohn DeanDesktopGoogle Chrome.lnk

[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32MpSigStub.exe

[2011/12/23 17:40:43 | 000,000,698 | ---- | M] () -- C:WindowsSystem32driversetcHOSTS

[2011/12/23 17:02:00 | 000,409,808 | ---- | M] () -- C:WindowsSystem32FNTCACHE.DAT

[2011/12/08 00:09:52 | 000,000,418 | -H-- | M] () -- C:WindowstasksNorton Security Scan for John Dean.job

[2011/12/04 20:02:43 | 000,035,075 | ---- | M] () -- C:UsersJohn DeanDocumentsashley.knuth.sample-agreementtopurchaserealestate.pdf

[2011/12/04 19:54:22 | 000,000,894 | ---- | M] () -- C:UsersJohn DeanDocumentsashley.knuth.october.statement.asp

[2011/12/04 19:53:39 | 000,000,894 | ---- | M] () -- C:UsersJohn DeanDocumentsashley.knuth.november.statement.asp

[2011/12/02 23:25:00 | 000,000,000 | -H-- | M] () -- C:WindowsSystem32driversMsft_Kernel_WinUsb_01007.Wdf

[2011/12/02 23:09:46 | 000,581,192 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32WinUSBCoInstaller.dll

[2011/11/23 23:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32win32k.sys

[2011/11/19 09:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32packager.dll

[2011/11/19 08:05:00 | 000,001,371 | ---- | M] () -- C:UsersJohn DeanApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2011/11/17 18:15:25 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msrating.dll

[2011/11/17 18:15:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msls31.dll

[2011/11/17 18:15:25 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ieakeng.dll

[2011/11/17 18:15:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32IEAdvpack.dll

[2011/11/17 18:15:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32SetIEInstalledDate.exe

[2011/11/17 18:15:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32RegisterIEPKEYs.exe

[2011/11/17 18:15:25 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msfeedsbs.dll

[2011/11/17 18:15:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msfeedssync.exe

[2011/11/17 18:15:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ieapfltr.dat

[2011/11/17 18:15:24 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msfeeds.dll

[2011/11/17 18:15:24 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ieapfltr.dll

[2011/11/17 18:15:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32html.iec

[2011/11/17 18:15:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32dxtmsft.dll

[2011/11/17 18:15:24 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iedkcs32.dll

[2011/11/17 18:15:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32dxtrans.dll

[2011/11/17 18:15:24 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32wextract.exe

[2011/11/17 18:15:24 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iexpress.exe

[2011/11/17 18:15:24 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ieUnatt.exe

[2011/11/17 18:15:24 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iesysprep.dll

[2011/11/17 18:15:24 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32inseng.dll

[2011/11/17 18:15:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iesetup.dll

[2011/11/17 18:15:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ie4uinit.exe

[2011/11/17 18:15:24 | 000,072,822 | ---- | M] () -- C:WindowsSystem32ieuinit.inf

[2011/11/17 18:15:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32mshtmler.dll

[2011/11/17 18:15:24 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iernonce.dll

[2011/11/17 18:15:24 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32licmgr10.dll

[2011/11/17 18:15:23 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ieaksie.dll

[2011/11/17 18:15:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32ieakui.dll

[2011/11/17 18:15:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iepeers.dll

[2011/11/17 18:15:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32admparse.dll

[2011/11/17 18:15:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32pngfilt.dll

[2011/11/17 18:15:23 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32imgutil.dll

[2011/11/17 11:25:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msclmd.dll

[2011/11/17 11:01:02 | 000,000,134 | ---- | M] () -- C:UsersJohn DeanDesktopInternet Explorer Troubleshooting.url

[2011/11/17 10:59:49 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif

[2011/11/17 00:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32webio.dll

[2011/11/17 00:34:55 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32sspisrv.dll

[2011/11/12 11:37:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSystem32FlashPlayerCPLApp.cpl

 

========== Files Created - No Company Name ==========

 

[2012/02/01 10:10:04 | 000,001,713 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/02/01 10:05:34 | 000,002,983 | ---- | C] () -- C:UsersJohn DeanDesktopHiJackThis.lnk

[2012/02/01 10:04:42 | 000,001,775 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2012/02/01 09:56:17 | 000,002,441 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader 9.lnk

[2012/02/01 09:56:17 | 000,001,944 | ---- | C] () -- C:UsersPublicDesktopAdobe Reader 9.lnk

[2011/12/04 20:02:57 | 000,035,075 | ---- | C] () -- C:UsersJohn DeanDocumentsashley.knuth.sample-agreementtopurchaserealestate.pdf

[2011/12/04 19:54:32 | 000,000,894 | ---- | C] () -- C:UsersJohn DeanDocumentsashley.knuth.october.statement.asp

[2011/12/04 19:54:04 | 000,000,894 | ---- | C] () -- C:UsersJohn DeanDocumentsashley.knuth.november.statement.asp

[2011/12/02 23:25:00 | 000,000,000 | -H-- | C] () -- C:WindowsSystem32driversMsft_Kernel_WinUsb_01007.Wdf

[2011/11/17 18:15:24 | 000,072,822 | ---- | C] () -- C:WindowsSystem32ieuinit.inf

[2011/11/17 11:01:02 | 000,000,134 | ---- | C] () -- C:UsersJohn DeanDesktopInternet Explorer Troubleshooting.url

[2011/11/12 16:03:26 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif

[2011/11/12 11:18:14 | 000,002,125 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCisco Connect.lnk

[2011/03/15 14:24:42 | 000,037,336 | ---- | C] () -- C:WindowsSystem32CleanMFT32.exe

[2010/05/16 18:58:15 | 000,274,432 | ---- | C] () -- C:WindowsSystem32lxcjinst.dll

[2010/04/18 16:36:25 | 000,000,000 | ---- | C] () -- C:Windowsativpsrm.bin

[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:WindowsSystem32RtNicProp32.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WindowsSystem32OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WindowsSystem32OGAEXEC.exe

[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2009/07/13 23:33:53 | 000,409,808 | ---- | C] () -- C:WindowsSystem32FNTCACHE.DAT

[2009/07/13 21:05:48 | 000,626,278 | ---- | C] () -- C:WindowsSystem32perfh009.dat

[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:WindowsSystem32perfi009.dat

[2009/07/13 21:05:48 | 000,107,522 | ---- | C] () -- C:WindowsSystem32perfc009.dat

[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:WindowsSystem32perfd009.dat

[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:WindowsSystem32NOISE.DAT

[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:WindowsSystem32dssec.dat

[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:WindowsSystem32BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSystem32BWContextHandler.dll

[2009/06/18 18:29:04 | 000,197,654 | ---- | C] () -- C:WindowsSystem32atiicdxx.dat

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSystem32mlang.dat

[2007/01/22 08:49:34 | 000,344,064 | ---- | C] () -- C:WindowsSystem32lxcjcoin.dll

[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:WindowsSystem32lxcjvs.dll

[2005/08/08 09:01:04 | 000,061,440 | ---- | C] () -- C:WindowsSystem32lxcjcnv4.dll

 

========== LOP Check ==========

 

[2011/05/04 09:29:28 | 000,000,000 | ---D | M] -- C:UsersJohn DeanAppDataRoamingRegistry Mechanic

[2012/02/08 08:36:34 | 000,000,262 | ---- | M] () -- C:WindowsTasksRMSchedule.job

[2011/07/08 08:52:31 | 000,032,582 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.exe >

 

 

< MD5 for: AGP440.SYS >

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:WindowsSystem32driversAGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:WindowsSystem32DriverStoreFileRepositorymachine.inf_x86_neutral_a97a2a0d0fbc6696AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eebAGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:WindowsSystem32driversatapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_x86_neutral_fab873f3e8a3315catapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640datapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:WindowsSystem32cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132bcngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:WindowsSystem32driversiaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_x86_neutral_668286aa35d55928iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139aiaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:WindowsSystem32netlogon.dll

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:WindowsSystem32driversnvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_x86_neutral_dd659ed032d28a14nvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:WindowsSystem32scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881dscecli.dll

 

< %systemroot%*. /mp /s >

 

< %systemroot%system32*.dll /lockedfiles >

 

< %systemroot%Tasks*.job /lockedfiles >

 

< %systemroot%system32drivers*.sys /lockedfiles >

 

< %systemroot%System32config*.sav >

 

< %systemroot%system32drivers*.sys /90 >

[2011/11/17 00:39:24 | 000,369,352 | ---- | M] (Microsoft Corporation) -- C:Windowssystem32driverscng.sys

[2011/11/17 00:41:52 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:Windowssystem32driversksecdd.sys

[2011/11/17 00:41:51 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:Windowssystem32driversksecpkg.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:ProgramDataTEMP:D1B5B4F1

 

< End of report >

Link to comment
Share on other sites

EXTRAS.exe-----

 

 

OTL Extras logfile created on: 2/8/2012 9:00:29 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJohn DeanDownloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.75 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 67.52% Memory free

5.49 Gb Paging File | 4.60 Gb Available in Paging File | 83.79% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files

Drive C: | 288.71 Gb Total Space | 254.44 Gb Free Space | 88.13% Space Free | Partition Type: NTFS

 

Computer Name: JOHNDEAN-PC | User Name: John Dean | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSystem32control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:Windowswinhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{FC00D5C6-356F-47B8-B0B7-19ABC493440E}" = Kcast for Windows

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Cisco Connect" = Cisco Connect

"ENTERPRISE" = Microsoft Office Enterprise 2007

"GS_screensaver" = GS_screensaver

"Lexmark 8300 Series" = Lexmark 8300 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"NSS" = Norton Security Scan

"Registry Mechanic_is1" = Registry Mechanic 10.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 1.1.6

"YTdetect" = Yahoo! Detect

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2/1/2012 4:36:24 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 2/1/2012 4:36:24 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8331

 

Error - 2/1/2012 4:36:24 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8331

 

Error - 2/1/2012 4:36:25 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 2/1/2012 4:36:25 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9454

 

Error - 2/1/2012 4:36:25 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9454

 

Error - 2/1/2012 4:36:26 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 2/1/2012 4:36:26 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10452

 

Error - 2/1/2012 4:36:26 PM | Computer Name = JOHNDEAN-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10452

 

Error - 2/8/2012 9:41:57 AM | Computer Name = JohnDean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

[ System Events ]

Error - 6/21/2011 10:39:51 AM | Computer Name = JohnDean-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 6:03:13 PM on ?6/?17/?2011 was unexpected.

