Jump to content

Slow IE8


tacticaltal
 Share

Recommended Posts

I'm using IE8 and Firefox. I don't have a lot of trouble with FF, but IE8 is unusable to me due to the slowness of it.

 

I don't really know if I've been hijacked, and I originally put this in the User to User Help part, but it was moved here.

 

Here's the results of my PCPitstop Test:

Here's my HiJackThis Log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:50:19 PM, on 12/22/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesApplication UpdaterApplicationUpdater.exe

C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesJavajre7binjqs.exe

c:PROGRA~1mcafeeSITEAD~1mcsacore.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32svchost.exe

c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32rundll32.exe

C:Program FilesCommon FilesSpigotSearch SettingsSearchSettings.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesMozilla Firefoxplugin-container.exe

C:Program FilesMozilla Firefoxplugin-container.exe

c:PROGRA~1mcafeeSITEAD~1saui.exe

C:WINDOWSsystem32msiexec.exe

C:Program FilesTrend MicroHiJackThisHiJackThis.exe

 

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll

O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll

O4 - HKLM..Run: [searchSettings] "C:Program FilesCommon FilesSpigotSearch SettingsSearchSettings.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"

O4 - HKCU..Run: [Facebook Update] "C:Documents and SettingsTerryLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350834043140

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - c:Program FilesIntuitQuickBooks 2010HelpAsyncPluggableProtocol.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:Program FilesApplication UpdaterApplicationUpdater.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:Program FilesCommon FilesMAGIX ServicesDatabasebinfbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:Program FilesJavajre7binjqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:PROGRA~1mcafeeSITEAD~1mcsacore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:Program FilesMcAfee Security Scan3.0.285McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe

O23 - Service: QBCFMonitorService - Intuit - c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:Program FilesCommon FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe

 

--

End of file - 7738 bytes

Link to comment
Share on other sites

Hello tacticaltal and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

I don't really know if I've been hijacked

Your machine is infected. To determine the extent of the infection (and to help us plan out a course of attack) I need a little more information.

 

Please work your way through the following steps:

  • Download and run OTL by Oldtimer

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    CREATERESTOREPOINT

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
  • aswMBR

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image

     

    Please post both OTL logs and the aswMBR log in your next reply.

     

    You may need to make more than one post to fit all of the information in.

Link to comment
Share on other sites

OTL LOG

 

OTL logfile created on: 12/23/2012 12:40:15 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:Documents and SettingsTerryDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 694.08 Mb Available Physical Memory | 72.42% Memory free

2.26 Gb Paging File | 2.06 Gb Available in Paging File | 91.03% Paging File free

Paging file location(s): C:pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 149.04 Gb Total Space | 134.83 Gb Free Space | 90.47% Space Free | Partition Type: NTFS

 

Computer Name: DEBBIE | User Name: Terry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/12/23 00:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsTerryDesktopOTL.exe

PRC - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe

PRC - [2012/11/28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:Program FilesCommon FilesSpigotSearch SettingsSearchSettings.exe

PRC - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:Program FilesApplication UpdaterApplicationUpdater.exe

PRC - [2012/11/28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:Program FilesJavajre7binjqs.exe

PRC - [2012/07/25 15:03:12 | 000,045,056 | ---- | M] (Intuit) -- c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe

PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe

PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/11/16 15:14:23 | 000,212,992 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.ServiceProce#31b7eef43a23e7c6e93594be583f3d08System.ServiceProcess.ni.dll

MOD - [2012/11/16 12:38:07 | 007,977,472 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System90ad0c96693527ae685ff40019bb33b0System.ni.dll

MOD - [2012/11/16 12:35:41 | 011,492,352 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlib3add69b075f3da012fb97ce00cd795c0mscorlib.ni.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%System32appmgmts.dll -- (AppMgmt)

SRV - [2012/12/12 03:13:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/04 23:57:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:Program FilesApplication UpdaterApplicationUpdater.exe -- (Application Updater)

SRV - [2012/11/28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:Program FilesJavajre7binjqs.exe -- (JavaQuickStarterService)

SRV - [2012/09/05 09:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program FilesMcAfee Security Scan3.0.285McCHSvc.exe -- (McComponentHostService)

SRV - [2012/07/25 15:03:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe -- (Fabs)

SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:Program FilesCommon FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:Program FilesCommon FilesMAGIX ServicesDatabasebinfbserver.exe -- (FirebirdServerMAGIXInstance)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/12/16 23:45:56 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversgfibto.sys -- (gfibto)

DRV - [2012/11/29 10:53:27 | 000,033,408 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversgfiark.sys -- (gfiark)

DRV - [2012/09/21 13:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverslvuvc.sys -- (LVUVC)

DRV - [2012/09/21 13:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverslvrs.sys -- (LVRS)

DRV - [2006/05/19 14:44:52 | 003,965,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversalcxwdm.sys -- (ALCXWDM)

DRV - [2006/02/22 21:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversxfilt.sys -- (xfilt)

DRV - [2006/02/22 21:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversvideX32.sys -- (videX32)

DRV - [2005/03/16 00:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:WINDOWSsystem32driversBIOS.sys -- (BIOS)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant =

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar =

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page =

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0A FB 61 70 9A AF CD 01 [binary data]

IE - HKCU..URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

IE - HKCU..URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll (Spigot, Inc.)

IE - HKCU..SearchScopes,DefaultScope = {842F0B56-860B-4CA5-AB53-BEC46AD34378}

IE - HKCU..SearchScopes{76C5F297-1752-4366-8709-FEEC1E7AFCE7}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU..SearchScopes{842F0B56-860B-4CA5-AB53-BEC46AD34378}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU..SearchScopes{D4992129-F966-4150-9056-64E76508905F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://yahoo.com"

FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

 

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_5_502_135.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.10.2: C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@mcafee.com/SAFFPlugin: C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll (McAfee, Inc.)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/DownloadManager,version=1.1: C:WINDOWS [2012/12/21 16:25:38 | 000,000,000 | ---D | M]

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:Documents and SettingsTerryLocal SettingsApplication DataFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:Program FilesMcAfeeSiteAdvisor [2012/12/21 12:56:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program FilesHPDigital ImagingSmart Web PrintingMozillaAddOn3 [2012/10/23 15:01:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 17.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2012/12/16 23:45:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 17.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2012/12/10 00:07:44 | 000,000,000 | ---D | M]

 

[2012/10/23 22:29:43 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsTerryApplication DataMozillaExtensions

[2012/12/18 15:02:52 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsTerryApplication DataMozillaFirefoxProfilesw47qyqo7.defaultextensions

[2012/11/09 20:15:36 | 000,002,533 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMozillaFirefoxProfilesw47qyqo7.defaultsearchpluginsaol-search.xml

[2012/12/04 23:57:14 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2012/12/21 12:56:14 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:PROGRAM FILESMCAFEESITEADVISOR

[2012/12/04 23:57:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll

[2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml

[2012/10/24 00:29:56 | 000,002,024 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsMcSiteAdvisor.xml

[2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginstwitter.xml

 

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)

O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll (Spigot, Inc.)

O3 - HKLM..Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O3 - HKLM..Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [searchSettings] C:Program FilesCommon FilesSpigotSearch SettingsSearchSettings.exe (Spigot, Inc.)

O4 - HKCU..Run: [Facebook Update] C:Documents and SettingsTerryLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe (Facebook Inc.)

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350831923796 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350834043140 (MUWebControl Class)

O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 74.128.17.114 74.128.19.102

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{C9A81056-A78E-4667-ACE8-18DD55179F58}: DhcpNameServer = 74.128.17.114 74.128.19.102

O18 - ProtocolHandlerdssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O18 - ProtocolHandlerintu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:Program FilesIntuitQuickBooks 2010HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - ProtocolHandlersacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsTerryLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsTerryLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/10/21 07:55:25 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%System32appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/12/23 00:38:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsTerryDesktopOTL.exe

[2012/12/22 12:48:15 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2012/12/22 12:48:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryStart MenuProgramsHiJackThis

[2012/12/18 15:01:58 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe

[2012/12/18 15:01:58 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32java.exe

[2012/12/18 15:01:58 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32WindowsAccessBridge.dll

[2012/12/18 13:02:25 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataYTD

[2012/12/18 12:12:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataSearch Settings

[2012/12/18 12:12:44 | 000,000,000 | ---D | C] -- C:Program FilesApplication Updater

[2012/12/18 12:12:43 | 000,000,000 | ---D | C] -- C:Program FilesYTD Toolbar

[2012/12/18 12:12:43 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesSpigot

[2012/12/17 00:28:57 | 000,000,000 | RH-D | C] -- C:Documents and SettingsTerryRecent

[2012/12/16 23:53:41 | 000,033,408 | ---- | C] (GFI Software) -- C:WINDOWSSystem32driversgfiark.sys

[2012/12/16 23:47:44 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataLavasoftStatistics

[2012/12/16 23:46:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryLocal SettingsApplication DataDownloaded Installations

[2012/12/16 23:45:56 | 000,013,560 | ---- | C] (GFI Software) -- C:WINDOWSSystem32driversgfibto.sys

[2012/12/16 23:45:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datablekko toolbars

[2012/12/16 23:45:33 | 000,000,000 | ---D | C] -- C:Program Filesadawaretb

[2012/12/16 23:45:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication Dataadawaretb

[2012/12/16 23:45:32 | 000,000,000 | ---D | C] -- C:Program FilesToolbar Cleaner

[2012/12/15 19:04:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsREAPER

[2012/12/15 19:03:53 | 000,000,000 | ---D | C] -- C:Program FilesREAPER

[2012/12/13 03:42:28 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsCCleaner

[2012/12/13 03:42:27 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2012/12/12 18:57:56 | 000,000,000 | -HSD | C] -- C:WINDOWSftpcache

[2012/12/12 00:29:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsPdf2Jpg

[2012/12/12 00:29:13 | 000,000,000 | ---D | C] -- C:Program FilesPdf2Jpg

[2012/12/10 17:29:53 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32spmsg.dll

[2012/12/10 17:29:32 | 000,000,000 | ---D | C] -- C:Program FilesWindows Media Connect 2

[2012/12/10 17:28:00 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32driversUMDF

[2012/12/10 17:28:00 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32LogFiles

[2012/12/10 01:44:59 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerApp.exe

[2012/12/10 00:08:08 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMcAfee Security Scan

[2012/12/10 00:08:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMcAfee Security Scan Plus

[2012/12/10 00:08:05 | 000,000,000 | ---D | C] -- C:Program FilesMcAfee Security Scan

[2012/12/10 00:07:36 | 000,000,000 | ---D | C] -- C:Program FilesAdobe

[2012/12/10 00:07:35 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesAdobe

[2012/12/09 23:33:37 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2012/12/09 23:31:48 | 000,000,000 | ---D | C] -- C:Program Filesfp_10.3.r183.43_archive

[2012/12/07 18:56:13 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryLocal SettingsApplication DataWMTools Downloaded Files

[2012/12/07 18:45:18 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Videos

[2012/12/04 23:57:14 | 000,000,000 | ---D | C] -- C:Program FilesMozilla Firefox

[2012/12/04 21:20:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMicrosoft Silverlight

[2012/12/04 21:20:53 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Silverlight

[2012/12/04 13:03:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryLocal SettingsApplication DataSpotify

[2012/12/04 13:02:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataSpotify

[5 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/12/23 00:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsTerryDesktopOTL.exe

[2012/12/23 00:16:58 | 000,000,264 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick Launchhoosier lottery - mix & match.URL

[2012/12/23 00:12:00 | 000,000,830 | ---- | M] () -- C:WINDOWStasksAdobe Flash Player Updater.job

[2012/12/22 22:44:00 | 000,000,998 | ---- | M] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005UA.job

[2012/12/22 16:44:00 | 000,000,976 | ---- | M] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005Core.job

[2012/12/22 16:23:04 | 000,032,095 | ---- | M] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-1a.PNG

[2012/12/22 16:20:31 | 000,053,864 | ---- | M] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0a.JPG

[2012/12/22 16:20:03 | 000,053,864 | ---- | M] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0.jpg

[2012/12/22 12:52:31 | 000,001,692 | ---- | M] () -- C:Documents and SettingsTerryDesktopWelcome to PC PitStop!.url

[2012/12/22 12:50:48 | 000,002,447 | ---- | M] () -- C:Documents and SettingsTerryDesktopHiJackThis.lnk

[2012/12/21 12:56:19 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/12/21 12:56:17 | 000,282,928 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2012/12/21 12:36:52 | 002,359,350 | ---- | M] () -- C:Documents and SettingsTerryDesktopss.bmp

[2012/12/21 02:04:39 | 000,031,744 | ---- | M] () -- C:Documents and SettingsTerryLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/12/20 00:56:32 | 000,000,422 | ---- | M] () -- C:Documents and SettingsTerryDesktopVincent Guitar Lesson - YouTube.url

[2012/12/20 00:37:46 | 000,435,260 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/12/20 00:37:46 | 000,068,156 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/12/18 12:12:13 | 000,000,942 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk

[2012/12/18 02:03:33 | 000,000,353 | ---- | M] () -- C:Documents and SettingsTerryDesktopfingerpicking Freight train.url

[2012/12/17 22:53:53 | 000,000,353 | ---- | M] () -- C:Documents and SettingsTerryDesktopVincent nesh16041972.url

[2012/12/17 00:33:40 | 000,029,612 | ---- | M] () -- C:Documents and SettingsTerryDesktopcc_20121217_003327.reg

[2012/12/17 00:26:21 | 000,000,211 | -HS- | M] () -- C:boot.ini

[2012/12/16 23:45:56 | 000,013,560 | ---- | M] (GFI Software) -- C:WINDOWSSystem32driversgfibto.sys

[2012/12/16 14:00:34 | 000,013,702 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32dllcacheatmfd.dll

[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32atmfd.dll

[2012/12/15 19:04:06 | 000,000,654 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopREAPER.lnk

[2012/12/14 22:15:25 | 000,001,261 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopLogitech Webcam Software .lnk

[2012/12/14 14:19:26 | 002,359,350 | ---- | M] () -- C:Documents and SettingsTerryDesktoppmmessages~tg.bmp

[2012/12/14 13:40:07 | 000,094,127 | ---- | M] () -- C:Documents and SettingsTerryDesktopscreenshot~tgmessages.jpg

[2012/12/13 03:45:36 | 000,064,076 | ---- | M] () -- C:Documents and SettingsTerryDesktopbkup~cc_20121213_034502.reg

[2012/12/13 03:42:28 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopCCleaner.lnk

[2012/12/12 19:02:57 | 009,835,527 | ---- | M] () -- C:Documents and SettingsTerryDesktopvideoplayback.webm

[2012/12/12 18:49:37 | 009,079,493 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsStardust-Hoagy Carmichael Guitar Cover- Willie Nelson style.flv

[2012/12/12 18:44:30 | 000,000,800 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchWindows Media Player.lnk

[2012/12/12 18:15:10 | 000,000,815 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/12/12 16:41:24 | 009,084,928 | R--- | M] () -- C:Documents and SettingsTerryMy DocumentsHANDYMAN ELECTRICv2.QBW

[2012/12/12 16:41:24 | 001,376,256 | R--- | M] () -- C:Documents and SettingsTerryMy DocumentsHANDYMAN ELECTRICv2.QBW.TLG

[2012/12/12 16:41:24 | 000,000,370 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsHANDYMAN ELECTRICv2.QBW.ND

[2012/12/12 03:12:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerApp.exe

[2012/12/12 03:12:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2012/12/10 17:29:46 | 000,023,392 | ---- | M] () -- C:WINDOWSSystem32nscompat.tlb

[2012/12/10 17:29:46 | 000,016,832 | ---- | M] () -- C:WINDOWSSystem32amcompat.tlb

[2012/12/10 17:28:45 | 000,316,640 | ---- | M] () -- C:WINDOWSWMSysPr9.prx

[2012/12/10 17:28:02 | 000,000,000 | -H-- | M] () -- C:WINDOWSSystem32driversUMDFMsftWdf_user_01_00_00.Wdf

[2012/12/10 00:08:06 | 000,001,807 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMcAfee Security Scan Plus.lnk

[2012/12/10 00:07:45 | 000,001,734 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader XI.lnk

[2012/12/07 01:45:50 | 000,000,249 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchElectrician Talk.URL

[2012/12/06 22:49:50 | 000,000,137 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchEPD.URL

[2012/12/05 22:36:53 | 000,000,309 | ---- | M] () -- C:Documents and SettingsTerryDesktopDashboard - Bing Webmaster Tools.URL

[2012/12/05 22:36:50 | 000,000,301 | ---- | M] () -- C:Documents and SettingsTerryDesktopGOPUSA.URL

[2012/12/05 22:36:46 | 000,000,338 | ---- | M] () -- C:Documents and SettingsTerryDesktopWiring Utility Controlled Meter-base, Wiring a New Main Service Rated Panel, Installing the Grounding System (NEC 2002) - Se.URL

[2012/12/05 22:36:44 | 000,000,238 | ---- | M] () -- C:Documents and SettingsTerryDesktopTwitter.URL

[2012/12/05 22:36:40 | 000,000,303 | ---- | M] () -- C:Documents and SettingsTerryDesktopRefacing Kitchen Cabinets Complete Instructions 3 of 6.URL

[2012/12/05 22:36:39 | 000,000,241 | ---- | M] () -- C:Documents and SettingsTerryDesktopPhotobucket.URL

[2012/12/05 22:36:35 | 000,000,279 | ---- | M] () -- C:Documents and SettingsTerryDesktopNatural handyman.URL

[2012/12/05 22:36:31 | 000,000,268 | ---- | M] () -- C:Documents and SettingsTerryDesktopHow to Calculate Your hourly Rate as a Handyman.URL

[2012/12/05 22:36:24 | 000,000,249 | ---- | M] () -- C:Documents and SettingsTerryDesktophome depot forums.URL

[2012/12/05 22:36:17 | 000,000,243 | ---- | M] () -- C:Documents and SettingsTerryDesktopHome Depot.URL

[2012/12/05 22:36:14 | 000,000,242 | ---- | M] () -- C:Documents and SettingsTerryDesktopheritage.org.URL

[2012/12/05 22:36:11 | 000,000,299 | ---- | M] () -- C:Documents and SettingsTerryDesktopGUILT - OR WHY IT'S GOOD TO FEEL BAD - NYTimes.com.URL

[2012/12/05 22:36:08 | 000,000,276 | ---- | M] () -- C:Documents and SettingsTerryDesktopGeorge Carlin On His Time In The Military - YouTube.URL

[2012/12/05 22:35:52 | 000,000,249 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchDIY Chatroom.URL

[2012/12/05 22:35:50 | 000,000,250 | ---- | M] () -- C:Documents and SettingsTerryDesktopBrowning Genealogy Evansville Area Obituary Search.URL

[2012/12/05 22:34:23 | 000,000,260 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsStars Fell On Alabama, acoustic guitar instrumental - YouTube.URL

[2012/12/05 22:34:18 | 000,000,260 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsAutumn Leaves Eric Clapton Cover - YouTube.URL

[2012/12/04 13:03:03 | 000,001,854 | ---- | M] () -- C:Documents and SettingsTerryDesktopSpotify.lnk

[2012/12/02 23:40:56 | 000,001,349 | ---- | M] () -- C:Documents and SettingsTerryDesktop~electriciansforum_reply.rtf

[2012/12/01 08:13:25 | 000,017,435 | ---- | M] () -- C:Documents and SettingsTerryDesktopsoffit.jpg

[2012/11/30 07:20:22 | 000,087,627 | ---- | M] () -- C:Documents and SettingsTerryDesktopimage-3272025367.jpg

[2012/11/29 10:53:27 | 000,033,408 | ---- | M] (GFI Software) -- C:WINDOWSSystem32driversgfiark.sys

[2012/11/28 10:35:22 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32WindowsAccessBridge.dll

[2012/11/28 10:31:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe

[2012/11/28 10:31:25 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32java.exe

[2012/11/27 23:33:39 | 000,004,718 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsPrice Book~csv.csv

[2012/11/24 23:42:01 | 000,000,112 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchCNSnews.URL

[2012/11/24 23:36:43 | 000,000,074 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchContractors ~Evansville.URL

[2012/11/23 02:02:51 | 000,000,022 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsThumbs.zip

[2012/11/23 01:59:44 | 000,000,022 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsLogitech Webcam.zip

[2012/11/23 01:55:29 | 000,006,118 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsMicrosoft Websites.zip

[5 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/12/23 00:16:58 | 000,000,264 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick Launchhoosier lottery - mix & match.URL

[2012/12/22 16:23:04 | 000,032,095 | ---- | C] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-1a.PNG

[2012/12/22 16:20:31 | 000,053,864 | ---- | C] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0a.JPG

[2012/12/22 16:18:08 | 000,053,864 | ---- | C] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0.jpg

[2012/12/22 12:52:31 | 000,001,692 | ---- | C] () -- C:Documents and SettingsTerryDesktopWelcome to PC PitStop!.url

[2012/12/22 12:48:15 | 000,002,447 | ---- | C] () -- C:Documents and SettingsTerryDesktopHiJackThis.lnk

[2012/12/21 16:39:50 | 000,000,998 | ---- | C] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005UA.job

[2012/12/21 16:39:50 | 000,000,976 | ---- | C] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005Core.job

[2012/12/21 12:36:52 | 002,359,350 | ---- | C] () -- C:Documents and SettingsTerryDesktopss.bmp

[2012/12/20 00:56:31 | 000,000,422 | ---- | C] () -- C:Documents and SettingsTerryDesktopVincent Guitar Lesson - YouTube.url

[2012/12/18 12:12:13 | 000,000,942 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk

[2012/12/18 02:03:33 | 000,000,353 | ---- | C] () -- C:Documents and SettingsTerryDesktopfingerpicking Freight train.url

[2012/12/17 22:53:53 | 000,000,353 | ---- | C] () -- C:Documents and SettingsTerryDesktopVincent nesh16041972.url

[2012/12/17 00:33:31 | 000,029,612 | ---- | C] () -- C:Documents and SettingsTerryDesktopcc_20121217_003327.reg

[2012/12/15 19:04:06 | 000,000,654 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopREAPER.lnk

[2012/12/14 22:15:25 | 000,001,261 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopLogitech Webcam Software .lnk

[2012/12/14 14:19:26 | 002,359,350 | ---- | C] () -- C:Documents and SettingsTerryDesktoppmmessages~tg.bmp

[2012/12/14 13:40:07 | 000,094,127 | ---- | C] () -- C:Documents and SettingsTerryDesktopscreenshot~tgmessages.jpg

[2012/12/13 03:45:24 | 000,064,076 | ---- | C] () -- C:Documents and SettingsTerryDesktopbkup~cc_20121213_034502.reg

[2012/12/13 03:42:28 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopCCleaner.lnk

[2012/12/12 19:02:30 | 009,835,527 | ---- | C] () -- C:Documents and SettingsTerryDesktopvideoplayback.webm

[2012/12/12 18:47:24 | 009,079,493 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsStardust-Hoagy Carmichael Guitar Cover- Willie Nelson style.flv

[2012/12/12 18:15:10 | 000,000,815 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/12/10 17:28:02 | 000,000,000 | -H-- | C] () -- C:WINDOWSSystem32driversUMDFMsftWdf_user_01_00_00.Wdf

[2012/12/10 01:45:00 | 000,000,830 | ---- | C] () -- C:WINDOWStasksAdobe Flash Player Updater.job

[2012/12/10 00:08:06 | 000,001,807 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopMcAfee Security Scan Plus.lnk

[2012/12/10 00:07:45 | 000,001,804 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsAdobe Reader XI.lnk

[2012/12/10 00:07:45 | 000,001,734 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader XI.lnk

[2012/12/07 01:45:50 | 000,000,249 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchElectrician Talk.URL

[2012/12/06 22:48:49 | 000,000,137 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchEPD.URL

[2012/12/05 22:36:53 | 000,000,309 | ---- | C] () -- C:Documents and SettingsTerryDesktopDashboard - Bing Webmaster Tools.URL

[2012/12/05 22:36:50 | 000,000,301 | ---- | C] () -- C:Documents and SettingsTerryDesktopGOPUSA.URL

[2012/12/05 22:36:46 | 000,000,338 | ---- | C] () -- C:Documents and SettingsTerryDesktopWiring Utility Controlled Meter-base, Wiring a New Main Service Rated Panel, Installing the Grounding System (NEC 2002) - Se.URL

[2012/12/05 22:36:44 | 000,000,238 | ---- | C] () -- C:Documents and SettingsTerryDesktopTwitter.URL

[2012/12/05 22:36:40 | 000,000,303 | ---- | C] () -- C:Documents and SettingsTerryDesktopRefacing Kitchen Cabinets Complete Instructions 3 of 6.URL

[2012/12/05 22:36:39 | 000,000,241 | ---- | C] () -- C:Documents and SettingsTerryDesktopPhotobucket.URL

[2012/12/05 22:36:35 | 000,000,279 | ---- | C] () -- C:Documents and SettingsTerryDesktopNatural handyman.URL

[2012/12/05 22:36:31 | 000,000,268 | ---- | C] () -- C:Documents and SettingsTerryDesktopHow to Calculate Your hourly Rate as a Handyman.URL

[2012/12/05 22:36:24 | 000,000,249 | ---- | C] () -- C:Documents and SettingsTerryDesktophome depot forums.URL

[2012/12/05 22:36:17 | 000,000,243 | ---- | C] () -- C:Documents and SettingsTerryDesktopHome Depot.URL

[2012/12/05 22:36:14 | 000,000,242 | ---- | C] () -- C:Documents and SettingsTerryDesktopheritage.org.URL

[2012/12/05 22:36:11 | 000,000,299 | ---- | C] () -- C:Documents and SettingsTerryDesktopGUILT - OR WHY IT'S GOOD TO FEEL BAD - NYTimes.com.URL

[2012/12/05 22:36:08 | 000,000,276 | ---- | C] () -- C:Documents and SettingsTerryDesktopGeorge Carlin On His Time In The Military - YouTube.URL

[2012/12/05 22:35:52 | 000,000,249 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchDIY Chatroom.URL

[2012/12/05 22:35:50 | 000,000,250 | ---- | C] () -- C:Documents and SettingsTerryDesktopBrowning Genealogy Evansville Area Obituary Search.URL

[2012/12/05 22:34:23 | 000,000,260 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsStars Fell On Alabama, acoustic guitar instrumental - YouTube.URL

[2012/12/05 22:34:18 | 000,000,260 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsAutumn Leaves Eric Clapton Cover - YouTube.URL

[2012/12/04 13:03:03 | 000,001,860 | ---- | C] () -- C:Documents and SettingsTerryStart MenuProgramsSpotify.lnk

[2012/12/04 13:03:03 | 000,001,854 | ---- | C] () -- C:Documents and SettingsTerryDesktopSpotify.lnk

[2012/12/02 23:40:56 | 000,001,349 | ---- | C] () -- C:Documents and SettingsTerryDesktop~electriciansforum_reply.rtf

[2012/12/01 08:13:24 | 000,017,435 | ---- | C] () -- C:Documents and SettingsTerryDesktopsoffit.jpg

[2012/11/30 07:20:21 | 000,087,627 | ---- | C] () -- C:Documents and SettingsTerryDesktopimage-3272025367.jpg

[2012/11/24 23:42:01 | 000,000,112 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchCNSnews.URL

[2012/11/24 23:36:43 | 000,000,074 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchContractors ~Evansville.URL

[2012/11/23 01:57:00 | 000,133,632 | ---- | C] () -- C:Documents and SettingsTerryMy Documentswork order onsite.pub

[2012/11/23 01:56:58 | 002,096,160 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsCarlon Catalog.pdf

[2012/11/23 01:56:58 | 000,571,305 | ---- | C] () -- C:Documents and SettingsTerryMy Documentsestimate_quote.jpg

[2012/11/23 01:56:58 | 000,565,707 | ---- | C] () -- C:Documents and SettingsTerryMy Documentsestimatesheet.jpg

[2012/11/23 01:56:58 | 000,168,960 | ---- | C] () -- C:Documents and SettingsTerryMy Documentscompany multi-expense.pub

[2012/11/23 01:56:58 | 000,158,456 | ---- | C] () -- C:Documents and SettingsTerryMy Documentsmaterials form.JPG

[2012/11/23 01:56:58 | 000,125,952 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsInvoice_BLANK.pub