 

Error - 6/21/2011 10:39:49 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 6/21/2011 10:39:49 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 6/22/2011 9:37:19 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 6/23/2011 10:18:09 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 6/24/2011 11:15:52 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 6/25/2011 10:23:01 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 6/28/2011 10:04:32 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 6/28/2011 10:04:32 AM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 6/28/2011 5:25:12 PM | Computer Name = JohnDean-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

 

< End of report >

Link to comment
Share on other sites

aswMBR.txt------

 

 

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software

Run date: 2012-02-08 09:13:32

-----------------------------

09:13:32.846 OS Version: Windows 6.1.7601 Service Pack 1

09:13:32.846 Number of processors: 2 586 0x602

09:13:32.846 ComputerName: JOHNDEAN-PC UserName: John Dean

09:13:34.297 Initialize success

09:14:49.466 AVAST engine defs: 12020800

09:15:20.713 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP1T0L0-1

09:15:20.713 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC64G Size: 305245MB BusType: 11

09:15:20.713 Disk 0 MBR read successfully

09:15:20.729 Disk 0 MBR scan

09:15:20.760 Disk 0 Windows 7 default MBR code

09:15:20.775 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

09:15:20.822 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295636 MB offset 3074048

09:15:20.885 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8108 MB offset 608536576

09:15:20.931 Disk 0 scanning sectors +625141760

09:15:21.041 Disk 0 scanning C:Windowssystem32drivers

09:15:39.637 Service scanning

09:15:40.495 Service MpKsl02e2798c c:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{FD6A5709-0138-4E7C-BA57-BD2A46C5FCA5}MpKsl02e2798c.sys **LOCKED** 32

09:15:40.495 Service MpNWMon C:Windowssystem32DRIVERSMpNWMon.sys **LOCKED** 32

09:15:41.649 Modules scanning

09:15:49.028 Disk 0 trace - called modules:

09:15:49.044 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys

09:15:49.059 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x85c15a38]

09:15:49.059 3 CLASSPNP.SYS[8a97d59e] -> nt!IofCallDriver -> [0x85b4b918]

09:15:49.075 5 ACPI.sys[8a3b13d4] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP1T0L0-1[0x85adc338]

09:15:50.650 AVAST engine scan C:Windows

09:15:53.443 AVAST engine scan C:Windowssystem32

09:19:45.125 AVAST engine scan C:Windowssystem32drivers

09:20:03.938 AVAST engine scan C:UsersJohn Dean

09:22:08.319 Disk 0 MBR has been saved successfully to "C:UsersJohn DeanDocumentsMBR.dat"

09:22:08.335 The log file has been saved successfully to "C:UsersJohn DeanDocumentsaswMBR.txt"

Link to comment
Share on other sites

Hello Ashley

 

Thank you for the logs.

 

There are a number of things that stand out in your aswMBR log.

 

Before we begin:

 

Do you recall if you allowed Microsoft Security Essentials to clean a detected infection a short while ago by any chance? (it may have been called "alureon").

 

Is the machine booting normally?

Link to comment
Share on other sites

Hello Ashley

 

Lets begin with the following:

  • Please open OTL

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL

    PRC - C:WINDOWSexplorer.exe (Microsoft Corporation)

    O3 - HKCU..ToolbarWebBrowser: (no name) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No CLSID value found.

    O4 - HKLM..Run: [] File not found

    O4 - HKCU..Run: [KcastWin7] File not found

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O33 - MountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7}Shell - "" = AutoRun

    O33 - MountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7}ShellAutoRuncommand - "" = E:LaunchU3.exe -a

    O33 - MountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963}Shell - "" = AutoRun

    O33 - MountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963}ShellAutoRuncommand - "" = D:Setup.exe

    @Alternate Data Stream - 129 bytes -> C:ProgramDataTEMP:D1B5B4F1

     

    :Commands

    [resethosts]

    [purity]

    [emptytemp]

    [emptyflash]

    [start explorer]

    [Reboot]

     

     

  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Please scan your machine with the following tool, but do not allow it to remove anything at the moment. If anything malicious is detected please select skip for the time being. We only need to review the log for now.

  • TDSS Killer

  • Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
  • Click on Start Scan.
  • If an infected file is detected, the default action will be Cure. Do not click on cure at this time but select skip instead.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C: folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Please post the OTL log and the TDSSKiller log in your next reply.

 

Link to comment
Share on other sites

OTL.exe Run Fix Log-----

 

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun deleted successfully.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunKcastWin7 deleted successfully.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadWebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2cb6f665-de58-11df-b719-001e33fc19a7} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2cb6f665-de58-11df-b719-001e33fc19a7} not found.

File E:LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{e0551878-4b45-11df-8ddd-806e6f6e6963} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{e0551878-4b45-11df-8ddd-806e6f6e6963} not found.

File D:Setup.exe not found.

ADS C:ProgramDataTEMP:D1B5B4F1 deleted successfully.

========== COMMANDS ==========

C:WindowsSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: John Dean

->Temp folder emptied: 57312858 bytes

->Temporary Internet Files folder emptied: 77680095 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 203982602 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 470 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6465571 bytes

RecycleBin emptied: 698699324 bytes

 

Total Files Cleaned = 996.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Guest

 

User: John Dean

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 02082012_155444

 

FilesFolders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

TDSS Killer Report ------

 

 

16:04:12.0664 4044 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

16:04:12.0945 4044 ============================================================

16:04:12.0945 4044 Current date / time: 2012/02/08 16:04:12.0945

16:04:12.0945 4044 SystemInfo:

16:04:12.0945 4044

16:04:12.0960 4044 OS Version: 6.1.7601 ServicePack: 1.0

16:04:12.0960 4044 Product type: Workstation

16:04:12.0960 4044 ComputerName: JOHNDEAN-PC

16:04:12.0960 4044 UserName: John Dean

16:04:12.0960 4044 Windows directory: C:Windows

16:04:12.0960 4044 System windows directory: C:Windows

16:04:12.0960 4044 Processor architecture: Intel x86

16:04:12.0960 4044 Number of processors: 2

16:04:12.0960 4044 Page size: 0x1000

16:04:12.0960 4044 Boot type: Normal boot

16:04:12.0960 4044 ============================================================

16:04:15.0347 4044 Drive DeviceHarddisk0DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:04:15.0347 4044 DeviceHarddisk0DR0:

16:04:15.0347 4044 MBR used

16:04:15.0347 4044 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2416A000

16:04:15.0378 4044 Initialize success

16:04:15.0378 4044 ============================================================

16:04:51.0055 3300 ============================================================

16:04:51.0055 3300 Scan started

16:04:51.0055 3300 Mode: Manual;

16:04:51.0055 3300 ============================================================

16:04:52.0038 3300 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:Windowssystem32drivers1394ohci.sys

16:04:52.0038 3300 1394ohci - ok

16:04:52.0069 3300 ACPI (cea80c80bed809aa0da6febc04733349) C:Windowssystem32driversACPI.sys

16:04:52.0069 3300 ACPI - ok

16:04:52.0101 3300 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:Windowssystem32driversacpipmi.sys

16:04:52.0101 3300 AcpiPmi - ok

16:04:52.0225 3300 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:Windowssystem32DRIVERSadp94xx.sys

16:04:52.0225 3300 adp94xx - ok

16:04:52.0350 3300 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:Windowssystem32DRIVERSadpahci.sys

16:04:52.0350 3300 adpahci - ok

16:04:52.0366 3300 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:Windowssystem32DRIVERSadpu320.sys

16:04:52.0366 3300 adpu320 - ok

16:04:52.0428 3300 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:Windowssystem32driversafd.sys

16:04:52.0444 3300 AFD - ok

16:04:52.0522 3300 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:Windowssystem32driversagp440.sys

16:04:52.0522 3300 agp440 - ok

16:04:52.0584 3300 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:Windowssystem32DRIVERSdjsvs.sys

16:04:52.0584 3300 aic78xx - ok

16:04:52.0693 3300 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:Windowssystem32driversaliide.sys

16:04:52.0693 3300 aliide - ok

16:04:52.0740 3300 amdagp (3c6600a0696e90a463771c7422e23ab5) C:Windowssystem32driversamdagp.sys

16:04:52.0740 3300 amdagp - ok

16:04:52.0756 3300 amdide (cd5914170297126b6266860198d1d4f0) C:Windowssystem32driversamdide.sys

16:04:52.0756 3300 amdide - ok

16:04:52.0849 3300 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:Windowssystem32DRIVERSamdk8.sys

16:04:52.0849 3300 AmdK8 - ok

16:04:52.0881 3300 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:Windowssystem32DRIVERSamdppm.sys

16:04:52.0881 3300 AmdPPM - ok

16:04:52.0927 3300 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:Windowssystem32driversamdsata.sys

16:04:52.0927 3300 amdsata - ok

16:04:53.0021 3300 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:Windowssystem32DRIVERSamdsbs.sys

16:04:53.0021 3300 amdsbs - ok

16:04:53.0037 3300 amdxata (146459d2b08bfdcbfa856d9947043c81) C:Windowssystem32driversamdxata.sys

16:04:53.0037 3300 amdxata - ok

16:04:53.0083 3300 AppID (aea177f783e20150ace5383ee368da19) C:Windowssystem32driversappid.sys

16:04:53.0099 3300 AppID - ok

16:04:53.0239 3300 arc (2932004f49677bd84dbc72edb754ffb3) C:Windowssystem32DRIVERSarc.sys

16:04:53.0239 3300 arc - ok

16:04:53.0255 3300 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:Windowssystem32DRIVERSarcsas.sys

16:04:53.0255 3300 arcsas - ok

16:04:53.0302 3300 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:Windowssystem32DRIVERSasyncmac.sys

16:04:53.0302 3300 AsyncMac - ok

16:04:53.0333 3300 atapi (338c86357871c167a96ab976519bf59e) C:Windowssystem32driversatapi.sys

16:04:53.0333 3300 atapi - ok

16:04:53.0536 3300 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:Windowssystem32DRIVERSatikmdag.sys

16:04:53.0645 3300 atikmdag - ok

16:04:53.0770 3300 b06bdrv (1a231abec60fd316ec54c66715543cec) C:Windowssystem32DRIVERSbxvbdx.sys

16:04:53.0770 3300 b06bdrv - ok

16:04:53.0832 3300 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:Windowssystem32DRIVERSb57nd60x.sys

16:04:53.0848 3300 b57nd60x - ok

16:04:53.0895 3300 Beep (505506526a9d467307b3c393dedaf858) C:Windowssystem32driversBeep.sys

16:04:53.0910 3300 Beep - ok

16:04:53.0957 3300 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:Windowssystem32DRIVERSblbdrive.sys