[2012/11/23 01:56:58 | 000,124,928 | ---- | C] () -- C:Documents and SettingsTerryMy Documentsmaterialslist.pub

[2012/11/23 01:56:58 | 000,067,584 | ---- | C] () -- C:Documents and SettingsTerryMy Documentsbizcard.pub

[2012/11/23 01:56:58 | 000,036,372 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsHandyman-Electric-invoice~goldman.pdf

[2012/11/23 01:56:58 | 000,006,144 | ---- | C] () -- C:Documents and SettingsTerryMy Documentsbizcard1.wps

[2012/11/23 01:56:58 | 000,003,054 | ---- | C] () -- C:Documents and SettingsTerryMy Documentslogo.jpeg

[2012/11/14 20:22:55 | 000,120,200 | ---- | C] () -- C:WINDOWSSystem32DLLDEV32i.dll

[2012/11/09 20:11:16 | 000,000,034 | -H-- | C] () -- C:WINDOWSSystem32Converter_sysquict.dat

[2012/11/09 20:10:54 | 000,164,352 | ---- | C] () -- C:WINDOWSSystem32unrar.dll

[2012/11/09 20:10:51 | 000,755,027 | ---- | C] () -- C:WINDOWSSystem32xvidcore.dll

[2012/11/09 20:10:50 | 003,596,288 | ---- | C] () -- C:WINDOWSSystem32qt-dx331.dll

[2012/11/09 20:10:50 | 000,159,839 | ---- | C] () -- C:WINDOWSSystem32xvidvfw.dll

[2012/11/09 20:10:49 | 000,007,680 | ---- | C] () -- C:WINDOWSSystem32ff_vfw.dll

[2012/11/02 00:17:55 | 000,000,090 | ---- | C] () -- C:WINDOWSQBChanUtil_Trigger.ini

[2012/10/23 20:43:00 | 000,031,744 | ---- | C] () -- C:Documents and SettingsTerryLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/23 14:54:21 | 000,171,563 | ---- | C] () -- C:WINDOWShpwins27.dat

[2012/10/23 14:54:20 | 000,000,385 | ---- | C] () -- C:WINDOWShpwmdl27.dat

[2012/10/21 11:09:32 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll

[2012/10/21 08:11:08 | 000,040,960 | ---- | C] () -- C:WINDOWSSystem32ChCfg.exe

[2012/10/21 08:10:28 | 000,135,168 | ---- | C] () -- C:WINDOWSSystem32RtlCPAPI.dll

[2012/10/21 08:09:30 | 000,061,440 | ---- | C] () -- C:WINDOWSSystem32vuins32.dll

[2012/10/21 07:57:49 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2012/10/21 07:52:25 | 000,021,640 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2012/10/21 02:43:40 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2012/10/21 02:42:26 | 000,282,928 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2012/01/18 00:44:00 | 010,919,784 | ---- | C] () -- C:WINDOWSSystem32LogiDPP.dll

[2012/01/18 00:44:00 | 000,338,136 | ---- | C] () -- C:WINDOWSSystem32DevManagerCore.dll

[2012/01/18 00:44:00 | 000,103,272 | ---- | C] () -- C:WINDOWSSystem32LogiDPPApp.exe

[2011/11/16 19:40:38 | 000,028,418 | ---- | C] () -- C:WINDOWSSystem32lvcoinst.ini

 

========== ZeroAccess Check ==========

 

[2012/10/22 23:30:23 | 000,000,227 | RHS- | M] () -- C:WINDOWSassemblyDesktop.ini

 

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

 

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

"" = %SystemRoot%system32shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]

"" = C:WINDOWSsystem32wbemfastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

"" = C:WINDOWSsystem32wbemwbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2012/12/16 23:45:38 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datablekko toolbars

[2012/11/02 00:17:54 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataCOMMON FILES

[2012/11/14 20:24:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMAGIX

[2012/11/02 00:18:27 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataNuance

[2012/11/02 13:46:53 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSQL Anywhere 11

[2012/12/20 00:20:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataYTD Video Downloader

[2012/12/16 23:45:33 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication Dataadawaretb

[2012/12/16 23:13:26 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataAudacity

[2012/11/03 00:40:21 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataElevatedDiagnostics

[2012/10/23 00:50:50 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataLeadertech

[2012/11/14 20:24:42 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataMAGIX

[2012/10/24 00:29:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataOpenCandy

[2012/12/15 19:04:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataREAPER

[2012/12/18 12:12:54 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataSearch Settings

[2012/12/04 21:14:57 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataSpotify

[2012/12/18 13:02:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsTerryApplication DataYTD

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%*.exe >

 

< MD5 for: AGP440.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp2.cab:AGP440.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp3.cab:AGP440.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:WINDOWSServicePackFilesi386sp3.cab:AGP440.sys

[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:WINDOWSServicePackFilesi386agp440.sys

[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:WINDOWSsystem32driversagp440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp2.cab:atapi.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp3.cab:atapi.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:WINDOWSServicePackFilesi386sp3.cab:atapi.sys

[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSServicePackFilesi386atapi.sys

[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32driversatapi.sys

[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:WINDOWS$NtServicePackUninstall$atapi.sys

[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:WINDOWSsystem32ReinstallBackups0007DriverFilesi386atapi.sys

[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:WINDOWSsystem32ReinstallBackups0008DriverFilesi386atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSServicePackFilesi386eventlog.dll

[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSsystem32eventlog.dll

[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:WINDOWS$NtServicePackUninstall$eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSServicePackFilesi386netlogon.dll

[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSsystem32netlogon.dll

[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:WINDOWS$NtServicePackUninstall$netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:WINDOWS$NtServicePackUninstall$scecli.dll

[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSServicePackFilesi386scecli.dll

[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSsystem32scecli.dll

 

< %systemroot%*. /mp /s >

 

< %systemroot%system32*.dll /lockedfiles >

[5 C:WINDOWSsystem32*.tmp files -> C:WINDOWSsystem32*.tmp -> ]

 

< %systemroot%Tasks*.job /lockedfiles >

 

< %systemroot%system32drivers*.sys /lockedfiles >

 

< %systemroot%System32config*.sav >

[2012/10/21 02:41:33 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav

[2012/10/21 02:41:33 | 000,634,880 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav

[2012/10/21 02:41:33 | 000,888,832 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav

 

< %systemroot%system32drivers*.sys /90 >

[2012/11/29 10:53:27 | 000,033,408 | ---- | M] (GFI Software) -- C:WINDOWSsystem32driversgfiark.sys

[2012/12/16 23:45:56 | 000,013,560 | ---- | M] (GFI Software) -- C:WINDOWSsystem32driversgfibto.sys

< End of report >

Link to comment
Share on other sites

OTL EXTRAS

 

OTL Extras logfile created on: 12/23/2012 12:40:15 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:Documents and SettingsTerryDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 694.08 Mb Available Physical Memory | 72.42% Memory free

2.26 Gb Paging File | 2.06 Gb Available in Paging File | 91.03% Paging File free

Paging file location(s): C:pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 149.04 Gb Total Space | 134.83 Gb Free Space | 90.47% Space Free | Partition Type: NTFS

 

Computer Name: DEBBIE | User Name: Terry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.html [@ = FirefoxHTML] -- C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]

"Start" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe" = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%Network Diagnosticxpnetdiag.exe" = %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:Program FilesHPDigital Imagingbinhpqtra08.exe" = C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqste08.exe" = C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpofxm08.exe" = C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhposfx08.exe" = C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhposid01.exe" = C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqkygrp.exe" = C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital ImagingbinhpfcCopy.exe" = C:Program FilesHPDigital ImagingbinhpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:Program FilesHPDigital Imagingbinhpzwiz01.exe" = C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpoews01.exe" = C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpiscnapp.exe" = C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingbinhpofxs08.exe" = C:Program FilesHPDigital Imagingbinhpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqfxt08.exe" = C:Program FilesHPDigital Imagingbinhpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe" = C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqgpc01.exe" = C:Program FilesHPDigital Imagingbinhpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingbinhpqusgm.exe" = C:Program FilesHPDigital Imagingbinhpqusgm.exe:*:Enabled:hpqusgm.exe

"C:Program FilesHPDigital Imagingbinhpqusgh.exe" = C:Program FilesHPDigital Imagingbinhpqusgh.exe:*:Enabled:hpqusgh.exe

"C:Program FilesHPHP Software UpdateHPWUCli.exe" = C:Program FilesHPHP Software UpdateHPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe" = C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe" = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%Network Diagnosticxpnetdiag.exe" = %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:Program FilesHPDigital Imagingbinhpqtra08.exe" = C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqste08.exe" = C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpofxm08.exe" = C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhposfx08.exe" = C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhposid01.exe" = C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqkygrp.exe" = C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital ImagingbinhpfcCopy.exe" = C:Program FilesHPDigital ImagingbinhpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:Program FilesHPDigital Imagingbinhpzwiz01.exe" = C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpoews01.exe" = C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpiscnapp.exe" = C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingbinhpofxs08.exe" = C:Program FilesHPDigital Imagingbinhpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqfxt08.exe" = C:Program FilesHPDigital Imagingbinhpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe" = C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpqgpc01.exe" = C:Program FilesHPDigital Imagingbinhpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingbinhpqusgm.exe" = C:Program FilesHPDigital Imagingbinhpqusgm.exe:*:Enabled:hpqusgm.exe

"C:Program FilesHPDigital Imagingbinhpqusgh.exe" = C:Program FilesHPDigital Imagingbinhpqusgh.exe:*:Enabled:hpqusgh.exe

"C:Program FilesHPHP Software UpdateHPWUCli.exe" = C:Program FilesHPHP Software UpdateHPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe" = C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:Program FilesIntuitQuickBooks 2010QBDBMgrN.exe" = C:Program FilesIntuitQuickBooks 2010QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)

"C:WINDOWSsystem32dpvsetup.exe" = C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:WINDOWSsystem32rundll32.exe" = C:WINDOWSsystem32rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)

"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE" = C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE" = C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE" = C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:Documents and SettingsTerryApplication DataSpotifyspotify.exe" = C:Documents and SettingsTerryApplication DataSpotifyspotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:Program FilesLogitechVid HDVid.exe" = C:Program FilesLogitechVid HDVid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

"C:Program FilesJavajre7binjava.exe" = C:Program FilesJavajre7binjava.exe:*:Enabled:Java Platform SE binary -- (Oracle Corporation)

"C:Documents and SettingsTerryLocal SettingsApplication DataFacebookVideoSkypeFacebookVideoCalling.exe" = C:Documents and SettingsTerryLocal SettingsApplication DataFacebookVideoSkypeFacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks

"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min

"{3ECECC41-64EC-47F7-BCD1-6EC7039FF88A}" = YTD Toolbar v6.6

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{533D415A-4151-4AC5-858E-4068524C8051}_is1" = Pdf2Jpg version 1.2

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Audacity_is1" = Audacity 2.0.2

"CCleaner" = CCleaner

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)

"LAME_is1" = LAME v3.99.3 (for Windows)

"Logitech Vid" = Logitech Vid HD

"MAGIX Photo Manager 9 US" = MAGIX Photo Manager 9

"MAGIX Screenshare US" = MAGIX Screenshare

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"REAPER" = REAPER

"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Spotify" = Spotify

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11/28/2012 9:19:08 PM | Computer Name = DEBBIE | Source = Application Hang | ID = 1002

Description = Hanging application AcroRd32.exe, version 11.0.0.379, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 12/1/2012 12:10:08 AM | Computer Name = DEBBIE | Source = Application Error | ID = 1000

Description = Faulting application cocimanager.exe, version 13.30.1379.0, faulting

module unknown, version 0.0.0.0, fault address 0x01260337.

 

Error - 12/3/2012 11:25:28 PM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

 

Error - 12/3/2012 11:25:28 PM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

 

Error - 12/3/2012 11:25:28 PM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

 

Error - 12/4/2012 12:25:57 AM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks Simple Start 2010":

tlg

file removal failed because the file was still ope

 

Error - 12/7/2012 4:49:01 PM | Computer Name = DEBBIE | Source = Application Error | ID = 1000

Description = Faulting application cocimanager.exe, version 13.30.1379.0, faulting

module unknown, version 0.0.0.0, fault address 0x003df91f.

 

Error - 12/12/2012 1:10:05 AM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

 

Error - 12/12/2012 1:10:05 AM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

 

Error - 12/12/2012 1:10:05 AM | Computer Name = DEBBIE | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

 

[ System Events ]

Error - 11/16/2012 3:10:11 AM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 11/16/2012 3:10:11 AM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 11/16/2012 3:10:12 AM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 11/16/2012 3:10:12 AM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 11/16/2012 3:10:12 AM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 11/21/2012 1:12:17 AM | Computer Name = DEBBIE | Source = atapi | ID = 262153

Description = The device, DeviceIdeIdePort3, did not respond within the timeout

period.

 

Error - 11/21/2012 1:12:27 AM | Computer Name = DEBBIE | Source = atapi | ID = 262153

Description = The device, DeviceIdeIdePort3, did not respond within the timeout

period.

 

Error - 11/21/2012 1:28:45 AM | Computer Name = DEBBIE | Source = atapi | ID = 262153

Description = The device, DeviceIdeIdePort3, did not respond within the timeout

period.

 

Error - 11/21/2012 1:28:50 AM | Computer Name = DEBBIE | Source = atapi | ID = 262153

Description = The device, DeviceIdeIdePort3, did not respond within the timeout

period.

 

Error - 11/23/2012 3:59:02 AM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7034

Description = The QBCFMonitorService service terminated unexpectedly. It has done

this 1 time(s).

 

 

< End of report >

Link to comment
Share on other sites

asw log

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-23 00:50:19

-----------------------------

00:50:19.171 OS Version: Windows 5.1.2600 Service Pack 3

00:50:19.171 Number of processors: 1 586 0x207

00:50:19.171 ComputerName: DEBBIE UserName: Terry

00:50:22.250 Initialize success

00:52:15.281 AVAST engine defs: 12122200

00:52:26.859 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP2T0L0-12

00:52:26.859 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3

00:52:26.875 Disk 0 MBR read successfully

00:52:26.875 Disk 0 MBR scan

00:52:26.906 Disk 0 Windows XP default MBR code

00:52:26.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63

00:52:26.921 Disk 0 scanning sectors +312560640

00:52:26.953 Disk 0 malicious Win32:MBRoot code @ sector 312560643 !