16:04:53.0957 3300 blbdrive - ok

16:04:54.0051 3300 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:Windowssystem32DRIVERSbowser.sys

16:04:54.0051 3300 bowser - ok

16:04:54.0113 3300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:Windowssystem32DRIVERSBrFiltLo.sys

16:04:54.0113 3300 BrFiltLo - ok

16:04:54.0113 3300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:Windowssystem32DRIVERSBrFiltUp.sys

16:04:54.0113 3300 BrFiltUp - ok

16:04:54.0191 3300 Brserid (845b8ce732e67f3b4133164868c666ea) C:WindowsSystem32DriversBrserid.sys

16:04:54.0191 3300 Brserid - ok

16:04:54.0238 3300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:WindowsSystem32DriversBrSerWdm.sys

16:04:54.0238 3300 BrSerWdm - ok

16:04:54.0238 3300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:WindowsSystem32DriversBrUsbMdm.sys

16:04:54.0238 3300 BrUsbMdm - ok

16:04:54.0253 3300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:WindowsSystem32DriversBrUsbSer.sys

16:04:54.0253 3300 BrUsbSer - ok

16:04:54.0269 3300 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:Windowssystem32DRIVERSbthmodem.sys

16:04:54.0269 3300 BTHMODEM - ok

16:04:54.0347 3300 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:Windowssystem32DRIVERScdfs.sys

16:04:54.0347 3300 cdfs - ok

16:04:54.0425 3300 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:Windowssystem32driverscdrom.sys

16:04:54.0425 3300 cdrom - ok

16:04:54.0487 3300 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:Windowssystem32DRIVERScirclass.sys

16:04:54.0503 3300 circlass - ok

16:04:54.0550 3300 CLFS (635181e0e9bbf16871bf5380d71db02d) C:Windowssystem32CLFS.sys

16:04:54.0565 3300 CLFS - ok

16:04:54.0659 3300 CmBatt (dea805815e587dad1dd2c502220b5616) C:Windowssystem32DRIVERSCmBatt.sys

16:04:54.0659 3300 CmBatt - ok

16:04:54.0721 3300 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:Windowssystem32driverscmdide.sys

16:04:54.0721 3300 cmdide - ok

16:04:54.0753 3300 CNG (6427525d76f61d0c519b008d3680e8e7) C:Windowssystem32Driverscng.sys

16:04:54.0768 3300 CNG - ok

16:04:54.0831 3300 Compbatt (a6023d3823c37043986713f118a89bee) C:Windowssystem32DRIVERScompbatt.sys

16:04:54.0831 3300 Compbatt - ok

16:04:54.0893 3300 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:Windowssystem32driversCompositeBus.sys

16:04:54.0893 3300 CompositeBus - ok

16:04:54.0971 3300 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:Windowssystem32DRIVERScrcdisk.sys

16:04:54.0971 3300 crcdisk - ok

16:04:55.0049 3300 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:Windowssystem32DRIVERSdc3d.sys

16:04:55.0049 3300 dc3d - ok

16:04:55.0143 3300 DfsC (f024449c97ec1e464aaffda18593db88) C:Windowssystem32Driversdfsc.sys

16:04:55.0158 3300 DfsC - ok

16:04:55.0205 3300 discache (1a050b0274bfb3890703d490f330c0da) C:Windowssystem32driversdiscache.sys

16:04:55.0205 3300 discache - ok

16:04:55.0299 3300 Disk (565003f326f99802e68ca78f2a68e9ff) C:Windowssystem32DRIVERSdisk.sys

16:04:55.0299 3300 Disk - ok

16:04:55.0408 3300 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:Windowssystem32driversdrmkaud.sys

16:04:55.0408 3300 drmkaud - ok

16:04:55.0455 3300 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:WindowsSystem32driversdxgkrnl.sys

16:04:55.0455 3300 DXGKrnl - ok

16:04:55.0626 3300 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:Windowssystem32DRIVERSevbdx.sys

16:04:55.0704 3300 ebdrv - ok

16:04:55.0813 3300 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:Windowssystem32DRIVERSelxstor.sys

16:04:55.0829 3300 elxstor - ok

16:04:55.0860 3300 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:Windowssystem32driverserrdev.sys

16:04:55.0860 3300 ErrDev - ok

16:04:55.0954 3300 exfat (2dc9108d74081149cc8b651d3a26207f) C:Windowssystem32driversexfat.sys

16:04:55.0969 3300 exfat - ok

16:04:55.0985 3300 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:Windowssystem32driversfastfat.sys

16:04:55.0985 3300 fastfat - ok

16:04:56.0001 3300 fdc (e817a017f82df2a1f8cfdbda29388b29) C:Windowssystem32DRIVERSfdc.sys

16:04:56.0001 3300 fdc - ok

16:04:56.0032 3300 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:Windowssystem32driversfileinfo.sys

16:04:56.0032 3300 FileInfo - ok

16:04:56.0110 3300 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:Windowssystem32driversfiletrace.sys

16:04:56.0110 3300 Filetrace - ok

16:04:56.0141 3300 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:Windowssystem32DRIVERSflpydisk.sys

16:04:56.0141 3300 flpydisk - ok

16:04:56.0157 3300 FltMgr (7520ec808e0c35e0ee6f841294316653) C:Windowssystem32driversfltmgr.sys

16:04:56.0172 3300 FltMgr - ok

16:04:56.0250 3300 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:Windowssystem32driversFsDepends.sys

16:04:56.0250 3300 FsDepends - ok

16:04:56.0281 3300 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:Windowssystem32driversFs_Rec.sys

16:04:56.0281 3300 Fs_Rec - ok

16:04:56.0328 3300 fvevol (8a73e79089b282100b9393b644cb853b) C:Windowssystem32DRIVERSfvevol.sys

16:04:56.0328 3300 fvevol - ok

16:04:56.0406 3300 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:Windowssystem32DRIVERSgagp30kx.sys

16:04:56.0406 3300 gagp30kx - ok

16:04:56.0469 3300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:Windowssystem32DRIVERSGEARAspiWDM.sys

16:04:56.0469 3300 GEARAspiWDM - ok

16:04:56.0609 3300 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:Windowssystem32drivershcw85cir.sys

16:04:56.0609 3300 hcw85cir - ok

16:04:56.0671 3300 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:Windowssystem32driversHdAudio.sys

16:04:56.0671 3300 HdAudAddService - ok

16:04:56.0781 3300 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:Windowssystem32driversHDAudBus.sys

16:04:56.0781 3300 HDAudBus - ok

16:04:56.0827 3300 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:Windowssystem32DRIVERSHidBatt.sys

16:04:56.0827 3300 HidBatt - ok

16:04:56.0827 3300 HidBth (89448f40e6df260c206a193a4683ba78) C:Windowssystem32DRIVERShidbth.sys

16:04:56.0827 3300 HidBth - ok

16:04:56.0905 3300 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:Windowssystem32DRIVERShidir.sys

16:04:56.0921 3300 HidIr - ok

16:04:56.0968 3300 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:Windowssystem32drivershidusb.sys

16:04:56.0968 3300 HidUsb - ok

16:04:57.0015 3300 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:Windowssystem32driversHpSAMD.sys

16:04:57.0015 3300 HpSAMD - ok

16:04:57.0139 3300 HTTP (871917b07a141bff43d76d8844d48106) C:Windowssystem32driversHTTP.sys

16:04:57.0139 3300 HTTP - ok

16:04:57.0217 3300 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:Windowssystem32drivershwpolicy.sys

16:04:57.0217 3300 hwpolicy - ok

16:04:57.0264 3300 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:Windowssystem32driversi8042prt.sys

16:04:57.0264 3300 i8042prt - ok

16:04:57.0373 3300 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:Windowssystem32driversiaStorV.sys

16:04:57.0373 3300 iaStorV - ok

16:04:57.0420 3300 iirsp (4173ff5708f3236cf25195fecd742915) C:Windowssystem32DRIVERSiirsp.sys

16:04:57.0420 3300 iirsp - ok

16:04:57.0467 3300 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:Windowssystem32driversintelide.sys

16:04:57.0467 3300 intelide - ok

16:04:57.0545 3300 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:Windowssystem32DRIVERSintelppm.sys

16:04:57.0545 3300 intelppm - ok

16:04:57.0561 3300 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:Windowssystem32DRIVERSipfltdrv.sys

16:04:57.0561 3300 IpFilterDriver - ok

16:04:57.0607 3300 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:Windowssystem32driversIPMIDrv.sys

16:04:57.0607 3300 IPMIDRV - ok

16:04:57.0685 3300 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:Windowssystem32driversipnat.sys

16:04:57.0685 3300 IPNAT - ok

16:04:57.0810 3300 IRENUM (42996cff20a3084a56017b7902307e9f) C:Windowssystem32driversirenum.sys

16:04:57.0810 3300 IRENUM - ok

16:04:57.0857 3300 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:Windowssystem32driversisapnp.sys

16:04:57.0857 3300 isapnp - ok

16:04:57.0888 3300 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:Windowssystem32driversmsiscsi.sys

16:04:57.0904 3300 iScsiPrt - ok

16:04:58.0013 3300 kbdclass (adef52ca1aeae82b50df86b56413107e) C:Windowssystem32driverskbdclass.sys

16:04:58.0013 3300 kbdclass - ok

16:04:58.0060 3300 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:Windowssystem32driverskbdhid.sys

16:04:58.0060 3300 kbdhid - ok

16:04:58.0153 3300 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:Windowssystem32Driversksecdd.sys

16:04:58.0153 3300 KSecDD - ok

16:04:58.0185 3300 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:Windowssystem32Driversksecpkg.sys

16:04:58.0185 3300 KSecPkg - ok

16:04:58.0294 3300 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:Windowssystem32DRIVERSlltdio.sys

16:04:58.0294 3300 lltdio - ok

16:04:58.0325 3300 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:Windowssystem32DRIVERSlsi_fc.sys

16:04:58.0325 3300 LSI_FC - ok

16:04:58.0356 3300 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:Windowssystem32DRIVERSlsi_sas.sys

16:04:58.0356 3300 LSI_SAS - ok

16:04:58.0434 3300 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:Windowssystem32DRIVERSlsi_sas2.sys

16:04:58.0434 3300 LSI_SAS2 - ok

16:04:58.0450 3300 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:Windowssystem32DRIVERSlsi_scsi.sys

16:04:58.0450 3300 LSI_SCSI - ok

16:04:58.0497 3300 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:Windowssystem32driversluafv.sys

16:04:58.0497 3300 luafv - ok

16:04:58.0590 3300 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:Windowssystem32DRIVERSmegasas.sys