00:52:27.000 Disk 0 scanning C:WINDOWSsystem32drivers

00:52:39.375 Service scanning

00:52:56.671 Modules scanning

00:53:01.875 Disk 0 trace - called modules:

00:53:01.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS

00:53:01.890 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8578cab8]

00:53:01.890 3 CLASSPNP.SYS[f75e3fd7] -> nt!IofCallDriver -> Device00000057[0x857cbf18]

00:53:01.890 5 ACPI.sys[f755a620] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP2T0L0-12[0x85738030]

00:53:02.328 AVAST engine scan C:WINDOWS

00:53:06.265 AVAST engine scan C:WINDOWSsystem32

00:56:31.859 AVAST engine scan C:WINDOWSsystem32drivers

00:56:56.171 AVAST engine scan C:Documents and SettingsTerry

00:59:18.843 AVAST engine scan C:Documents and SettingsAll Users

01:00:25.609 Scan finished successfully

01:00:36.890 Disk 0 MBR has been saved successfully to "C:Documents and SettingsTerryDesktopMBR.dat"

01:00:36.890 The log file has been saved successfully to "C:Documents and SettingsTerryDesktopaswMBR.txt"

Link to comment
Share on other sites

Hello Tacticaltal

 

Thank you for the logs.

  • Please open OTL

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      PRC - [2012/11/28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
      PRC - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
      SRV - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.)
      O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
      [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      
      :Files
      C:\Program Files\Common Files\Spigot
      C:\Program Files\Application Updater
      C:\Program Files\YTD Toolbar
      C:\Documents and Settings\Terry\Application Data\YTD
      C:\Documents and Settings\Terry\Application Data\Search Settings
      C:\Documents and Settings\All Users\Application Data\blekko toolbars
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [start explorer]
      [Reboot]
      
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • Junkware Removal Tool

     

    Please download Junkware Removal Tool to your desktop.

    • Shutdown your antivirus to avoid any conflicts.
    • Double click JRT.exe to run the tool.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    The following tool may present you with the option to cure anything that is detected. Please do not cure anything at this time (I only need to review the log produced).
  • TDSS Killer

    • Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
    • When the window opens, click on Change Parameters.
    • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
    • Click on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on SKIP.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Please post the required logs in your next reply.
Link to comment
Share on other sites

OTL LOG

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Process SearchSettings.exe killed successfully!

No active process named ApplicationUpdater.exe was found!

Service Application Updater stopped successfully!

Service Application Updater deleted successfully!

C:Program FilesApplication UpdaterApplicationUpdater.exe moved successfully.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.

C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll moved successfully.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.

File C:Program FilesYTD ToolbarIE6.6ytdToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun deleted successfully.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunSearchSettings deleted successfully.

C:Program FilesCommon FilesSpigotSearch SettingsSearchSettings.exe moved successfully.

C:WINDOWSSystem32CONFIG.TMP deleted successfully.

C:WINDOWSSystem32SET70.tmp deleted successfully.

C:WINDOWSSystem32SET74.tmp deleted successfully.

C:WINDOWSSystem32SET75.tmp deleted successfully.

C:WINDOWSSystem32SET7C.tmp deleted successfully.

========== FILES ==========

C:Program FilesCommon FilesSpigotwtxpcomcomponents folder moved successfully.

C:Program FilesCommon FilesSpigotwtxpcomchromecontent folder moved successfully.

C:Program FilesCommon FilesSpigotwtxpcomchrome folder moved successfully.

C:Program FilesCommon FilesSpigotwtxpcom folder moved successfully.

C:Program FilesCommon FilesSpigotSearch SettingsRes folder moved successfully.

C:Program FilesCommon FilesSpigotSearch SettingsLang folder moved successfully.

C:Program FilesCommon FilesSpigotSearch Settings folder moved successfully.

C:Program FilesCommon FilesSpigotGC folder moved successfully.

C:Program FilesCommon FilesSpigot folder moved successfully.

C:Program FilesApplication Updater folder moved successfully.

C:Program FilesYTD ToolbarResLang folder moved successfully.

C:Program FilesYTD ToolbarRes folder moved successfully.

C:Program FilesYTD ToolbarIE6.6 folder moved successfully.

C:Program FilesYTD ToolbarIE folder moved successfully.

C:Program FilesYTD ToolbarFFchrome folder moved successfully.

C:Program FilesYTD ToolbarFF folder moved successfully.

C:Program FilesYTD Toolbar folder moved successfully.

C:Documents and SettingsTerryApplication DataYTDtemp folder moved successfully.

C:Documents and SettingsTerryApplication DataYTDres folder moved successfully.

C:Documents and SettingsTerryApplication DataYTD folder moved successfully.

C:Documents and SettingsTerryApplication DataSearch Settingstemp folder moved successfully.

C:Documents and SettingsTerryApplication DataSearch Settingsres folder moved successfully.

C:Documents and SettingsTerryApplication DataSearch Settings folder moved successfully.

C:Documents and SettingsAll UsersApplication Datablekko toolbars folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

User: All Users

 

User: Deborah

->Temp folder emptied: 1431160 bytes

->Temporary Internet Files folder emptied: 111497206 bytes

->Flash cache emptied: 8688 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Ryan

->Temp folder emptied: 17920 bytes

->Temporary Internet Files folder emptied: 44279700 bytes

->Flash cache emptied: 933 bytes

 

User: Terry

->Temp folder emptied: 99998282 bytes

->Temporary Internet Files folder emptied: 47346391 bytes

->FireFox cache emptied: 168895076 bytes

->Flash cache emptied: 5225 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1079768 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 402 bytes

RecycleBin emptied: 540787511 bytes

 

Total Files Cleaned = 968.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Deborah

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Ryan

->Flash cache emptied: 0 bytes

 

User: Terry

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12232012_140304

FilesFolders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.4 (12.21.2012:3)

OS: Microsoft Windows XP x86

Ran by Terry on Sun 12/23/2012 at 14:12:25.00

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorerurlsearchhooks{f3fee66e-e034-436a-86e4-9690573bee8a}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machinesoftwareapplication updater

Successfully deleted: [Registry Key] hkey_current_usersoftwarecrossrider

Successfully deleted: [Registry Key] hkey_local_machinesoftwarefreeze.com

Successfully deleted: [Registry Key] hkey_current_usersoftwaresmartbar

Successfully deleted: [Registry Key] hkey_current_usersoftwareappdatalowsoftwaresearch settings

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication dataytd video downloader"

Successfully deleted: [Folder] "C:Documents and SettingsTerryApplication Dataadawaretb"

Successfully deleted: [Folder] "C:Documents and SettingsTerryApplication Dataopencandy"

Successfully deleted: [Folder] "C:Program Filesadawaretb"

Successfully deleted: [Folder] "C:Documents and SettingsAll Usersstart menuprogramsytd video downloader"