16:04:58.0590 3300 megasas - ok

16:04:58.0621 3300 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:Windowssystem32DRIVERSMegaSR.sys

16:04:58.0637 3300 MegaSR - ok

16:04:58.0731 3300 Modem (f001861e5700ee84e2d4e52c712f4964) C:Windowssystem32driversmodem.sys

16:04:58.0731 3300 Modem - ok

16:04:58.0762 3300 monitor (79d10964de86b292320e9dfe02282a23) C:Windowssystem32DRIVERSmonitor.sys

16:04:58.0762 3300 monitor - ok

16:04:58.0871 3300 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:Windowssystem32driversmouclass.sys

16:04:58.0871 3300 mouclass - ok

16:04:58.0918 3300 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:Windowssystem32DRIVERSmouhid.sys

16:04:58.0933 3300 mouhid - ok

16:04:59.0027 3300 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:Windowssystem32driversmountmgr.sys

16:04:59.0027 3300 mountmgr - ok

16:04:59.0230 3300 MpFilter (fee0baded54222e9f1dae9541212aab1) C:Windowssystem32DRIVERSMpFilter.sys

16:04:59.0230 3300 MpFilter - ok

16:04:59.0308 3300 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:Windowssystem32driversmpio.sys

16:04:59.0308 3300 mpio - ok

16:04:59.0433 3300 MpKsl02e2798c (a69630d039c38018689190234f866d77) c:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{FD6A5709-0138-4E7C-BA57-BD2A46C5FCA5}MpKsl02e2798c.sys

16:04:59.0479 3300 MpKsl02e2798c - ok

16:04:59.0604 3300 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:Windowssystem32DRIVERSMpNWMon.sys

16:04:59.0604 3300 MpNWMon - ok

16:04:59.0635 3300 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:Windowssystem32driversmpsdrv.sys

16:04:59.0635 3300 mpsdrv - ok

16:04:59.0682 3300 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:Windowssystem32driversmrxdav.sys

16:04:59.0682 3300 MRxDAV - ok

16:04:59.0760 3300 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:Windowssystem32DRIVERSmrxsmb.sys

16:04:59.0776 3300 mrxsmb - ok

16:04:59.0807 3300 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:Windowssystem32DRIVERSmrxsmb10.sys

16:04:59.0807 3300 mrxsmb10 - ok

16:04:59.0823 3300 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:Windowssystem32DRIVERSmrxsmb20.sys

16:04:59.0823 3300 mrxsmb20 - ok

16:04:59.0869 3300 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:Windowssystem32driversmsahci.sys

16:04:59.0869 3300 msahci - ok

16:04:59.0947 3300 msdsm (55055f8ad8be27a64c831322a780a228) C:Windowssystem32driversmsdsm.sys

16:04:59.0947 3300 msdsm - ok

16:04:59.0994 3300 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:Windowssystem32driversMsfs.sys

16:04:59.0994 3300 Msfs - ok

16:05:00.0010 3300 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:WindowsSystem32driversmshidkmdf.sys

16:05:00.0010 3300 mshidkmdf - ok

16:05:00.0103 3300 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:Windowssystem32driversmsisadrv.sys

16:05:00.0103 3300 msisadrv - ok

16:05:00.0166 3300 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:Windowssystem32driversMSKSSRV.sys

16:05:00.0166 3300 MSKSSRV - ok

16:05:00.0259 3300 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:Windowssystem32driversMSPCLOCK.sys

16:05:00.0275 3300 MSPCLOCK - ok

16:05:00.0306 3300 MSPQM (f456e973590d663b1073e9c463b40932) C:Windowssystem32driversMSPQM.sys

16:05:00.0306 3300 MSPQM - ok

16:05:00.0322 3300 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:Windowssystem32driversMsRPC.sys

16:05:00.0322 3300 MsRPC - ok

16:05:00.0431 3300 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:Windowssystem32driversmssmbios.sys

16:05:00.0431 3300 mssmbios - ok

16:05:00.0478 3300 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:Windowssystem32driversMSTEE.sys

16:05:00.0478 3300 MSTEE - ok

16:05:00.0478 3300 MTConfig (33599130f44e1f34631cea241de8ac84) C:Windowssystem32DRIVERSMTConfig.sys

16:05:00.0478 3300 MTConfig - ok

16:05:00.0509 3300 Mup (159fad02f64e6381758c990f753bcc80) C:Windowssystem32Driversmup.sys

16:05:00.0509 3300 Mup - ok

16:05:00.0603 3300 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:Windowssystem32DRIVERSnwifi.sys

16:05:00.0603 3300 NativeWifiP - ok

16:05:00.0665 3300 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:Windowssystem32driversndis.sys

16:05:00.0681 3300 NDIS - ok

16:05:00.0774 3300 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:Windowssystem32DRIVERSndiscap.sys

16:05:00.0774 3300 NdisCap - ok

16:05:00.0805 3300 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:Windowssystem32DRIVERSndistapi.sys

16:05:00.0805 3300 NdisTapi - ok

16:05:00.0868 3300 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:Windowssystem32DRIVERSndisuio.sys

16:05:00.0868 3300 Ndisuio - ok

16:05:00.0930 3300 NdisWan (38fbe267e7e6983311179230facb1017) C:Windowssystem32DRIVERSndiswan.sys

16:05:00.0930 3300 NdisWan - ok

16:05:00.0977 3300 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:Windowssystem32driversNDProxy.sys

16:05:00.0977 3300 NDProxy - ok

16:05:01.0039 3300 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:Windowssystem32DRIVERSnetbios.sys

16:05:01.0039 3300 NetBIOS - ok

16:05:01.0102 3300 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:Windowssystem32DRIVERSnetbt.sys

16:05:01.0117 3300 NetBT - ok

16:05:01.0195 3300 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:Windowssystem32DRIVERSnfrd960.sys

16:05:01.0195 3300 nfrd960 - ok

16:05:01.0273 3300 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:Windowssystem32DRIVERSNisDrvWFP.sys

16:05:01.0273 3300 NisDrv - ok

16:05:01.0351 3300 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:Windowssystem32driversNpfs.sys

16:05:01.0351 3300 Npfs - ok

16:05:01.0398 3300 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:Windowssystem32driversnsiproxy.sys

16:05:01.0398 3300 nsiproxy - ok

16:05:01.0461 3300 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:Windowssystem32driversNtfs.sys

16:05:01.0476 3300 Ntfs - ok

16:05:01.0585 3300 NuidFltr (cf7e041663119e09d2e118521ada9300) C:Windowssystem32DRIVERSNuidFltr.sys

16:05:01.0585 3300 NuidFltr - ok

16:05:01.0617 3300 Null (f9756a98d69098dca8945d62858a812c) C:Windowssystem32driversNull.sys

16:05:01.0617 3300 Null - ok

16:05:01.0648 3300 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:Windowssystem32driversnvraid.sys

16:05:01.0648 3300 nvraid - ok

16:05:01.0741 3300 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:Windowssystem32driversnvstor.sys

16:05:01.0741 3300 nvstor - ok

16:05:01.0757 3300 nv_agp (5a0983915f02bae73267cc2a041f717d) C:Windowssystem32driversnv_agp.sys

16:05:01.0773 3300 nv_agp - ok

16:05:01.0819 3300 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:Windowssystem32driversohci1394.sys

16:05:01.0819 3300 ohci1394 - ok

16:05:01.0929 3300 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:Windowssystem32DRIVERSparport.sys

16:05:01.0929 3300 Parport - ok

16:05:01.0960 3300 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:Windowssystem32driverspartmgr.sys

16:05:01.0960 3300 partmgr - ok

16:05:01.0975 3300 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:Windowssystem32DRIVERSparvdm.sys

16:05:01.0975 3300 Parvdm - ok

16:05:02.0085 3300 pci (673e55c3498eb970088e812ea820aa8f) C:Windowssystem32driverspci.sys

16:05:02.0085 3300 pci - ok

16:05:02.0100 3300 pciide (afe86f419014db4e5593f69ffe26ce0a) C:Windowssystem32driverspciide.sys

16:05:02.0100 3300 pciide - ok

16:05:02.0131 3300 pcmcia (f396431b31693e71e8a80687ef523506) C:Windowssystem32DRIVERSpcmcia.sys

16:05:02.0131 3300 pcmcia - ok

16:05:02.0241 3300 pcw (250f6b43d2b613172035c6747aeeb19f) C:Windowssystem32driverspcw.sys

16:05:02.0256 3300 pcw - ok

16:05:02.0287 3300 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:Windowssystem32driverspeauth.sys

16:05:02.0287 3300 PEAUTH - ok

16:05:02.0412 3300 Point32 (420336f91eb745811cf130c80ede0653) C:Windowssystem32DRIVERSpoint32.sys

16:05:02.0412 3300 Point32 - ok

16:05:02.0459 3300 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:Windowssystem32DRIVERSraspptp.sys

16:05:02.0459 3300 PptpMiniport - ok

16:05:02.0490 3300 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:Windowssystem32DRIVERSprocessr.sys

16:05:02.0490 3300 Processor - ok

16:05:02.0599 3300 Psched (6270ccae2a86de6d146529fe55b3246a) C:Windowssystem32DRIVERSpacer.sys

16:05:02.0599 3300 Psched - ok

16:05:02.0662 3300 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:Windowssystem32DRIVERSql2300.sys

16:05:02.0677 3300 ql2300 - ok

16:05:02.0755 3300 ql40xx (b4dd51dd25182244b86737dc51af2270) C:Windowssystem32DRIVERSql40xx.sys

16:05:02.0755 3300 ql40xx - ok

16:05:02.0787 3300 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:Windowssystem32driversqwavedrv.sys

16:05:02.0787 3300 QWAVEdrv - ok

16:05:02.0802 3300 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:Windowssystem32DRIVERSrasacd.sys

16:05:02.0802 3300 RasAcd - ok

16:05:02.0849 3300 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:Windowssystem32DRIVERSAgileVpn.sys

16:05:02.0849 3300 RasAgileVpn - ok

16:05:02.0927 3300 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:Windowssystem32DRIVERSrasl2tp.sys

16:05:02.0927 3300 Rasl2tp - ok

16:05:02.0943 3300 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:Windowssystem32DRIVERSraspppoe.sys

16:05:02.0958 3300 RasPppoe - ok

16:05:02.0989 3300 RasSstp (44101f495a83ea6401d886e7fd70096b) C:Windowssystem32DRIVERSrassstp.sys