 

~~~ FireFox

Successfully deleted: [File] C:Documents and SettingsTerryApplication Datamozillafirefoxprofilesw47qyqo7.defaultuser.js

Successfully deleted the following from C:Documents and SettingsTerryApplication Datamozillafirefoxprofilesw47qyqo7.defaultprefs.js

user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3101810&SearchSource=13");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.yahoo.com/search?fr=mcafee&p=");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3101810");

user_pref("extensions.crossrider.bic", "13abfff6261ad43f998e9d2d58cf2829");

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/23/2012 at 14:21:00.70

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

TDSS

 

14:28:21.0562 1644 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:28:22.0031 1644 ============================================================

14:28:22.0031 1644 Current date / time: 2012/12/23 14:28:22.0031

14:28:22.0031 1644 SystemInfo:

14:28:22.0031 1644

14:28:22.0031 1644 OS Version: 5.1.2600 ServicePack: 3.0

14:28:22.0031 1644 Product type: Workstation

14:28:22.0031 1644 ComputerName: DEBBIE

14:28:22.0031 1644 UserName: Terry

14:28:22.0031 1644 Windows directory: C:WINDOWS

14:28:22.0031 1644 System windows directory: C:WINDOWS

14:28:22.0031 1644 Processor architecture: Intel x86

14:28:22.0031 1644 Number of processors: 1

14:28:22.0031 1644 Page size: 0x1000

14:28:22.0031 1644 Boot type: Normal boot

14:28:22.0031 1644 ============================================================

14:28:23.0453 1644 Drive DeviceHarddisk0DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:28:23.0453 1644 ============================================================

14:28:23.0453 1644 DeviceHarddisk0DR0:

14:28:23.0453 1644 MBR partitions:

14:28:23.0453 1644 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1

14:28:23.0453 1644 ============================================================

14:28:23.0484 1644 C: <-> DeviceHarddisk0DR0Partition1

14:28:23.0484 1644 ============================================================

14:28:23.0484 1644 Initialize success

14:28:23.0500 1644 ============================================================

14:29:05.0890 3112 ============================================================

14:29:05.0890 3112 Scan started

14:29:05.0890 3112 Mode: Manual; TDLFS;

14:29:05.0890 3112 ============================================================

14:29:06.0203 3112 ================ Scan system memory ========================

14:29:06.0218 3112 System memory - ok

14:29:06.0218 3112 ================ Scan services =============================

14:29:06.0328 3112 Abiosdsk - ok

14:29:06.0343 3112 abp480n5 - ok

14:29:06.0406 3112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:WINDOWSsystem32DRIVERSACPI.sys

14:29:06.0406 3112 ACPI - ok

14:29:06.0468 3112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:WINDOWSsystem32driversACPIEC.sys

14:29:06.0468 3112 ACPIEC - ok

14:29:06.0531 3112 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe

14:29:06.0531 3112 AdobeFlashPlayerUpdateSvc - ok

14:29:06.0546 3112 adpu160m - ok

14:29:06.0578 3112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:WINDOWSsystem32driversaec.sys

14:29:06.0578 3112 aec - ok

14:29:06.0640 3112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:WINDOWSSystem32driversafd.sys

14:29:06.0640 3112 AFD - ok

14:29:06.0656 3112 Aha154x - ok

14:29:06.0671 3112 aic78u2 - ok

14:29:06.0687 3112 aic78xx - ok

14:29:06.0890 3112 [ 5003D2E3F6B220ED3B0F1AC2816C2A18 ] ALCXWDM C:WINDOWSsystem32driversALCXWDM.SYS

14:29:07.0031 3112 ALCXWDM - ok

14:29:07.0093 3112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:WINDOWSsystem32alrsvc.dll

14:29:07.0093 3112 Alerter - ok

14:29:07.0125 3112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:WINDOWSSystem32alg.exe

14:29:07.0125 3112 ALG - ok

14:29:07.0140 3112 AliIde - ok

14:29:07.0171 3112 amsint - ok

14:29:07.0187 3112 AppMgmt - ok

14:29:07.0203 3112 asc - ok

14:29:07.0203 3112 asc3350p - ok

14:29:07.0218 3112 asc3550 - ok

14:29:07.0281 3112 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe

14:29:07.0296 3112 aspnet_state - ok

14:29:07.0328 3112 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:WINDOWSsystem32DRIVERSasyncmac.sys

14:29:07.0328 3112 AsyncMac - ok

14:29:07.0359 3112 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:WINDOWSsystem32DRIVERSatapi.sys

14:29:07.0375 3112 atapi - ok

14:29:07.0390 3112 Atdisk - ok

14:29:07.0421 3112 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:WINDOWSsystem32DRIVERSatmarpc.sys

14:29:07.0421 3112 Atmarpc - ok

14:29:07.0453 3112 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:WINDOWSSystem32audiosrv.dll

14:29:07.0468 3112 AudioSrv - ok

14:29:07.0515 3112 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:WINDOWSsystem32DRIVERSaudstub.sys

14:29:07.0515 3112 audstub - ok

14:29:07.0578 3112 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:WINDOWSsystem32driversBeep.sys

14:29:07.0593 3112 Beep - ok

14:29:07.0640 3112 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:WINDOWSsystem32driversBIOS.sys

14:29:07.0640 3112 BIOS - ok

14:29:07.0687 3112 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:WINDOWSsystem32qmgr.dll

14:29:07.0718 3112 BITS - ok

14:29:07.0765 3112 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:WINDOWSSystem32browser.dll

14:29:07.0781 3112 Browser - ok

14:29:07.0828 3112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:WINDOWSsystem32driverscbidf2k.sys

14:29:07.0828 3112 cbidf2k - ok

14:29:07.0859 3112 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:WINDOWSsystem32DRIVERSCCDECODE.sys

14:29:07.0859 3112 CCDECODE - ok

14:29:07.0875 3112 cd20xrnt - ok

14:29:07.0890 3112 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:WINDOWSsystem32driversCdaudio.sys

14:29:07.0890 3112 Cdaudio - ok

14:29:07.0921 3112 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:WINDOWSsystem32driversCdfs.sys

14:29:07.0921 3112 Cdfs - ok

14:29:07.0968 3112 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:WINDOWSsystem32DRIVERScdrom.sys

14:29:07.0968 3112 Cdrom - ok

14:29:07.0984 3112 Changer - ok

14:29:08.0031 3112 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:WINDOWSsystem32cisvc.exe

14:29:08.0031 3112 CiSvc - ok

14:29:08.0078 3112 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:WINDOWSsystem32clipsrv.exe

14:29:08.0078 3112 ClipSrv - ok

14:29:08.0109 3112 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

14:29:08.0109 3112 clr_optimization_v2.0.50727_32 - ok

14:29:08.0125 3112 CmdIde - ok

14:29:08.0140 3112 COMSysApp - ok

14:29:08.0171 3112 Cpqarray - ok

14:29:08.0218 3112 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:WINDOWSSystem32cryptsvc.dll

14:29:08.0218 3112 CryptSvc - ok

14:29:08.0250 3112 dac2w2k - ok

14:29:08.0265 3112 dac960nt - ok

14:29:08.0328 3112 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:WINDOWSsystem32rpcss.dll

14:29:08.0343 3112 DcomLaunch - ok

14:29:08.0375 3112 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:WINDOWSSystem32dhcpcsvc.dll

14:29:08.0375 3112 Dhcp - ok

14:29:08.0390 3112 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:WINDOWSsystem32DRIVERSdisk.sys

14:29:08.0390 3112 Disk - ok

14:29:08.0406 3112 dmadmin - ok

14:29:08.0468 3112 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:WINDOWSsystem32driversdmboot.sys

14:29:08.0500 3112 dmboot - ok

14:29:08.0531 3112 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:WINDOWSsystem32driversdmio.sys

14:29:08.0531 3112 dmio - ok

14:29:08.0562 3112 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:WINDOWSsystem32driversdmload.sys

14:29:08.0562 3112 dmload - ok

14:29:08.0578 3112 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:WINDOWSSystem32dmserver.dll

14:29:08.0593 3112 dmserver - ok

14:29:08.0625 3112 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:WINDOWSsystem32driversDMusic.sys

14:29:08.0625 3112 DMusic - ok

14:29:08.0687 3112 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:WINDOWSSystem32dnsrslvr.dll

14:29:08.0687 3112 Dnscache - ok

14:29:08.0734 3112 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:WINDOWSSystem32dot3svc.dll

14:29:08.0750 3112 Dot3svc - ok

14:29:08.0765 3112 dpti2o - ok

14:29:08.0781 3112 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:WINDOWSsystem32driversdrmkaud.sys

14:29:08.0781 3112 drmkaud - ok

14:29:08.0796 3112 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:WINDOWSSystem32eapsvc.dll

14:29:08.0796 3112 EapHost - ok

14:29:08.0843 3112 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:WINDOWSSystem32ersvc.dll

14:29:08.0843 3112 ERSvc - ok

14:29:08.0906 3112 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:WINDOWSsystem32services.exe

14:29:08.0906 3112 Eventlog - ok

14:29:08.0937 3112 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:WINDOWSsystem32es.dll

14:29:08.0968 3112 EventSystem - ok

14:29:09.0046 3112 Fabs - ok

14:29:09.0093 3112 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:WINDOWSsystem32driversFastfat.sys

14:29:09.0093 3112 Fastfat - ok

14:29:09.0156 3112 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:WINDOWSSystem32shsvcs.dll

14:29:09.0156 3112 FastUserSwitchingCompatibility - ok

14:29:09.0187 3112 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:WINDOWSsystem32DRIVERSfdc.sys

14:29:09.0187 3112 Fdc - ok

14:29:09.0218 3112 [ 41561219A8C2D5CC17AA463ACFF0506F ] FETND5BV C:WINDOWSsystem32DRIVERSfetnd5bv.sys

14:29:09.0234 3112 FETND5BV - ok

14:29:09.0265 3112 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:WINDOWSsystem32DRIVERSfetnd5.sys

14:29:09.0265 3112 FETNDIS - ok

14:29:09.0296 3112 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:WINDOWSsystem32driversFips.sys

14:29:09.0296 3112 Fips - ok

14:29:09.0453 3112 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:Program FilesCommon FilesMAGIX ServicesDatabasebinfbserver.exe

14:29:09.0546 3112 FirebirdServerMAGIXInstance - ok

14:29:09.0578 3112 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:WINDOWSsystem32DRIVERSflpydisk.sys

14:29:09.0578 3112 Flpydisk - ok

14:29:09.0640 3112 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:WINDOWSsystem32driversfltmgr.sys

14:29:09.0640 3112 FltMgr - ok

14:29:09.0718 3112 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe

14:29:09.0734 3112 FontCache3.0.0.0 - ok

14:29:09.0750 3112 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:WINDOWSsystem32driversFs_Rec.sys

14:29:09.0750 3112 Fs_Rec - ok

14:29:09.0765 3112 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:WINDOWSsystem32DRIVERSftdisk.sys

14:29:09.0781 3112 Ftdisk - ok

14:29:09.0828 3112 [ 339A085C21E5078AF2936F90B9616033 ] gfiark C:WINDOWSsystem32driversgfiark.sys

14:29:09.0828 3112 gfiark - ok

14:29:09.0843 3112 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:WINDOWSsystem32driversgfibto.sys

14:29:09.0843 3112 gfibto - ok

14:29:09.0875 3112 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:WINDOWSsystem32DRIVERSmsgpc.sys

14:29:09.0890 3112 Gpc - ok

14:29:09.0984 3112 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll

14:29:09.0984 3112 helpsvc - ok

14:29:10.0015 3112 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:WINDOWSSystem32hidserv.dll

14:29:10.0015 3112 HidServ - ok

14:29:10.0046 3112 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:WINDOWSsystem32DRIVERShidusb.sys

14:29:10.0046 3112 hidusb - ok

14:29:10.0093 3112 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:WINDOWSSystem32kmsvc.dll

14:29:10.0093 3112 hkmsvc - ok

14:29:10.0109 3112 hpn - ok

14:29:10.0250 3112 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:Program FilesHPDigital Imagingbinhpqcxs08.dll

14:29:10.0250 3112 hpqcxs08 - ok

14:29:10.0281 3112 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:Program FilesHPDigital Imagingbinhpqddsvc.dll

14:29:10.0281 3112 hpqddsvc - ok

14:29:10.0343 3112 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:WINDOWSsystem32DRIVERSHPZid412.sys

14:29:10.0343 3112 HPZid412 - ok

14:29:10.0406 3112 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:WINDOWSsystem32DRIVERSHPZipr12.sys

14:29:10.0406 3112 HPZipr12 - ok

14:29:10.0421 3112 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:WINDOWSsystem32DRIVERSHPZius12.sys

14:29:10.0421 3112 HPZius12 - ok

14:29:10.0468 3112 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:WINDOWSsystem32DRIVERSHSFBS2S2.sys

14:29:10.0484 3112 HSFHWBS2 - ok

14:29:10.0562 3112 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:WINDOWSsystem32DRIVERSHSFDPSP2.sys

14:29:10.0609 3112 HSF_DP - ok

14:29:10.0671 3112 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:WINDOWSsystem32DriversHTTP.sys

14:29:10.0671 3112 HTTP - ok

14:29:10.0718 3112 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:WINDOWSSystem32w3ssl.dll

14:29:10.0718 3112 HTTPFilter - ok

14:29:10.0734 3112 i2omgmt - ok

14:29:10.0750 3112 i2omp - ok

14:29:10.0843 3112 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe

14:29:10.0875 3112 idsvc - ok

14:29:10.0921 3112 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:WINDOWSsystem32DRIVERSimapi.sys

14:29:10.0921 3112 Imapi - ok

14:29:11.0000 3112 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:WINDOWSsystem32imapi.exe

14:29:11.0000 3112 ImapiService - ok

14:29:11.0015 3112 ini910u - ok

14:29:11.0046 3112 IntelIde - ok

14:29:11.0093 3112 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:WINDOWSsystem32DRIVERSintelppm.sys

14:29:11.0093 3112 intelppm - ok

14:29:11.0125 3112 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:WINDOWSsystem32driversip6fw.sys

14:29:11.0125 3112 Ip6Fw - ok

14:29:11.0171 3112 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:WINDOWSsystem32DRIVERSipfltdrv.sys

14:29:11.0171 3112 IpFilterDriver - ok

14:29:11.0203 3112 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:WINDOWSsystem32DRIVERSipinip.sys

14:29:11.0203 3112 IpInIp - ok

14:29:11.0234 3112 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:WINDOWSsystem32DRIVERSipnat.sys

14:29:11.0250 3112 IpNat - ok

14:29:11.0265 3112 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:WINDOWSsystem32DRIVERSipsec.sys

14:29:11.0265 3112 IPSec - ok

14:29:11.0296 3112 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:WINDOWSsystem32DRIVERSirenum.sys

14:29:11.0312 3112 IRENUM - ok

14:29:11.0343 3112 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:WINDOWSsystem32DRIVERSisapnp.sys

14:29:11.0343 3112 isapnp - ok

14:29:11.0468 3112 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:Program FilesJavajre7binjqs.exe

14:29:11.0484 3112 JavaQuickStarterService - ok

14:29:11.0500 3112 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:WINDOWSsystem32DRIVERSkbdclass.sys

14:29:11.0500 3112 Kbdclass - ok

14:29:11.0515 3112 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:WINDOWSsystem32DRIVERSkbdhid.sys

14:29:11.0515 3112 kbdhid - ok

14:29:11.0546 3112 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:WINDOWSsystem32driverskmixer.sys

14:29:11.0562 3112 kmixer - ok

14:29:11.0593 3112 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:WINDOWSsystem32driversKSecDD.sys

14:29:11.0593 3112 KSecDD - ok

14:29:11.0640 3112 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:WINDOWSSystem32srvsvc.dll

14:29:11.0640 3112 lanmanserver - ok

14:29:11.0703 3112 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:WINDOWSSystem32wkssvc.dll

14:29:11.0703 3112 lanmanworkstation - ok

14:29:11.0718 3112 lbrtfdc - ok

14:29:11.0765 3112 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:WINDOWSSystem32lmhsvc.dll

14:29:11.0765 3112 LmHosts - ok

14:29:11.0828 3112 [ BA1347822D01B2D29C14CF09663A6457 ] LVRS C:WINDOWSsystem32DRIVERSlvrs.sys

14:29:11.0828 3112 LVRS - ok

14:29:12.0015 3112 [ E2C99D3B692BA2173114C9DF79313B70 ] LVUVC C:WINDOWSsystem32DRIVERSlvuvc.sys

14:29:12.0062 3112 LVUVC - ok

14:29:12.0156 3112 [ AA44024C1796F40D43F2E6C08B47A564 ] McAfee SiteAdvisor Service c:PROGRA~1mcafeeSITEAD~1mcsacore.exe

14:29:12.0156 3112 McAfee SiteAdvisor Service - ok

14:29:12.0218 3112 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:Program FilesMcAfee Security Scan3.0.285McCHSvc.exe

14:29:12.0218 3112 McComponentHostService - ok

14:29:12.0265 3112 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:WINDOWSsystem32DRIVERSmdmxsdk.sys