16:05:02.0989 3300 RasSstp - ok

16:05:03.0099 3300 rdbss (d528bc58a489409ba40334ebf96a311b) C:Windowssystem32DRIVERSrdbss.sys

16:05:03.0099 3300 rdbss - ok

16:05:03.0114 3300 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:Windowssystem32DRIVERSrdpbus.sys

16:05:03.0114 3300 rdpbus - ok

16:05:03.0145 3300 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:Windowssystem32DRIVERSRDPCDD.sys

16:05:03.0145 3300 RDPCDD - ok

16:05:03.0239 3300 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:Windowssystem32driversrdpencdd.sys

16:05:03.0239 3300 RDPENCDD - ok

16:05:03.0255 3300 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:Windowssystem32driversrdprefmp.sys

16:05:03.0255 3300 RDPREFMP - ok

16:05:03.0301 3300 RDPWD (288b06960d78428ff89e811632684e20) C:Windowssystem32driversRDPWD.sys

16:05:03.0301 3300 RDPWD - ok

16:05:03.0333 3300 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:Windowssystem32driversrdyboost.sys

16:05:03.0333 3300 rdyboost - ok

16:05:03.0457 3300 rspndr (032b0d36ad92b582d869879f5af5b928) C:Windowssystem32DRIVERSrspndr.sys

16:05:03.0457 3300 rspndr - ok

16:05:03.0489 3300 RTL8167 (80b66a4181f782884a815e69d0afa743) C:Windowssystem32DRIVERSRt86win7.sys

16:05:03.0489 3300 RTL8167 - ok

16:05:03.0598 3300 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:Windowssystem32DRIVERSRTL8187Se.sys

16:05:03.0613 3300 RTL8187Se - ok

16:05:03.0660 3300 sbp2port (05d860da1040f111503ac416ccef2bca) C:Windowssystem32driverssbp2port.sys

16:05:03.0660 3300 sbp2port - ok

16:05:03.0754 3300 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:Windowssystem32DRIVERSscfilter.sys

16:05:03.0754 3300 scfilter - ok

16:05:03.0801 3300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:Windowssystem32driverssecdrv.sys

16:05:03.0801 3300 secdrv - ok

16:05:03.0894 3300 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:Windowssystem32DRIVERSserenum.sys

16:05:03.0894 3300 Serenum - ok

16:05:03.0910 3300 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:Windowssystem32DRIVERSserial.sys

16:05:03.0910 3300 Serial - ok

16:05:03.0941 3300 sermouse (79bffb520327ff916a582dfea17aa813) C:Windowssystem32DRIVERSsermouse.sys

16:05:03.0957 3300 sermouse - ok

16:05:04.0050 3300 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:Windowssystem32driverssffdisk.sys

16:05:04.0050 3300 sffdisk - ok

16:05:04.0066 3300 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:Windowssystem32driverssffp_mmc.sys

16:05:04.0066 3300 sffp_mmc - ok

16:05:04.0081 3300 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:Windowssystem32driverssffp_sd.sys

16:05:04.0081 3300 sffp_sd - ok

16:05:04.0113 3300 sfloppy (db96666cc8312ebc45032f30b007a547) C:Windowssystem32DRIVERSsfloppy.sys

16:05:04.0113 3300 sfloppy - ok

16:05:04.0191 3300 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:Windowssystem32driverssisagp.sys

16:05:04.0206 3300 sisagp - ok

16:05:04.0237 3300 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:Windowssystem32DRIVERSSiSRaid2.sys

16:05:04.0237 3300 SiSRaid2 - ok

16:05:04.0315 3300 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:Windowssystem32DRIVERSsisraid4.sys

16:05:04.0315 3300 SiSRaid4 - ok

16:05:04.0362 3300 Smb (3e21c083b8a01cb70ba1f09303010fce) C:Windowssystem32DRIVERSsmb.sys

16:05:04.0362 3300 Smb - ok

16:05:04.0471 3300 spldr (95cf1ae7527fb70f7816563cbc09d942) C:Windowssystem32driversspldr.sys

16:05:04.0471 3300 spldr - ok

16:05:04.0534 3300 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:Windowssystem32DRIVERSsrv.sys

16:05:04.0534 3300 srv - ok

16:05:04.0643 3300 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:Windowssystem32DRIVERSsrv2.sys

16:05:04.0643 3300 srv2 - ok

16:05:04.0659 3300 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:Windowssystem32DRIVERSsrvnet.sys

16:05:04.0674 3300 srvnet - ok

16:05:04.0721 3300 stexstor (db32d325c192b801df274bfd12a7e72b) C:Windowssystem32DRIVERSstexstor.sys

16:05:04.0721 3300 stexstor - ok

16:05:04.0815 3300 swenum (e58c78a848add9610a4db6d214af5224) C:Windowssystem32driversswenum.sys

16:05:04.0830 3300 swenum - ok

16:05:04.0877 3300 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:Windowssystem32DRIVERSSynTP.sys

16:05:04.0877 3300 SynTP - ok

16:05:05.0017 3300 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:Windowssystem32driverstcpip.sys

16:05:05.0017 3300 Tcpip - ok

16:05:05.0142 3300 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:Windowssystem32DRIVERStcpip.sys

16:05:05.0158 3300 TCPIP6 - ok

16:05:05.0251 3300 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:Windowssystem32driverstcpipreg.sys

16:05:05.0251 3300 tcpipreg - ok

16:05:05.0283 3300 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:Windowssystem32driverstdpipe.sys

16:05:05.0283 3300 TDPIPE - ok

16:05:05.0298 3300 TDTCP (2c10395baa4847f83042813c515cc289) C:Windowssystem32driverstdtcp.sys

16:05:05.0298 3300 TDTCP - ok

16:05:05.0392 3300 tdx (b459575348c20e8121d6039da063c704) C:Windowssystem32DRIVERStdx.sys

16:05:05.0392 3300 tdx - ok

16:05:05.0423 3300 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:Windowssystem32driverstermdd.sys

16:05:05.0423 3300 TermDD - ok

16:05:05.0548 3300 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:Windowssystem32DRIVERStssecsrv.sys

16:05:05.0548 3300 tssecsrv - ok

16:05:05.0579 3300 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:Windowssystem32driverstsusbflt.sys

16:05:05.0579 3300 TsUsbFlt - ok

16:05:05.0626 3300 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:Windowssystem32DRIVERStunnel.sys

16:05:05.0626 3300 tunnel - ok

16:05:05.0719 3300 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:Windowssystem32DRIVERSTVALZ_O.SYS

16:05:05.0719 3300 TVALZ - ok

16:05:05.0766 3300 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:Windowssystem32DRIVERSuagp35.sys

16:05:05.0766 3300 uagp35 - ok

16:05:05.0844 3300 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:Windowssystem32DRIVERSudfs.sys

16:05:05.0860 3300 udfs - ok

16:05:05.0907 3300 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:Windowssystem32driversuliagpkx.sys

16:05:05.0907 3300 uliagpkx - ok

16:05:05.0938 3300 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:Windowssystem32driversumbus.sys

16:05:05.0938 3300 umbus - ok

16:05:06.0031 3300 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:Windowssystem32DRIVERSumpass.sys

16:05:06.0031 3300 UmPass - ok

16:05:06.0078 3300 USBAAPL (83cafcb53201bbac04d822f32438e244) C:Windowssystem32Driversusbaapl.sys

16:05:06.0078 3300 USBAAPL - ok

16:05:06.0156 3300 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:Windowssystem32DRIVERSusbccgp.sys

16:05:06.0172 3300 usbccgp - ok

16:05:06.0203 3300 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:Windowssystem32driversusbcir.sys

16:05:06.0219 3300 usbcir - ok

16:05:06.0297 3300 usbehci (cfbce999c057d78979a181c9c60f208e) C:Windowssystem32driversusbehci.sys

16:05:06.0297 3300 usbehci - ok

16:05:06.0328 3300 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:Windowssystem32driversusbhub.sys

16:05:06.0328 3300 usbhub - ok

16:05:06.0359 3300 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:Windowssystem32driversusbohci.sys

16:05:06.0375 3300 usbohci - ok

16:05:06.0468 3300 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:Windowssystem32DRIVERSusbprint.sys

16:05:06.0468 3300 usbprint - ok

16:05:06.0515 3300 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:Windowssystem32DRIVERSusbscan.sys

16:05:06.0515 3300 usbscan - ok

16:05:06.0546 3300 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:Windowssystem32DRIVERSUSBSTOR.SYS

16:05:06.0546 3300 USBSTOR - ok

16:05:06.0624 3300 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:Windowssystem32driversusbuhci.sys

16:05:06.0624 3300 usbuhci - ok

16:05:06.0671 3300 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:Windowssystem32driversvdrvroot.sys

16:05:06.0671 3300 vdrvroot - ok

16:05:06.0718 3300 vga (17c408214ea61696cec9c66e388b14f3) C:Windowssystem32DRIVERSvgapnp.sys

16:05:06.0718 3300 vga - ok

16:05:06.0796 3300 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:WindowsSystem32driversvga.sys

16:05:06.0796 3300 VgaSave - ok

16:05:06.0827 3300 vhdmp (5461686cca2fda57b024547733ab42e3) C:Windowssystem32driversvhdmp.sys

16:05:06.0827 3300 vhdmp - ok

16:05:06.0858 3300 viaagp (c829317a37b4bea8f39735d4b076e923) C:Windowssystem32driversviaagp.sys

16:05:06.0858 3300 viaagp - ok

16:05:06.0936 3300 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:Windowssystem32DRIVERSviac7.sys

16:05:06.0936 3300 ViaC7 - ok

16:05:06.0983 3300 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:Windowssystem32driversviaide.sys

16:05:06.0983 3300 viaide - ok

16:05:06.0999 3300 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:Windowssystem32driversvolmgr.sys

16:05:06.0999 3300 volmgr - ok

16:05:07.0077 3300 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:Windowssystem32driversvolmgrx.sys

16:05:07.0092 3300 volmgrx - ok

16:05:07.0123 3300 volsnap (f497f67932c6fa693d7de2780631cfe7) C:Windowssystem32driversvolsnap.sys

16:05:07.0123 3300 volsnap - ok

16:05:07.0155 3300 vsmraid (9dfa0cc2f8855a04816729651175b631) C:Windowssystem32DRIVERSvsmraid.sys

16:05:07.0155 3300 vsmraid - ok

16:05:07.0264 3300 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:Windowssystem32DRIVERSvwifibus.sys

16:05:07.0264 3300 vwifibus - ok

16:05:07.0279 3300 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:Windowssystem32DRIVERSvwififlt.sys

16:05:07.0279 3300 vwififlt - ok

16:05:07.0311 3300 WacomPen (de3721e89c653aa281428c8a69745d90) C:Windowssystem32DRIVERSwacompen.sys

16:05:07.0311 3300 WacomPen - ok

16:05:07.0420 3300 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:Windowssystem32DRIVERSwanarp.sys

16:05:07.0420 3300 WANARP - ok

16:05:07.0420 3300 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:Windowssystem32DRIVERSwanarp.sys

16:05:07.0420 3300 Wanarpv6 - ok

16:05:07.0482 3300 Wd (1112a9badacb47b7c0bb0392e3158dff) C:Windowssystem32DRIVERSwd.sys

16:05:07.0482 3300 Wd - ok

16:05:07.0560 3300 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:Windowssystem32driversWdf01000.sys

16:05:07.0576 3300 Wdf01000 - ok

16:05:07.0685 3300 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:Windowssystem32DRIVERSwfplwf.sys

16:05:07.0685 3300 WfpLwf - ok

16:05:07.0701 3300 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:Windowssystem32driverswimmount.sys

16:05:07.0701 3300 WIMMount - ok

16:05:07.0841 3300 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:Windowssystem32DRIVERSWinUsb.sys

16:05:07.0841 3300 WinUsb - ok

16:05:07.0857 3300 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:Windowssystem32driverswmiacpi.sys

16:05:07.0857 3300 WmiAcpi - ok

16:05:07.0919 3300 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:Windowssystem32driversws2ifsl.sys

16:05:07.0919 3300 ws2ifsl - ok

16:05:08.0013 3300 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:Windowssystem32driversWudfPf.sys

16:05:08.0013 3300 WudfPf - ok

16:05:08.0059 3300 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:Windowssystem32DRIVERSWUDFRd.sys

16:05:08.0059 3300 WUDFRd - ok

16:05:08.0122 3300 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) DeviceHarddisk0DR0

16:05:08.0184 3300 DeviceHarddisk0DR0 - ok

16:05:08.0200 3300 Boot (0x1200) (a3e60c247151fa3f20475223ba791066) DeviceHarddisk0DR0Partition0

16:05:08.0200 3300 DeviceHarddisk0DR0Partition0 - ok

16:05:08.0200 3300 ============================================================

16:05:08.0200 3300 Scan finished

16:05:08.0200 3300 ============================================================

16:05:08.0215 3228 Detected object count: 0

16:05:08.0215 3228 Actual detected object count: 0

Link to comment
Share on other sites

Hello Ashley

 

Thank you for the logs.

 

Lets continue as follows:

  • Please perform the following scan:

  • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
  • Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
  • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
  • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
  • Click on the "Update" tab and then on "Check for Updates".
  • The program will now install the latest Malware definition files.
  • Once complete, click on the "Scanner" tab, select "Perform Full Scan"and then click on "Scan".
  • Once the program has scanned your computer, a log file will be created in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
  • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
  • Come back here to this thread and Paste the log in your next reply.
Link to comment
Share on other sites

Fist MBAM log----

 

 

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.10.06

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

John Dean :: JOHNDEAN-PC [administrator]

 

Protection: Enabled

 

2/10/2012 1:16:56 PM

mbam-log-2012-02-10 (13-16-56).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270163

Time elapsed: 57 minute(s), 26 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:UsersJohn DeanDownloadsWhiteSmokeInstaller_9128 (1).exe (Adware.Agent) -> Quarantined and deleted successfully.

C:UsersJohn DeanDownloadsWhiteSmokeInstaller_9128 (2).exe (Adware.Agent) -> Quarantined and deleted successfully.

C:UsersJohn DeanDownloadsWhiteSmokeInstaller_9128.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

(end)

Link to comment
Share on other sites

Another MBAM log --

 

 

2012/02/10 13:16:02 -0500 JOHNDEAN-PC John Dean MESSAGE Starting protection

2012/02/10 13:16:02 -0500 JOHNDEAN-PC John Dean MESSAGE Executing scheduled update: Daily

2012/02/10 13:16:03 -0500 JOHNDEAN-PC John Dean MESSAGE Database already up-to-date

2012/02/10 13:16:04 -0500 JOHNDEAN-PC John Dean MESSAGE Protection started successfully

2012/02/10 13:16:07 -0500 JOHNDEAN-PC John Dean MESSAGE Starting IP protection

2012/02/10 13:16:11 -0500 JOHNDEAN-PC John Dean MESSAGE IP Protection started successfully

2012/02/10 14:18:06 -0500 JOHNDEAN-PC John Dean MESSAGE Starting protection

2012/02/10 14:18:11 -0500 JOHNDEAN-PC John Dean MESSAGE Protection started successfully

2012/02/10 14:18:14 -0500 JOHNDEAN-PC John Dean MESSAGE Starting IP protection

2012/02/10 14:18:18 -0500 JOHNDEAN-PC John Dean MESSAGE IP Protection started successfully

Link to comment
Share on other sites

Hello Ashley

 

MBAM has detected and removed some Whitesmoke adware.

 

Lets continue with the following:

 

 

  • Please update your Java

     

     

    • Click on "Windows Orb" (bottom left hand corner of your screen), then on "Computer" and then on the "Uninstall or Change a Program" tab.
    • Uninstall any previous versions of Java that you find (Java™ 6 Update 26).
    • Reboot your computer.
    • Download the latest version of Java Runtime Environment (JRE) 7
    • Scroll down the page until you reach "Java Platform Standard Edition".
    • Beneath this and to the right, you will see a red button marked "JRE Download" for Java SE 7 u2
    • Click the "Download" button.
    • Accept the licence agreement.
    • Under "Product / File Description" download the jre-7u2-windows-i586.exe file for Windows x86 offline.
    • Save the file to your desktop.
    • From your desktop double click on jre-7u2-windows-i586.exe to install the newest version.
    • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.

  • Please run the following scan

     

     

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.

     

    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

     

    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image

    Please post the ESET log and a new OTL scan log in your next reply.

     

    How is the machine runnng now?

Link to comment
Share on other sites

Hello Ashley

 

Did you use Internet Explorer to try and run the scan?

 

Lets try it again as follows:

  • Open Internet Explorer.
  • Click (or paste) the following address into the Search Bar and hit Enter: http://www.eset.com/us/online-scanner/
  • Click on the blue "Run ESET Online Scanner" button.
  • A text box will open stating the terms of use. Accept the terms of use.
  • Click on Start.
  • You will be requested to grant permission to install an "Add-on" (called OnlineScanner.cab).
  • Click on the Install button.
  • Another text box will open. Make sure that "Remove found Threats" is UNchecked.
  • Click Start.
Use the instructions provided in my previous post to save the log and post it in your next reply.
Link to comment
Share on other sites

ESET did not find any threats so there isn't a log to post. Do you want me to run the custom scan you gave me a few days ago (below) for the OTL scan??

 

:OTL

PRC - C:WINDOWSexplorer.exe (Microsoft Corporation)

O3 - HKCU..ToolbarWebBrowser: (no name) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No CLSID value found.

O4 - HKLM..Run: [] File not found

O4 - HKCU..Run: [KcastWin7] File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O33 - MountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7}Shell - "" = AutoRun

O33 - MountPoints2{2cb6f665-de58-11df-b719-001e33fc19a7}ShellAutoRuncommand - "" = E:LaunchU3.exe -a

O33 - MountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963}Shell - "" = AutoRun

O33 - MountPoints2{e0551878-4b45-11df-8ddd-806e6f6e6963}ShellAutoRuncommand - "" = D:Setup.exe

@Alternate Data Stream - 129 bytes -> C:ProgramDataTEMP:D1B5B4F1

 

:Commands

[resethosts]

[purity]

[emptytemp]

[emptyflash]

[start explorer]

[Reboot]

Link to comment
Share on other sites

Hello Ashley

 

ESET did not find any threats so there isn't a log to post

Thats good :)

 

Do you want me to run the custom scan you gave me a few days ago (below) for the OTL scan??

You already ran that script and posted the log created in post number 11.

 

Please scan the machine again with OTL and post the log in your next reply.

 

Also, please describe exactly how the machine is running right now and what problems remain.

Link to comment
Share on other sites

<p>New OTL scan---</p>

<p> </p>

<p> </p>

<div>OTL logfile created on: 2/16/2012 1:42:43 PM - Run 2</div>

<div>OTL by OldTimer - Version 3.2.31.0     Folder = C:UsersJohn DeanDownloads</div>

<div> Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 9.0.8112.16421)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>2.75 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 51.69% Memory free</div>

<div>5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.06% Paging File free</div>

<div>Paging file location(s): ?:pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files</div>

<div>Drive C: | 288.71 Gb Total Space | 253.67 Gb Free Space | 87.86% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: JOHNDEAN-PC | User Name: John Dean | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: Current user</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - [2012/02/08 08:40:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersJohn DeanDownloadsOTL.exe</div>

<div>PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe</div>

<div>PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe</div>

<div>PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:Program FilesCommon FilesAdobeARM1.0armsvc.exe</div>

<div>PRC - [2011/11/13 23:47:42 | 000,661,944 | ---- | M] (Symantec Corporation) -- C:Program FilesNorton Security ScanEngine3.0.0.103Nss.exe</div>

<div>PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:Program FilesAsk.comUpdaterUpdater.exe</div>

<div>PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:Program FilesNorton Safe Web LiteEngine2.0.0.16ccSvcHst.exe</div>

<div>PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe</div>

<div>PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe</div>

<div>PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32taskhost.exe</div>

<div>PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:Windowsexplorer.exe</div>

<div>PRC - [2010/08/05 07:46:08 | 001,594,328 | ---- | M] (PC Tools) -- C:Program FilesRegistry MechanicUpgrade.exe</div>

<div>PRC - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe</div>

<div>PRC - [2010/08/05 07:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:Program FilesCommon FilesPC ToolssMonitorSSDMonitor.exe</div>

<div>PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:WindowsSystem32atieclxx.exe</div>

<div>PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:WindowsSystem32atiesrxx.exe</div>

<div>PRC - [2007/05/08 15:13:08 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:Program FilesLexmark 8300 Seriesezprint.exe</div>

<div>PRC - [2007/05/08 15:09:00 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:Program FilesLexmark 8300 Serieslxcjmon.exe</div>

<div>PRC - [2007/02/08 04:52:50 | 000,537,520 | ---- | M] ( ) -- C:WindowsSystem32lxcjcoms.exe</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - [2012/01/20 00:35:35 | 000,411,120 | ---- | M] () -- C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77ppgooglenaclpluginchrome.dll</div>