14:29:12.0265 3112 mdmxsdk - ok

14:29:12.0312 3112 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:WINDOWSSystem32msgsvc.dll

14:29:12.0312 3112 Messenger - ok

14:29:12.0390 3112 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe

14:29:12.0406 3112 Microsoft Office Groove Audit Service - ok

14:29:12.0453 3112 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:WINDOWSsystem32driversmnmdd.sys

14:29:12.0453 3112 mnmdd - ok

14:29:12.0515 3112 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:WINDOWSsystem32mnmsrvc.exe

14:29:12.0515 3112 mnmsrvc - ok

14:29:12.0531 3112 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:WINDOWSsystem32driversModem.sys

14:29:12.0546 3112 Modem - ok

14:29:12.0562 3112 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:WINDOWSsystem32DRIVERSmouclass.sys

14:29:12.0562 3112 Mouclass - ok

14:29:12.0609 3112 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:WINDOWSsystem32DRIVERSmouhid.sys

14:29:12.0609 3112 mouhid - ok

14:29:12.0640 3112 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:WINDOWSsystem32driversMountMgr.sys

14:29:12.0640 3112 MountMgr - ok

14:29:12.0703 3112 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe

14:29:12.0703 3112 MozillaMaintenance - ok

14:29:12.0718 3112 mraid35x - ok

14:29:12.0750 3112 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:WINDOWSsystem32DRIVERSmrxdav.sys

14:29:12.0750 3112 MRxDAV - ok

14:29:12.0812 3112 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:WINDOWSsystem32DRIVERSmrxsmb.sys

14:29:12.0828 3112 MRxSmb - ok

14:29:12.0843 3112 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:WINDOWSsystem32msdtc.exe

14:29:12.0843 3112 MSDTC - ok

14:29:12.0875 3112 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:WINDOWSsystem32driversMsfs.sys

14:29:12.0875 3112 Msfs - ok

14:29:12.0890 3112 MSIServer - ok

14:29:12.0906 3112 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:WINDOWSsystem32driversMSKSSRV.sys

14:29:12.0906 3112 MSKSSRV - ok

14:29:12.0937 3112 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:WINDOWSsystem32driversMSPCLOCK.sys

14:29:12.0937 3112 MSPCLOCK - ok

14:29:12.0968 3112 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:WINDOWSsystem32driversMSPQM.sys

14:29:12.0968 3112 MSPQM - ok

14:29:12.0984 3112 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:WINDOWSsystem32DRIVERSmssmbios.sys

14:29:13.0000 3112 mssmbios - ok

14:29:13.0031 3112 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:WINDOWSsystem32driversMSTEE.sys

14:29:13.0031 3112 MSTEE - ok

14:29:13.0062 3112 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:WINDOWSsystem32driversMup.sys

14:29:13.0062 3112 Mup - ok

14:29:13.0078 3112 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:WINDOWSsystem32DRIVERSNABTSFEC.sys

14:29:13.0078 3112 NABTSFEC - ok

14:29:13.0156 3112 [ 0102140028FAD045756796E1C685D695 ] napagent C:WINDOWSSystem32qagentrt.dll

14:29:13.0171 3112 napagent - ok

14:29:13.0218 3112 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:WINDOWSsystem32driversNDIS.sys

14:29:13.0218 3112 NDIS - ok

14:29:13.0234 3112 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:WINDOWSsystem32DRIVERSNdisIP.sys

14:29:13.0234 3112 NdisIP - ok

14:29:13.0265 3112 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:WINDOWSsystem32DRIVERSndistapi.sys

14:29:13.0265 3112 NdisTapi - ok

14:29:13.0281 3112 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:WINDOWSsystem32DRIVERSndisuio.sys

14:29:13.0281 3112 Ndisuio - ok

14:29:13.0296 3112 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:WINDOWSsystem32DRIVERSndiswan.sys

14:29:13.0312 3112 NdisWan - ok

14:29:13.0343 3112 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:WINDOWSsystem32driversNDProxy.sys

14:29:13.0343 3112 NDProxy - ok

14:29:13.0390 3112 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:WINDOWSsystem32HPZinw12.dll

14:29:13.0390 3112 Net Driver HPZ12 - ok

14:29:13.0421 3112 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:WINDOWSsystem32DRIVERSnetbios.sys

14:29:13.0421 3112 NetBIOS - ok

14:29:13.0453 3112 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:WINDOWSsystem32DRIVERSnetbt.sys

14:29:13.0453 3112 NetBT - ok

14:29:13.0515 3112 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:WINDOWSsystem32netdde.exe

14:29:13.0515 3112 NetDDE - ok

14:29:13.0531 3112 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:WINDOWSsystem32netdde.exe

14:29:13.0531 3112 NetDDEdsdm - ok

14:29:13.0578 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:WINDOWSsystem32lsass.exe

14:29:13.0593 3112 Netlogon - ok

14:29:13.0609 3112 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:WINDOWSSystem32netman.dll

14:29:13.0625 3112 Netman - ok

14:29:13.0671 3112 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe

14:29:13.0671 3112 NetTcpPortSharing - ok

14:29:13.0718 3112 [ 943337D786A56729263071623BBB9DE5 ] Nla C:WINDOWSSystem32mswsock.dll

14:29:13.0718 3112 Nla - ok

14:29:13.0750 3112 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:WINDOWSsystem32driversNpfs.sys

14:29:13.0750 3112 Npfs - ok

14:29:13.0796 3112 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:WINDOWSsystem32driversNtfs.sys

14:29:13.0812 3112 Ntfs - ok

14:29:13.0828 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:WINDOWSsystem32lsass.exe

14:29:13.0828 3112 NtLmSsp - ok

14:29:13.0890 3112 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:WINDOWSsystem32ntmssvc.dll

14:29:13.0906 3112 NtmsSvc - ok

14:29:13.0937 3112 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:WINDOWSsystem32driversNull.sys

14:29:13.0937 3112 Null - ok

14:29:13.0984 3112 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:WINDOWSsystem32DRIVERSnwlnkflt.sys

14:29:13.0984 3112 NwlnkFlt - ok

14:29:14.0000 3112 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:WINDOWSsystem32DRIVERSnwlnkfwd.sys

14:29:14.0000 3112 NwlnkFwd - ok

14:29:14.0125 3112 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE

14:29:14.0140 3112 odserv - ok

14:29:14.0187 3112 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE

14:29:14.0187 3112 ose - ok

14:29:14.0250 3112 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:WINDOWSsystem32DRIVERSparport.sys

14:29:14.0250 3112 Parport - ok

14:29:14.0265 3112 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:WINDOWSsystem32driversPartMgr.sys

14:29:14.0265 3112 PartMgr - ok

14:29:14.0312 3112 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:WINDOWSsystem32driversParVdm.sys

14:29:14.0312 3112 ParVdm - ok

14:29:14.0328 3112 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:WINDOWSsystem32DRIVERSpci.sys

14:29:14.0328 3112 PCI - ok

14:29:14.0343 3112 PCIDump - ok

14:29:14.0359 3112 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:WINDOWSsystem32DRIVERSpciide.sys

14:29:14.0359 3112 PCIIde - ok

14:29:14.0390 3112 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:WINDOWSsystem32driversPcmcia.sys

14:29:14.0406 3112 Pcmcia - ok

14:29:14.0421 3112 PDCOMP - ok

14:29:14.0437 3112 PDFRAME - ok

14:29:14.0453 3112 PDRELI - ok

14:29:14.0468 3112 PDRFRAME - ok

14:29:14.0484 3112 perc2 - ok

14:29:14.0500 3112 perc2hib - ok

14:29:14.0562 3112 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:WINDOWSsystem32services.exe

14:29:14.0562 3112 PlugPlay - ok

14:29:14.0625 3112 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:WINDOWSsystem32HPZipm12.dll

14:29:14.0625 3112 Pml Driver HPZ12 - ok

14:29:14.0640 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:WINDOWSsystem32lsass.exe

14:29:14.0640 3112 PolicyAgent - ok

14:29:14.0656 3112 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:WINDOWSsystem32DRIVERSraspptp.sys

14:29:14.0656 3112 PptpMiniport - ok

14:29:14.0671 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:WINDOWSsystem32lsass.exe

14:29:14.0671 3112 ProtectedStorage - ok

14:29:14.0703 3112 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:WINDOWSsystem32DRIVERSpsched.sys

14:29:14.0703 3112 PSched - ok

14:29:14.0765 3112 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:WINDOWSsystem32DRIVERSptilink.sys

14:29:14.0765 3112 Ptilink - ok

14:29:14.0875 3112 [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe

14:29:14.0875 3112 QBCFMonitorService - ok

14:29:14.0921 3112 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService c:Program FilesCommon FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe

14:29:14.0921 3112 QBFCService - ok

14:29:14.0937 3112 ql1080 - ok

14:29:14.0953 3112 Ql10wnt - ok

14:29:14.0968 3112 ql12160 - ok

14:29:14.0984 3112 ql1240 - ok

14:29:15.0000 3112 ql1280 - ok

14:29:15.0031 3112 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:WINDOWSsystem32DRIVERSrasacd.sys

14:29:15.0031 3112 RasAcd - ok

14:29:15.0078 3112 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:WINDOWSSystem32rasauto.dll

14:29:15.0078 3112 RasAuto - ok

14:29:15.0093 3112 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:WINDOWSsystem32DRIVERSrasl2tp.sys

14:29:15.0093 3112 Rasl2tp - ok

14:29:15.0140 3112 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:WINDOWSSystem32rasmans.dll

14:29:15.0140 3112 RasMan - ok

14:29:15.0171 3112 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:WINDOWSsystem32DRIVERSraspppoe.sys

14:29:15.0171 3112 RasPppoe - ok

14:29:15.0187 3112 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:WINDOWSsystem32DRIVERSraspti.sys

14:29:15.0187 3112 Raspti - ok

14:29:15.0203 3112 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:WINDOWSsystem32DRIVERSrdbss.sys

14:29:15.0218 3112 Rdbss - ok

14:29:15.0234 3112 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:WINDOWSsystem32DRIVERSRDPCDD.sys

14:29:15.0234 3112 RDPCDD - ok

14:29:15.0296 3112 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:WINDOWSsystem32driversRDPWD.sys

14:29:15.0312 3112 RDPWD - ok

14:29:15.0343 3112 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:WINDOWSsystem32sessmgr.exe

14:29:15.0343 3112 RDSessMgr - ok

14:29:15.0375 3112 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:WINDOWSsystem32DRIVERSredbook.sys

14:29:15.0375 3112 redbook - ok

14:29:15.0421 3112 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:WINDOWSSystem32mprdim.dll

14:29:15.0421 3112 RemoteAccess - ok

14:29:15.0437 3112 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:WINDOWSsystem32locator.exe

14:29:15.0437 3112 RpcLocator - ok

14:29:15.0484 3112 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:WINDOWSsystem32rpcss.dll

14:29:15.0484 3112 RpcSs - ok

14:29:15.0515 3112 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:WINDOWSsystem32rsvp.exe

14:29:15.0531 3112 RSVP - ok

14:29:15.0562 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:WINDOWSsystem32lsass.exe

14:29:15.0562 3112 SamSs - ok

14:29:15.0578 3112 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:WINDOWSSystem32SCardSvr.exe

14:29:15.0593 3112 SCardSvr - ok

14:29:15.0656 3112 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:WINDOWSsystem32schedsvc.dll

14:29:15.0656 3112 Schedule - ok

14:29:15.0703 3112 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:WINDOWSsystem32DRIVERSsecdrv.sys

14:29:15.0703 3112 Secdrv - ok

14:29:15.0750 3112 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:WINDOWSSystem32seclogon.dll

14:29:15.0750 3112 seclogon - ok

14:29:15.0765 3112 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:WINDOWSsystem32sens.dll

14:29:15.0765 3112 SENS - ok

14:29:15.0796 3112 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:WINDOWSsystem32DRIVERSserenum.sys

14:29:15.0796 3112 serenum - ok

14:29:15.0812 3112 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:WINDOWSsystem32DRIVERSserial.sys

14:29:15.0812 3112 Serial - ok

14:29:15.0859 3112 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:WINDOWSsystem32driversSfloppy.sys

14:29:15.0859 3112 Sfloppy - ok

14:29:15.0937 3112 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:WINDOWSSystem32ipnathlp.dll

14:29:15.0953 3112 SharedAccess - ok

14:29:16.0000 3112 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:WINDOWSSystem32shsvcs.dll

14:29:16.0015 3112 ShellHWDetection - ok

14:29:16.0031 3112 Simbad - ok

14:29:16.0062 3112 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:WINDOWSsystem32DRIVERSSLIP.sys

14:29:16.0062 3112 SLIP - ok

14:29:16.0078 3112 Sparrow - ok

14:29:16.0125 3112 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:WINDOWSsystem32driverssplitter.sys

14:29:16.0125 3112 splitter - ok

14:29:16.0171 3112 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:WINDOWSsystem32spoolsv.exe

14:29:16.0171 3112 Spooler - ok

14:29:16.0218 3112 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:WINDOWSsystem32DRIVERSsr.sys

14:29:16.0218 3112 sr - ok

14:29:16.0234 3112 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:WINDOWSsystem32srsvc.dll

14:29:16.0250 3112 srservice - ok

14:29:16.0296 3112 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:WINDOWSsystem32DRIVERSsrv.sys

14:29:16.0312 3112 Srv - ok

14:29:16.0343 3112 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:WINDOWSSystem32ssdpsrv.dll

14:29:16.0343 3112 SSDPSRV - ok

14:29:16.0406 3112 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:WINDOWSsystem32wiaservc.dll

14:29:16.0421 3112 stisvc - ok

14:29:16.0453 3112 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:WINDOWSsystem32DRIVERSStreamIP.sys

14:29:16.0453 3112 streamip - ok

14:29:16.0484 3112 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:WINDOWSsystem32DRIVERSswenum.sys

14:29:16.0484 3112 swenum - ok

14:29:16.0500 3112 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:WINDOWSsystem32driversswmidi.sys

14:29:16.0500 3112 swmidi - ok

14:29:16.0515 3112 SwPrv - ok

14:29:16.0546 3112 symc810 - ok

14:29:16.0562 3112 symc8xx - ok

14:29:16.0578 3112 sym_hi - ok

14:29:16.0593 3112 sym_u3 - ok

14:29:16.0609 3112 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:WINDOWSsystem32driverssysaudio.sys

14:29:16.0625 3112 sysaudio - ok

14:29:16.0640 3112 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:WINDOWSsystem32smlogsvc.exe

14:29:16.0640 3112 SysmonLog - ok

14:29:16.0671 3112 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:WINDOWSSystem32tapisrv.dll

14:29:16.0671 3112 TapiSrv - ok

14:29:16.0718 3112 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:WINDOWSsystem32DRIVERStcpip.sys

14:29:16.0734 3112 Tcpip - ok

14:29:16.0781 3112 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:WINDOWSsystem32driversTDPIPE.sys

14:29:16.0781 3112 TDPIPE - ok

14:29:16.0812 3112 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:WINDOWSsystem32driversTDTCP.sys

14:29:16.0812 3112 TDTCP - ok

14:29:16.0843 3112 [ 88155247177638048422893737429D9E ] TermDD C:WINDOWSsystem32DRIVERStermdd.sys

14:29:16.0843 3112 TermDD - ok

14:29:16.0890 3112 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:WINDOWSSystem32termsrv.dll

14:29:16.0906 3112 TermService - ok

14:29:16.0921 3112 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:WINDOWSSystem32shsvcs.dll

14:29:16.0937 3112 Themes - ok

14:29:16.0953 3112 TosIde - ok

14:29:16.0984 3112 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:WINDOWSsystem32trkwks.dll

14:29:16.0984 3112 TrkWks - ok

14:29:17.0015 3112 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:WINDOWSsystem32DRIVERSuagp35.sys

14:29:17.0015 3112 uagp35 - ok

14:29:17.0062 3112 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:WINDOWSsystem32driversUdfs.sys

14:29:17.0062 3112 Udfs - ok

14:29:17.0078 3112 ultra - ok

14:29:17.0125 3112 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:WINDOWSsystem32DRIVERSupdate.sys

14:29:17.0140 3112 Update - ok

14:29:17.0171 3112 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:WINDOWSSystem32upnphost.dll

14:29:17.0187 3112 upnphost - ok

14:29:17.0203 3112 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:WINDOWSSystem32ups.exe

14:29:17.0218 3112 UPS - ok

14:29:17.0265 3112 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:WINDOWSsystem32driversusbaudio.sys

14:29:17.0281 3112 usbaudio - ok

14:29:17.0343 3112 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:WINDOWSsystem32DRIVERSusbccgp.sys

14:29:17.0343 3112 usbccgp - ok

14:29:17.0359 3112 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:WINDOWSsystem32DRIVERSusbehci.sys

14:29:17.0359 3112 usbehci - ok