<div>MOD - [2012/01/20 00:35:34 | 003,767,792 | ---- | M] () -- C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77pdf.dll</div>

<div>MOD - [2012/01/20 00:34:10 | 000,122,880 | ---- | M] () -- C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77avutil-51.dll</div>

<div>MOD - [2012/01/20 00:34:09 | 000,222,208 | ---- | M] () -- C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77avformat-53.dll</div>

<div>MOD - [2012/01/20 00:34:07 | 001,746,432 | ---- | M] () -- C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77avcodec-53.dll</div>

<div>MOD - [2012/01/19 21:14:40 | 008,593,056 | ---- | M] () -- C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77gcswf32.dll</div>

<div>MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll</div>

<div>MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportlibxml2.dll</div>

<div>MOD - [2005/12/20 13:25:56 | 000,118,784 | ---- | M] () -- C:Program FilesLexmark 8300 Serieslxcjdrec.dll</div>

<div>MOD - [2005/06/14 16:08:28 | 000,196,608 | ---- | M] () -- C:Program FilesLexmark 8300 Seriesiptk.dll</div>

<div> </div>

<div> </div>

<div>========== Win32 Services (SafeList) ==========</div>

<div> </div>

<div>SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)</div>

<div>SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)</div>

<div>SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:Program FilesNorton Safe Web LiteEngine2.0.0.16ccSvcHst.exe -- (NSL)</div>

<div>SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)</div>

<div>SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)</div>

<div>SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)</div>

<div>SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe -- (PCToolsSSDMonitorSvc)</div>

<div>SRV - [2010/04/18 16:23:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)</div>

<div>SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:WindowsSystem32atiesrxx.exe -- (AMD External Events Utility)</div>

<div>SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32sensrsvc.dll -- (SensrSvc)</div>

<div>SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)</div>

<div>SRV - [2007/02/08 04:52:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:WindowsSystem32lxcjcoms.exe -- (lxcj_device)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WindowsSystem32driversmbam.sys -- (MBAMProtector)</div>

<div>DRV - [2011/08/08 18:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:Windowssystem32driversNST0200000.010ccSetx86.sys -- (ccSet_NST)</div>

<div>DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)</div>

<div>DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)</div>

<div>DRV - [2011/01/06 19:37:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversdc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)</div>

<div>DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)</div>

<div>DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driverswinusb.sys -- (WinUsb)</div>

<div>DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversatikmdag.sys -- (atikmdag)</div>

<div>DRV - [2008/08/22 09:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversRTL8187Se.sys -- (RTL8187Se)</div>

<div>DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERSTVALZ_O.SYS -- (TVALZ)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div> </div>

<div>IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp</div>

<div>IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-US</div>

<div>IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 42 47 2D 42 DA EC CC 01  [binary data]</div>

<div>IE - HKCU..URLSearchHook:  - No CLSID value found</div>

<div>IE - HKCU..URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)</div>

<div>IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0</div>

<div>IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local</div>

<div> </div>

<div>FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll ()</div>

<div>FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=:  File not found</div>

<div>FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()</div>

<div>FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)</div>

<div>FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre7binnew_pluginnpjp2.dll (Oracle Corporation)</div>

<div>FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found</div>

<div>FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)</div>

<div>FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersJohn DeanAppDataLocalGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersJohn DeanAppDataLocalGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:ProgramDataNorton{92622AAD-05E8-4459-B256-765CE1E929FB}NST_2.0.0.16coFFNST [2012/02/14 22:32:06 | 000,000,000 | ---D | M]</div>

<div> </div>

<div>[2011/09/06 10:23:14 | 000,000,000 | ---D | M] (No name found) -- C:UsersJohn DeanAppDataRoamingMozillaExtensions</div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Google (Enabled)</div>

<div>CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}</div>

<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77gcswf32.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:Windowssystem32MacromedFlashNPSWF32.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll</div>

<div>CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll</div>

<div>CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll</div>

<div>CHR - plugin: Shockwave for Director (Enabled) = C:Windowssystem32AdobeDirectornp32dsw.dll</div>

<div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeApplication16.0.912.77pdf.dll</div>

<div>CHR - plugin: Play Pickle Textlinks Plugin (Enabled) = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionsbllefkbpbefdodiiefpkcnigpicmhohenpptl.dll</div>

<div>CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll</div>

<div>CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll</div>

<div>CHR - plugin: Default Plug-in (Enabled) = default_plugin</div>

<div>CHR - Extension: YouTube = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.3_0</div>

<div>CHR - Extension: Google Search = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.16_0</div>

<div>CHR - Extension: Google Search = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.17_0</div>

<div>CHR - Extension: Gmail = C:UsersJohn DeanAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0</div>

<div> </div>

<div>O1 HOSTS File: ([2012/02/08 15:54:45 | 000,000,098 | ---- | M]) - C:WindowsSystem32driversetcHosts</div>

<div>O1 - Hosts: 127.0.0.1       localhost</div>

<div>O1 - Hosts: ::1       localhost</div>

<div>O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)</div>

<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)</div>

<div>O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:Program FilesNorton Safe Web LiteEngine2.0.0.16CoIEPlg.dll (Symantec Corporation)</div>

<div>O3 - HKLM..Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:Program FilesNorton Safe Web LiteEngine2.0.0.16CoIEPlg.dll (Symantec Corporation)</div>

<div>O3 - HKLM..Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)</div>

<div>O3 - HKCU..ToolbarWebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll (Ask)</div>

<div>O4 - HKLM..Run: [ApnUpdater] C:Program FilesAsk.comUpdaterUpdater.exe (Ask)</div>

<div>O4 - HKLM..Run: [APSDaemon] C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)</div>

<div>O4 - HKLM..Run: [EzPrint] C:Program FilesLexmark 8300 Seriesezprint.exe (Lexmark International Inc.)</div>

<div>O4 - HKLM..Run: [LXCJCATS] C:WindowsSystem32spoolDRIVERSW32X863LXCJtime.DLL (Lexmark International Inc.)</div>

<div>O4 - HKLM..Run: [lxcjmon.exe] C:Program FilesLexmark 8300 Serieslxcjmon.exe (Lexmark International, Inc.)</div>

<div>O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)</div>

<div>O4 - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)</div>

<div>O4 - HKLM..Run: [sSDMonitor] C:Program FilesCommon FilesPC ToolssMonitorSSDMonitor.exe (PC Tools)</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3</div>

<div>O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2</div>

<div>O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1</div>

<div>O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)</div>

<div>O13 - gopher Prefix: missing</div>

<div>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)</div>

<div>O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)</div>

<div>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</div>

<div>O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1</div>

<div>O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{02779B41-D29C-403E-B494-9437DD805D38}: DhcpNameServer = 68.87.64.150 68.87.75.198</div>

<div>O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{366FC7DF-29D5-4A59-A752-BA6DD94C89A5}: DhcpNameServer = 192.168.1.1</div>

<div>O18 - ProtocolFilterapplication/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)</div>

<div>O18 - ProtocolFilterapplication/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)</div>

<div>O18 - ProtocolFilterapplication/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: Shell - (explorer.exe) -C:Windowsexplorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSystem32userinit.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</div>

<div>O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:autoexec.bat -- [ NTFS ]</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35 - HKLM..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM...com [@ = comfile] -- "%1" %*</div>

<div>O37 - HKLM...exe [@ = exefile] -- "%1" %*</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2012/02/14 22:31:54 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:WindowsSystem32driversNST0200000.010ccSetx86.sys</div>

<div>[2012/02/14 22:31:52 | 000,000,000 | ---D | C] -- C:WindowsSystem32driversNST</div>

<div>[2012/02/14 22:31:52 | 000,000,000 | ---D | C] -- C:Program FilesNorton Safe Web Lite</div>

<div>[2012/02/14 22:31:52 | 000,000,000 | ---D | C] -- C:WindowsSystem32driversNST0200000.010</div>

<div>[2012/02/13 13:55:03 | 000,000,000 | ---D | C] -- C:Program FilesESET</div>

<div>[2012/02/13 13:46:32 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava</div>

<div>[2012/02/13 13:46:04 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:WindowsSystem32npdeployJava1.dll</div>

<div>[2012/02/13 13:46:04 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:WindowsSystem32javaws.exe</div>

<div>[2012/02/13 13:46:04 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:WindowsSystem32javaw.exe</div>

<div>[2012/02/13 13:46:04 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:WindowsSystem32java.exe</div>

<div>[2012/02/10 13:15:07 | 000,000,000 | ---D | C] -- C:UsersJohn DeanAppDataRoamingMalwarebytes</div>

<div>[2012/02/10 13:14:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware</div>

<div>[2012/02/10 13:14:50 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes</div>

<div>[2012/02/10 13:14:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbam.sys</div>

<div>[2012/02/10 13:14:48 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware</div>

<div>[2012/02/08 15:54:44 | 000,000,000 | ---D | C] -- C:_OTL</div>

<div>[2012/02/08 14:01:29 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesAdobe AIR</div>

<div>[2012/02/08 14:00:08 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesAdobe</div>

<div>[2012/02/08 14:00:08 | 000,000,000 | ---D | C] -- C:Program FilesAdobe</div>

<div>[2012/02/08 11:05:18 | 000,000,000 | ---D | C] -- C:ProgramDataSun</div>

<div>[2012/02/01 10:10:04 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes</div>

<div>[2012/02/01 10:09:16 | 000,000,000 | ---D | C] -- C:Program FilesiPod</div>

<div>[2012/02/01 10:09:15 | 000,000,000 | ---D | C] -- C:Program FilesiTunes</div>

<div>[2012/02/01 10:05:34 | 000,000,000 | ---D | C] -- C:UsersJohn DeanAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis</div>

<div>[2012/02/01 10:05:31 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro</div>

<div>[2012/02/01 10:04:42 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime</div>

<div>[2012/02/01 10:04:22 | 000,000,000 | ---D | C] -- C:Program FilesQuickTime</div>

<div>[2012/02/01 08:37:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32packager.dll</div>

<div>[2012/02/01 08:37:13 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32quartz.dll</div>

<div>[2012/02/01 08:37:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32qdvd.dll</div>

<div>[2012/02/01 08:37:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32webio.dll</div>

<div>[2012/02/01 08:37:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32sspisrv.dll</div>

<div>[2010/05/16 18:58:15 | 000,413,696 | ---- | C] ( ) -- C:WindowsSystem32lxcjinpa.dll</div>

<div>[2010/05/16 18:58:15 | 000,397,312 | ---- | C] ( ) -- C:WindowsSystem32lxcjiesc.dll</div>

<div>[2010/05/16 18:58:15 | 000,323,584 | ---- | C] ( ) -- C:WindowsSystem32lxcjhcp.dll</div>

<div>[2010/05/16 18:58:14 | 001,224,704 | ---- | C] ( ) -- C:WindowsSystem32lxcjserv.dll</div>

<div>[2010/05/16 18:58:14 | 000,991,232 | ---- | C] ( ) -- C:WindowsSystem32lxcjusb1.dll</div>

<div>[2010/05/16 18:58:14 | 000,696,320 | ---- | C] ( ) -- C:WindowsSystem32lxcjhbn3.dll</div>

<div>[2010/05/16 18:58:14 | 000,643,072 | ---- | C] ( ) -- C:WindowsSystem32lxcjpmui.dll</div>

<div>[2010/05/16 18:58:14 | 000,585,728 | ---- | C] ( ) -- C:WindowsSystem32lxcjlmpm.dll</div>

<div>[2010/05/16 18:58:14 | 000,385,968 | ---- | C] ( ) -- C:WindowsSystem32lxcjih.exe</div>

<div>[2010/05/16 18:58:14 | 000,163,840 | ---- | C] ( ) -- C:WindowsSystem32lxcjprox.dll</div>

<div>[2010/05/16 18:58:14 | 000,094,208 | ---- | C] ( ) -- C:WindowsSystem32lxcjpplc.dll</div>

<div>[2010/05/16 18:58:13 | 000,684,032 | ---- | C] ( ) -- C:WindowsSystem32lxcjcomc.dll</div>

<div>[2010/05/16 18:58:13 | 000,537,520 | ---- | C] ( ) -- C:WindowsSystem32lxcjcoms.exe</div>

<div>[2010/05/16 18:58:13 | 000,421,888 | ---- | C] ( ) -- C:WindowsSystem32lxcjcomm.dll</div>

<div>[2010/05/16 18:58:13 | 000,381,872 | ---- | C] ( ) -- C:WindowsSystem32lxcjcfg.exe</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2012/02/16 13:42:25 | 000,000,262 | ---- | M] () -- C:WindowstasksRMSchedule.job</div>

<div>[2012/02/16 13:38:26 | 000,000,924 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3989152332-3621508421-2473899562-1000UA.job</div>

<div>[2012/02/16 13:38:25 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job</div>

<div>[2012/02/16 13:38:14 | 000,000,888 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job</div>

<div>[2012/02/16 13:38:14 | 000,000,872 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3989152332-3621508421-2473899562-1000Core.job</div>

<div>[2012/02/16 13:38:12 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat</div>

<div>[2012/02/15 15:50:05 | 000,000,418 | -H-- | M] () -- C:WindowstasksNorton Security Scan for John Dean.job</div>

<div>[2012/02/15 10:24:05 | 000,015,648 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2012/02/15 10:24:05 | 000,015,648 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2012/02/13 13:53:01 | 000,626,278 | ---- | M] () -- C:WindowsSystem32perfh009.dat</div>

<div>[2012/02/13 13:53:01 | 000,107,522 | ---- | M] () -- C:WindowsSystem32perfc009.dat</div>

<div>[2012/02/13 13:47:45 | 2211,577,856 | -HS- | M] () -- C:hiberfil.sys</div>

<div>[2012/02/13 13:45:36 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:WindowsSystem32javaws.exe</div>

<div>[2012/02/13 13:45:36 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:WindowsSystem32javaw.exe</div>

<div>[2012/02/13 13:45:36 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:WindowsSystem32java.exe</div>

<div>[2012/02/13 13:45:35 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:WindowsSystem32npdeployJava1.dll</div>

<div>[2012/02/13 13:45:35 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:WindowsSystem32deployJava1.dll</div>

<div>[2012/02/10 13:14:55 | 000,001,031 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk</div>

<div>[2012/02/08 15:54:45 | 000,000,098 | ---- | M] () -- C:WindowsSystem32driversetcHosts</div>

<div>[2012/02/08 14:10:06 | 000,372,688 | ---- | M] () -- C:UsersJohn DeanDocumentsashley knuth virtua statment.pdf</div>

<div>[2012/02/08 14:04:09 | 000,000,894 | ---- | M] () -- C:UsersJohn DeanDocumentsashley knuth virtua statment.asp</div>

<div>[2012/02/08 14:00:46 | 000,001,949 | ---- | M] () -- C:UsersPublicDesktopAdobe Reader X.lnk</div>

<div>[2012/02/08 09:22:08 | 000,000,512 | ---- | M] () -- C:UsersJohn DeanDocumentsMBR.dat</div>

<div>[2012/02/01 10:10:04 | 000,001,713 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk</div>

<div>[2012/02/01 10:05:34 | 000,002,983 | ---- | M] () -- C:UsersJohn DeanDesktopHiJackThis.lnk</div>

<div>[2012/02/01 10:04:42 | 000,001,775 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk</div>

<div>[2012/02/01 08:46:47 | 000,001,797 | ---- | M] () -- C:UsersPublicDesktopKcast for Windows.lnk</div>

<div>[2012/02/01 08:40:44 | 000,002,424 | ---- | M] () -- C:UsersJohn DeanDesktopGoogle Chrome.lnk</div>

<div>[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32MpSigStub.exe</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2012/02/14 22:31:52 | 000,007,510 | R--- | C] () -- C:WindowsSystem32driversNST0200000.010ccSetx86.cat</div>

<div>[2012/02/14 22:31:52 | 000,000,828 | R--- | C] () -- C:WindowsSystem32driversNST0200000.010ccSetx86.inf</div>

<div>[2012/02/14 22:31:52 | 000,000,172 | ---- | C] () -- C:WindowsSystem32driversNST0200000.010isolate.ini</div>

<div>[2012/02/10 13:14:55 | 000,001,031 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk</div>

<div>[2012/02/08 14:10:06 | 000,372,688 | ---- | C] () -- C:UsersJohn DeanDocumentsashley knuth virtua statment.pdf</div>

<div>[2012/02/08 14:04:29 | 000,000,894 | ---- | C] () -- C:UsersJohn DeanDocumentsashley knuth virtua statment.asp</div>

<div>[2012/02/08 14:00:46 | 000,002,441 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader X.lnk</div>

<div>[2012/02/08 14:00:46 | 000,001,949 | ---- | C] () -- C:UsersPublicDesktopAdobe Reader X.lnk</div>

<div>[2012/02/08 09:22:08 | 000,000,512 | ---- | C] () -- C:UsersJohn DeanDocumentsMBR.dat</div>

<div>[2012/02/01 10:10:04 | 000,001,713 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk</div>

<div>[2012/02/01 10:05:34 | 000,002,983 | ---- | C] () -- C:UsersJohn DeanDesktopHiJackThis.lnk</div>

<div>[2012/02/01 10:04:42 | 000,001,775 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk</div>

<div>[2011/03/15 14:24:42 | 000,037,336 | ---- | C] () -- C:WindowsSystem32CleanMFT32.exe</div>

<div>[2010/05/16 18:58:15 | 000,274,432 | ---- | C] () -- C:WindowsSystem32lxcjinst.dll</div>

<div>[2010/04/18 16:36:25 | 000,000,000 | ---- | C] () -- C:Windowsativpsrm.bin</div>

<div>[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:WindowsSystem32RtNicProp32.dll</div>

<div>[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WindowsSystem32OGACheckControl.dll</div>

<div>[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WindowsSystem32OGAEXEC.exe</div>

<div>[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat</div>

<div>[2009/07/13 23:33:53 | 000,409,808 | ---- | C] () -- C:WindowsSystem32FNTCACHE.DAT</div>

<div>[2009/07/13 21:05:48 | 000,626,278 | ---- | C] () -- C:WindowsSystem32perfh009.dat</div>

<div>[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:WindowsSystem32perfi009.dat</div>

<div>[2009/07/13 21:05:48 | 000,107,522 | ---- | C] () -- C:WindowsSystem32perfc009.dat</div>

<div>[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:WindowsSystem32perfd009.dat</div>

<div>[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:WindowsSystem32NOISE.DAT</div>

<div>[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:WindowsSystem32dssec.dat</div>

<div>[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin</div>

<div>[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:WindowsSystem32BthpanContextHandler.dll</div>

<div>[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSystem32BWContextHandler.dll</div>

<div>[2009/06/18 18:29:04 | 000,197,654 | ---- | C] () -- C:WindowsSystem32atiicdxx.dat</div>

<div>[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSystem32mlang.dat</div>

<div>[2007/01/22 08:49:34 | 000,344,064 | ---- | C] () -- C:WindowsSystem32lxcjcoin.dll</div>

<div>[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:WindowsSystem32lxcjvs.dll</div>

<div>[2005/08/08 09:01:04 | 000,061,440 | ---- | C] () -- C:WindowsSystem32lxcjcnv4.dll</div>

<div> </div>

<div>========== Alternate Data Streams ==========</div>

<div> </div>

<div>@Alternate Data Stream - 129 bytes -> C:ProgramDataTEMP:D1B5B4F1</div>

<div> </div>

<div>< End of report ></div>

<div> </div>

Link to comment
Share on other sites

Hello Ashley

 

Your latest OTL log appears to be clean :)

 

The computer is running perfectly as of now. Boots up without flickering and play sushi is no longer hacking my search engine on internet explorer

Lets remove our tools as part of the steps below:

 

If you do not use Ask Toolbar you would be better off uninstalling it.

 

As for registry Cleaners (I see you have Registry Mechanic 10.0 installed) they often cause more harm than good. We do not recommend the use of such programs.

  • Please perform the following cleanup procedure

  • Double click on the OTL.exe icon on your desktop to run the program. (Note: If you are running Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Once OTL has opened, click on the "CleanUp!" button.
  • Follow any prompts that you receive.
  • Removal of Tools

    • You no longer need aswMBR or TDSSKiller. Please delete them from your machine.
    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • You can download Firefox from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    • Please Note: IE9 is not configured to run on XP machines.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.
Link to comment
Share on other sites

Hello Ashley

 

I would like to double check on something before we finish (better safe than sorry)

 

If you haver already removed it, please re-download TDSSKiller again and save it to your desktop.

 

I would like you to run the tool slightly differently this time.

 

  • Open TDSSKiller.
  • When the window opens, click on "Change Parameters".
  • Under "Additional options", put a check mark in the box next to "Detect TDLFS File System".
  • Click OK and then Start scan.

If anything malicious is detected, please select skip for now and post the log for me to review.

 

Many thanks

 

JonTom

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...