14:29:17.0406 3112 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:WINDOWSsystem32DRIVERSusbhub.sys

14:29:17.0406 3112 usbhub - ok

14:29:17.0437 3112 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:WINDOWSsystem32DRIVERSusbprint.sys

14:29:17.0437 3112 usbprint - ok

14:29:17.0453 3112 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:WINDOWSsystem32DRIVERSusbscan.sys

14:29:17.0453 3112 usbscan - ok

14:29:17.0484 3112 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

14:29:17.0500 3112 USBSTOR - ok

14:29:17.0546 3112 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:WINDOWSsystem32DRIVERSusbuhci.sys

14:29:17.0546 3112 usbuhci - ok

14:29:17.0578 3112 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:WINDOWSsystem32Driversusbvideo.sys

14:29:17.0593 3112 usbvideo - ok

14:29:17.0609 3112 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:WINDOWSSystem32driversvga.sys

14:29:17.0609 3112 VgaSave - ok

14:29:17.0656 3112 [ BCB2353661CB74A28C2E3E08CCFDFF12 ] viagfx C:WINDOWSsystem32DRIVERSvtmini.sys

14:29:17.0671 3112 viagfx - ok

14:29:17.0687 3112 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:WINDOWSsystem32DRIVERSviaide.sys

14:29:17.0687 3112 ViaIde - ok

14:29:17.0718 3112 [ C8EE49FA76EB7C41A9CDDFE58151A74E ] videX32 C:WINDOWSsystem32DRIVERSvideX32.sys

14:29:17.0718 3112 videX32 - ok

14:29:17.0734 3112 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:WINDOWSsystem32driversVolSnap.sys

14:29:17.0734 3112 VolSnap - ok

14:29:17.0781 3112 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:WINDOWSSystem32vssvc.exe

14:29:17.0796 3112 VSS - ok

14:29:17.0828 3112 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:WINDOWSsystem32w32time.dll

14:29:17.0843 3112 W32Time - ok

14:29:17.0859 3112 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:WINDOWSsystem32DRIVERSwanarp.sys

14:29:17.0859 3112 Wanarp - ok

14:29:17.0875 3112 WDICA - ok

14:29:17.0906 3112 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:WINDOWSsystem32driverswdmaud.sys

14:29:17.0906 3112 wdmaud - ok

14:29:17.0937 3112 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:WINDOWSSystem32webclnt.dll

14:29:17.0953 3112 WebClient - ok

14:29:18.0015 3112 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:WINDOWSsystem32DRIVERSHSFCXTS2.sys

14:29:18.0062 3112 winachsf - ok

14:29:18.0171 3112 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:WINDOWSsystem32wbemWMIsvc.dll

14:29:18.0171 3112 winmgmt - ok

14:29:18.0250 3112 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:WINDOWSsystem32MsPMSNSv.dll

14:29:18.0250 3112 WmdmPmSN - ok

14:29:18.0296 3112 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:WINDOWSsystem32wbemwmiapsrv.exe

14:29:18.0296 3112 WmiApSrv - ok

14:29:18.0406 3112 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:Program FilesWindows Media PlayerWMPNetwk.exe

14:29:18.0453 3112 WMPNetworkSvc - ok

14:29:18.0500 3112 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:WINDOWSsystem32wscsvc.dll

14:29:18.0515 3112 wscsvc - ok

14:29:18.0531 3112 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:WINDOWSsystem32DRIVERSWSTCODEC.SYS

14:29:18.0546 3112 WSTCODEC - ok

14:29:18.0562 3112 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:WINDOWSsystem32wuauserv.dll

14:29:18.0562 3112 wuauserv - ok

14:29:18.0609 3112 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:WINDOWSsystem32DRIVERSWudfPf.sys

14:29:18.0609 3112 WudfPf - ok

14:29:18.0640 3112 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:WINDOWSsystem32DRIVERSwudfrd.sys

14:29:18.0640 3112 WudfRd - ok

14:29:18.0671 3112 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:WINDOWSSystem32WUDFSvc.dll

14:29:18.0687 3112 WudfSvc - ok

14:29:18.0750 3112 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:WINDOWSSystem32wzcsvc.dll

14:29:18.0765 3112 WZCSVC - ok

14:29:18.0828 3112 [ FCBC27869092850CDB75139F3818653A ] xfilt C:WINDOWSsystem32DRIVERSxfilt.sys

14:29:18.0828 3112 xfilt - ok

14:29:18.0875 3112 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:WINDOWSSystem32xmlprov.dll

14:29:18.0875 3112 xmlprov - ok

14:29:18.0890 3112 ================ Scan global ===============================

14:29:18.0937 3112 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:WINDOWSsystem32basesrv.dll

14:29:19.0015 3112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:WINDOWSsystem32winsrv.dll

14:29:19.0046 3112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:WINDOWSsystem32winsrv.dll

14:29:19.0078 3112 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:WINDOWSsystem32services.exe

14:29:19.0093 3112 [Global] - ok

14:29:19.0093 3112 ================ Scan MBR ==================================

14:29:19.0125 3112 [ 8F558EB6672622401DA993E1E865C861 ] DeviceHarddisk0DR0

14:29:19.0343 3112 DeviceHarddisk0DR0 - ok

14:29:19.0359 3112 ================ Scan VBR ==================================

14:29:19.0359 3112 [ 66F4D3BDF3236D0B68A590D4D4685B98 ] DeviceHarddisk0DR0Partition1

14:29:19.0359 3112 DeviceHarddisk0DR0Partition1 - ok

14:29:19.0375 3112 ============================================================

14:29:19.0375 3112 Scan finished

14:29:19.0375 3112 ============================================================

14:29:19.0390 0500 Detected object count: 0

14:29:19.0390 0500 Actual detected object count: 0

14:31:06.0734 2536 Deinitialize success

Link to comment
Share on other sites

Hello Tacticaltal

 

Thank you for the logs.

 

was unable to run TDSS Killer as Administrator ; there was no option on right-click to do so

Thats not a problem.

 

Lets continue:

  • Please perform the following scan:

    • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
    • Double click on the mbam-setup.exe icon to install the program.
    • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
    • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please run the following scan

    • Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the MBAM log and the ESET log in your next reply and let me know how the machine is running now.
Link to comment
Share on other sites

ESET didn't find any threats, and I didn't see any .txt file. Below is the mbam log.

 

IE is still laggy and slow.

 

mbam

 

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.24.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Terry :: DEBBIE [administrator]

Protection: Enabled

12/23/2012 9:14:59 PM

mbam-log-2012-12-23 (21-21-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 262337

Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLMSOFTWAREMicrosoftSecurity Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to comment
Share on other sites

Hello tacticaltal

 

ESET didn't find any threats

Thats good. A .txt file is not produced if nothing is detected.

 

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Did you allow MBAM to remove this detection? if not, please re-run the tool and remove it.

 

Please re-scan with OTL and post the log in your next reply.

Link to comment
Share on other sites

I did remove the HKLMSOFTWAREMicrosoftSecurity Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter). Don't know why it says No Action Taken

 

OTL LOG

 

OTL logfile created on: 12/24/2012 9:47:30 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:Documents and SettingsTerryDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 708.44 Mb Available Physical Memory | 73.92% Memory free

2.26 Gb Paging File | 2.06 Gb Available in Paging File | 91.21% Paging File free

Paging file location(s): C:pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 149.04 Gb Total Space | 135.40 Gb Free Space | 90.85% Space Free | Partition Type: NTFS

 

Computer Name: DEBBIE | User Name: Terry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/12/23 00:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsTerryDesktopOTL.exe

PRC - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe

PRC - [2012/11/28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:Program FilesJavajre7binjqs.exe

PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe

PRC - [2012/07/25 15:03:12 | 000,045,056 | ---- | M] (Intuit) -- c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe

PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe

PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/11/16 15:14:23 | 000,212,992 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.ServiceProce#31b7eef43a23e7c6e93594be583f3d08System.ServiceProcess.ni.dll

MOD - [2012/11/16 12:38:07 | 007,977,472 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System90ad0c96693527ae685ff40019bb33b0System.ni.dll

MOD - [2012/11/16 12:35:41 | 011,492,352 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlib3add69b075f3da012fb97ce00cd795c0mscorlib.ni.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%System32appmgmts.dll -- (AppMgmt)

SRV - [2012/12/12 03:13:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/04 23:57:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2012/11/28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:Program FilesJavajre7binjqs.exe -- (JavaQuickStarterService)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/05 09:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program FilesMcAfee Security Scan3.0.285McCHSvc.exe -- (McComponentHostService)

SRV - [2012/07/25 15:03:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe -- (Fabs)

SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:Program FilesCommon FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:Program FilesCommon FilesMAGIX ServicesDatabasebinfbserver.exe -- (FirebirdServerMAGIXInstance)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/12/16 23:45:56 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversgfibto.sys -- (gfibto)

DRV - [2012/11/29 10:53:27 | 000,033,408 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversgfiark.sys -- (gfiark)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:WINDOWSsystem32driversmbam.sys -- (MBAMProtector)

DRV - [2012/09/21 13:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverslvuvc.sys -- (LVUVC)

DRV - [2012/09/21 13:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverslvrs.sys -- (LVRS)

DRV - [2006/05/19 14:44:52 | 003,965,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversalcxwdm.sys -- (ALCXWDM)

DRV - [2006/02/22 21:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversxfilt.sys -- (xfilt)

DRV - [2006/02/22 21:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversvideX32.sys -- (videX32)

DRV - [2005/03/16 00:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:WINDOWSsystem32driversBIOS.sys -- (BIOS)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant =

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU.DEFAULT..URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-18..URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

 

 

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com/

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004..URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004..URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004..SearchScopes,DefaultScope = {D2EFAD3C-5CAC-4E4A-904E-774AD4E0C674}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004..SearchScopes{0C72F88E-F61B-4866-9153-B0919761F63D}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004..SearchScopes{D2EFAD3C-5CAC-4E4A-904E-774AD4E0C674}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1004SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftInternet ExplorerMain,Search Bar =

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftInternet ExplorerMain,Search Page =

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0A FB 61 70 9A AF CD 01 [binary data]

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005..URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005..SearchScopes,DefaultScope = {842F0B56-860B-4CA5-AB53-BEC46AD34378}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005..SearchScopes{76C5F297-1752-4366-8709-FEEC1E7AFCE7}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005..SearchScopes{842F0B56-860B-4CA5-AB53-BEC46AD34378}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005..SearchScopes{D4992129-F966-4150-9056-64E76508905F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKUS-1-5-21-606747145-1060284298-725345543-1005SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://yahoo.com"

FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

FF - user.js - File not found

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_5_502_135.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.10.2: C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@mcafee.com/SAFFPlugin: C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll (McAfee, Inc.)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/DownloadManager,version=1.1: C:WINDOWS [2012/12/23 14:12:22 | 000,000,000 | ---D | M]

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:Documents and SettingsTerryLocal SettingsApplication DataFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:Program FilesMcAfeeSiteAdvisor [2012/12/21 12:56:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program FilesHPDigital ImagingSmart Web PrintingMozillaAddOn3 [2012/10/23 15:01:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 17.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2012/12/16 23:45:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 17.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2012/12/10 00:07:44 | 000,000,000 | ---D | M]

 

[2012/10/23 22:29:43 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsTerryApplication DataMozillaExtensions

[2012/12/18 15:02:52 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsTerryApplication DataMozillaFirefoxProfilesw47qyqo7.defaultextensions

[2012/11/09 20:15:36 | 000,002,533 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMozillaFirefoxProfilesw47qyqo7.defaultsearchpluginsaol-search.xml

[2012/12/04 23:57:14 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2012/12/21 12:56:14 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:PROGRAM FILESMCAFEESITEADVISOR

[2012/12/04 23:57:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll

[2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml

[2012/10/24 00:29:56 | 000,002,024 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsMcSiteAdvisor.xml

[2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginstwitter.xml

 

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)

O3 - HKLM..Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O3 - HKUS-1-5-21-606747145-1060284298-725345543-1004..ToolbarWebBrowser: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.

O7 - HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKUS-1-5-21-606747145-1060284298-725345543-1004SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKUS-1-5-21-606747145-1060284298-725345543-1005SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350831923796 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350834043140 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 74.128.17.114 74.128.19.102

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{C9A81056-A78E-4667-ACE8-18DD55179F58}: DhcpNameServer = 74.128.17.114 74.128.19.102

O18 - ProtocolHandlerdssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O18 - ProtocolHandlerintu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:Program FilesIntuitQuickBooks 2010HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - ProtocolHandlersacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsTerryLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsTerryLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/10/21 07:55:25 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/12/23 21:26:13 | 000,000,000 | ---D | C] -- C:Program FilesESET

[2012/12/23 21:10:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataMalwarebytes

[2012/12/23 21:10:08 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMalwarebytes' Anti-Malware

[2012/12/23 21:10:07 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMalwarebytes

[2012/12/23 21:10:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys

[2012/12/23 21:10:06 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware

[2012/12/23 21:09:09 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:Documents and SettingsTerryDesktopmbam-setup-1.65.1.1000.exe

[2012/12/23 14:24:23 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryDesktoptdsskiller

[2012/12/23 14:12:22 | 000,000,000 | ---D | C] -- C:WINDOWSERUNT

[2012/12/23 14:12:17 | 000,000,000 | ---D | C] -- C:JRT

[2012/12/23 14:11:14 | 000,496,081 | ---- | C] (Oleg N. Scherbakov) -- C:Documents and SettingsTerryDesktopJRT.exe

[2012/12/23 14:03:04 | 000,000,000 | ---D | C] -- C:_OTL

[2012/12/23 00:50:08 | 004,732,416 | ---- | C] (AVAST Software) -- C:Documents and SettingsTerryDesktopaswMBR.exe

[2012/12/23 00:38:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsTerryDesktopOTL.exe

[2012/12/22 12:48:15 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2012/12/22 12:48:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryStart MenuProgramsHiJackThis

[2012/12/18 15:01:58 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe

[2012/12/18 15:01:58 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32java.exe

[2012/12/18 15:01:58 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32WindowsAccessBridge.dll

[2012/12/17 00:28:57 | 000,000,000 | RH-D | C] -- C:Documents and SettingsTerryRecent

[2012/12/16 23:53:41 | 000,033,408 | ---- | C] (GFI Software) -- C:WINDOWSSystem32driversgfiark.sys

[2012/12/16 23:47:44 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataLavasoftStatistics

[2012/12/16 23:46:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryLocal SettingsApplication DataDownloaded Installations

[2012/12/16 23:45:56 | 000,013,560 | ---- | C] (GFI Software) -- C:WINDOWSSystem32driversgfibto.sys

[2012/12/16 23:45:32 | 000,000,000 | ---D | C] -- C:Program FilesToolbar Cleaner

[2012/12/15 19:04:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsREAPER

[2012/12/15 19:03:53 | 000,000,000 | ---D | C] -- C:Program FilesREAPER

[2012/12/13 03:42:28 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsCCleaner

[2012/12/13 03:42:27 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2012/12/12 18:57:56 | 000,000,000 | -HSD | C] -- C:WINDOWSftpcache

[2012/12/12 00:29:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsPdf2Jpg

[2012/12/12 00:29:13 | 000,000,000 | ---D | C] -- C:Program FilesPdf2Jpg

[2012/12/10 17:29:53 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32spmsg.dll

[2012/12/10 17:29:32 | 000,000,000 | ---D | C] -- C:Program FilesWindows Media Connect 2

[2012/12/10 17:28:00 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32driversUMDF

[2012/12/10 17:28:00 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32LogFiles

[2012/12/10 01:44:59 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerApp.exe

[2012/12/10 00:08:08 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMcAfee Security Scan

[2012/12/10 00:08:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMcAfee Security Scan Plus

[2012/12/10 00:08:05 | 000,000,000 | ---D | C] -- C:Program FilesMcAfee Security Scan

[2012/12/10 00:07:36 | 000,000,000 | ---D | C] -- C:Program FilesAdobe

[2012/12/10 00:07:35 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesAdobe

[2012/12/09 23:33:37 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2012/12/09 23:31:48 | 000,000,000 | ---D | C] -- C:Program Filesfp_10.3.r183.43_archive

[2012/12/07 18:56:13 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryLocal SettingsApplication DataWMTools Downloaded Files

[2012/12/07 18:45:18 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Videos

[2012/12/04 23:57:14 | 000,000,000 | ---D | C] -- C:Program FilesMozilla Firefox

[2012/12/04 21:20:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMicrosoft Silverlight

[2012/12/04 21:20:53 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Silverlight

[2012/12/04 13:03:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryLocal SettingsApplication DataSpotify

[2012/12/04 13:02:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsTerryApplication DataSpotify

 

========== Files - Modified Within 30 Days ==========

 

[2012/12/24 09:12:00 | 000,000,830 | ---- | M] () -- C:WINDOWStasksAdobe Flash Player Updater.job

[2012/12/24 07:44:00 | 000,000,998 | ---- | M] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005UA.job

[2012/12/23 22:42:24 | 000,000,211 | -HS- | M] () -- C:boot.ini

[2012/12/23 22:36:26 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/12/23 21:10:08 | 000,000,784 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes Anti-Malware.lnk

[2012/12/23 21:09:18 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:Documents and SettingsTerryDesktopmbam-setup-1.65.1.1000.exe

[2012/12/23 16:44:00 | 000,000,976 | ---- | M] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005Core.job

[2012/12/23 14:27:30 | 002,195,061 | ---- | M] () -- C:Documents and SettingsTerryDesktoptdsskiller.zip

[2012/12/23 14:12:17 | 000,496,081 | ---- | M] (Oleg N. Scherbakov) -- C:Documents and SettingsTerryDesktopJRT.exe

[2012/12/23 03:20:03 | 000,000,287 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchPC Pitstop Forums.URL

[2012/12/23 01:00:36 | 000,000,512 | ---- | M] () -- C:Documents and SettingsTerryDesktopMBR.dat

[2012/12/23 00:50:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:Documents and SettingsTerryDesktopaswMBR.exe

[2012/12/23 00:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsTerryDesktopOTL.exe

[2012/12/23 00:16:58 | 000,000,264 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick Launchhoosier lottery - mix & match.URL

[2012/12/22 16:23:04 | 000,032,095 | ---- | M] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-1a.PNG

[2012/12/22 16:20:31 | 000,053,864 | ---- | M] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0a.JPG

[2012/12/22 16:20:03 | 000,053,864 | ---- | M] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0.jpg

[2012/12/22 12:52:31 | 000,001,692 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchPC PitStop.url

[2012/12/22 12:50:48 | 000,002,447 | ---- | M] () -- C:Documents and SettingsTerryDesktopHiJackThis.lnk

[2012/12/21 12:56:17 | 000,282,928 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2012/12/21 12:36:52 | 002,359,350 | ---- | M] () -- C:Documents and SettingsTerryDesktopss.bmp

[2012/12/21 02:04:39 | 000,031,744 | ---- | M] () -- C:Documents and SettingsTerryLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/12/20 00:56:32 | 000,000,422 | ---- | M] () -- C:Documents and SettingsTerryDesktopVincent Guitar Lesson - YouTube.url

[2012/12/20 00:37:46 | 000,435,260 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/12/20 00:37:46 | 000,068,156 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/12/18 12:12:13 | 000,000,942 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk

[2012/12/18 02:03:33 | 000,000,353 | ---- | M] () -- C:Documents and SettingsTerryDesktopfingerpicking Freight train.url

[2012/12/17 22:53:53 | 000,000,353 | ---- | M] () -- C:Documents and SettingsTerryDesktopVincent nesh16041972.url

[2012/12/17 00:33:40 | 000,029,612 | ---- | M] () -- C:Documents and SettingsTerryDesktopcc_20121217_003327.reg

[2012/12/16 23:45:56 | 000,013,560 | ---- | M] (GFI Software) -- C:WINDOWSSystem32driversgfibto.sys

[2012/12/16 14:00:34 | 000,013,702 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32dllcacheatmfd.dll

[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32atmfd.dll

[2012/12/15 19:04:06 | 000,000,654 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopREAPER.lnk

[2012/12/14 22:15:25 | 000,001,261 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopLogitech Webcam Software .lnk

[2012/12/14 14:19:26 | 002,359,350 | ---- | M] () -- C:Documents and SettingsTerryDesktoppmmessages~tg.bmp

[2012/12/14 13:40:07 | 000,094,127 | ---- | M] () -- C:Documents and SettingsTerryDesktopscreenshot~tgmessages.jpg

[2012/12/13 03:45:36 | 000,064,076 | ---- | M] () -- C:Documents and SettingsTerryDesktopbkup~cc_20121213_034502.reg

[2012/12/13 03:42:28 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopCCleaner.lnk

[2012/12/12 19:02:57 | 009,835,527 | ---- | M] () -- C:Documents and SettingsTerryDesktopvideoplayback.webm

[2012/12/12 18:49:37 | 009,079,493 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsStardust-Hoagy Carmichael Guitar Cover- Willie Nelson style.flv

[2012/12/12 18:44:30 | 000,000,800 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchWindows Media Player.lnk

[2012/12/12 18:15:10 | 000,000,815 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/12/12 16:41:24 | 009,084,928 | R--- | M] () -- C:Documents and SettingsTerryMy DocumentsHANDYMAN ELECTRICv2.QBW

[2012/12/12 16:41:24 | 001,376,256 | R--- | M] () -- C:Documents and SettingsTerryMy DocumentsHANDYMAN ELECTRICv2.QBW.TLG

[2012/12/12 16:41:24 | 000,000,370 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsHANDYMAN ELECTRICv2.QBW.ND

[2012/12/12 03:12:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerApp.exe

[2012/12/12 03:12:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2012/12/10 17:29:46 | 000,023,392 | ---- | M] () -- C:WINDOWSSystem32nscompat.tlb

[2012/12/10 17:29:46 | 000,016,832 | ---- | M] () -- C:WINDOWSSystem32amcompat.tlb

[2012/12/10 17:28:45 | 000,316,640 | ---- | M] () -- C:WINDOWSWMSysPr9.prx

[2012/12/10 17:28:02 | 000,000,000 | -H-- | M] () -- C:WINDOWSSystem32driversUMDFMsftWdf_user_01_00_00.Wdf

[2012/12/10 00:08:06 | 000,001,807 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMcAfee Security Scan Plus.lnk

[2012/12/10 00:07:45 | 000,001,734 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader XI.lnk

[2012/12/07 01:45:50 | 000,000,249 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchElectrician Talk.URL

[2012/12/06 22:49:50 | 000,000,137 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchEPD.URL

[2012/12/05 22:36:53 | 000,000,309 | ---- | M] () -- C:Documents and SettingsTerryDesktopDashboard - Bing Webmaster Tools.URL

[2012/12/05 22:36:50 | 000,000,301 | ---- | M] () -- C:Documents and SettingsTerryDesktopGOPUSA.URL

[2012/12/05 22:36:46 | 000,000,338 | ---- | M] () -- C:Documents and SettingsTerryDesktopWiring Utility Controlled Meter-base, Wiring a New Main Service Rated Panel, Installing the Grounding System (NEC 2002) - Se.URL

[2012/12/05 22:36:44 | 000,000,238 | ---- | M] () -- C:Documents and SettingsTerryDesktopTwitter.URL

[2012/12/05 22:36:40 | 000,000,303 | ---- | M] () -- C:Documents and SettingsTerryDesktopRefacing Kitchen Cabinets Complete Instructions 3 of 6.URL

[2012/12/05 22:36:39 | 000,000,241 | ---- | M] () -- C:Documents and SettingsTerryDesktopPhotobucket.URL

[2012/12/05 22:36:35 | 000,000,279 | ---- | M] () -- C:Documents and SettingsTerryDesktopNatural handyman.URL

[2012/12/05 22:36:31 | 000,000,268 | ---- | M] () -- C:Documents and SettingsTerryDesktopHow to Calculate Your hourly Rate as a Handyman.URL

[2012/12/05 22:36:24 | 000,000,249 | ---- | M] () -- C:Documents and SettingsTerryDesktophome depot forums.URL

[2012/12/05 22:36:17 | 000,000,243 | ---- | M] () -- C:Documents and SettingsTerryDesktopHome Depot.URL

[2012/12/05 22:36:14 | 000,000,242 | ---- | M] () -- C:Documents and SettingsTerryDesktopheritage.org.URL

[2012/12/05 22:36:11 | 000,000,299 | ---- | M] () -- C:Documents and SettingsTerryDesktopGUILT - OR WHY IT'S GOOD TO FEEL BAD - NYTimes.com.URL

[2012/12/05 22:36:08 | 000,000,276 | ---- | M] () -- C:Documents and SettingsTerryDesktopGeorge Carlin On His Time In The Military - YouTube.URL

[2012/12/05 22:35:52 | 000,000,249 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchDIY Chatroom.URL

[2012/12/05 22:35:50 | 000,000,250 | ---- | M] () -- C:Documents and SettingsTerryDesktopBrowning Genealogy Evansville Area Obituary Search.URL

[2012/12/05 22:34:23 | 000,000,260 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsStars Fell On Alabama, acoustic guitar instrumental - YouTube.URL

[2012/12/05 22:34:18 | 000,000,260 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsAutumn Leaves Eric Clapton Cover - YouTube.URL

[2012/12/04 13:03:03 | 000,001,854 | ---- | M] () -- C:Documents and SettingsTerryDesktopSpotify.lnk

[2012/12/02 23:40:56 | 000,001,349 | ---- | M] () -- C:Documents and SettingsTerryDesktop~electriciansforum_reply.rtf

[2012/12/01 08:13:25 | 000,017,435 | ---- | M] () -- C:Documents and SettingsTerryDesktopsoffit.jpg

[2012/11/30 07:20:22 | 000,087,627 | ---- | M] () -- C:Documents and SettingsTerryDesktopimage-3272025367.jpg

[2012/11/29 10:53:27 | 000,033,408 | ---- | M] (GFI Software) -- C:WINDOWSSystem32driversgfiark.sys

[2012/11/28 10:35:22 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32WindowsAccessBridge.dll

[2012/11/28 10:31:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe

[2012/11/28 10:31:25 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32java.exe

[2012/11/27 23:33:39 | 000,004,718 | ---- | M] () -- C:Documents and SettingsTerryMy DocumentsPrice Book~csv.csv

[2012/11/24 23:42:01 | 000,000,112 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchCNSnews.URL

[2012/11/24 23:36:43 | 000,000,074 | ---- | M] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchContractors ~Evansville.URL

 

========== Files Created - No Company Name ==========

 

[2012/12/23 21:10:08 | 000,000,784 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes Anti-Malware.lnk

[2012/12/23 14:23:28 | 002,195,061 | ---- | C] () -- C:Documents and SettingsTerryDesktoptdsskiller.zip

[2012/12/23 03:20:03 | 000,000,287 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchPC Pitstop Forums.URL

[2012/12/23 01:00:36 | 000,000,512 | ---- | C] () -- C:Documents and SettingsTerryDesktopMBR.dat

[2012/12/23 00:16:58 | 000,000,264 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick Launchhoosier lottery - mix & match.URL

[2012/12/22 16:23:04 | 000,032,095 | ---- | C] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-1a.PNG

[2012/12/22 16:20:31 | 000,053,864 | ---- | C] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0a.JPG

[2012/12/22 16:18:08 | 000,053,864 | ---- | C] () -- C:Documents and SettingsTerryDesktopvincenttab~chetatkins-0.jpg

[2012/12/22 12:52:31 | 000,001,692 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchPC PitStop.url

[2012/12/22 12:48:15 | 000,002,447 | ---- | C] () -- C:Documents and SettingsTerryDesktopHiJackThis.lnk

[2012/12/21 16:39:50 | 000,000,998 | ---- | C] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005UA.job

[2012/12/21 16:39:50 | 000,000,976 | ---- | C] () -- C:WINDOWStasksFacebookUpdateTaskUserS-1-5-21-606747145-1060284298-725345543-1005Core.job

[2012/12/21 12:36:52 | 002,359,350 | ---- | C] () -- C:Documents and SettingsTerryDesktopss.bmp

[2012/12/20 00:56:31 | 000,000,422 | ---- | C] () -- C:Documents and SettingsTerryDesktopVincent Guitar Lesson - YouTube.url

[2012/12/18 12:12:13 | 000,000,942 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk

[2012/12/18 02:03:33 | 000,000,353 | ---- | C] () -- C:Documents and SettingsTerryDesktopfingerpicking Freight train.url

[2012/12/17 22:53:53 | 000,000,353 | ---- | C] () -- C:Documents and SettingsTerryDesktopVincent nesh16041972.url

[2012/12/17 00:33:31 | 000,029,612 | ---- | C] () -- C:Documents and SettingsTerryDesktopcc_20121217_003327.reg

[2012/12/15 19:04:06 | 000,000,654 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopREAPER.lnk

[2012/12/14 22:15:25 | 000,001,261 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopLogitech Webcam Software .lnk

[2012/12/14 14:19:26 | 002,359,350 | ---- | C] () -- C:Documents and SettingsTerryDesktoppmmessages~tg.bmp

[2012/12/14 13:40:07 | 000,094,127 | ---- | C] () -- C:Documents and SettingsTerryDesktopscreenshot~tgmessages.jpg

[2012/12/13 03:45:24 | 000,064,076 | ---- | C] () -- C:Documents and SettingsTerryDesktopbkup~cc_20121213_034502.reg

[2012/12/13 03:42:28 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopCCleaner.lnk

[2012/12/12 19:02:30 | 009,835,527 | ---- | C] () -- C:Documents and SettingsTerryDesktopvideoplayback.webm

[2012/12/12 18:47:24 | 009,079,493 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsStardust-Hoagy Carmichael Guitar Cover- Willie Nelson style.flv

[2012/12/12 18:15:10 | 000,000,815 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/12/10 17:28:02 | 000,000,000 | -H-- | C] () -- C:WINDOWSSystem32driversUMDFMsftWdf_user_01_00_00.Wdf

[2012/12/10 01:45:00 | 000,000,830 | ---- | C] () -- C:WINDOWStasksAdobe Flash Player Updater.job

[2012/12/10 00:08:06 | 000,001,807 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopMcAfee Security Scan Plus.lnk

[2012/12/10 00:07:45 | 000,001,804 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsAdobe Reader XI.lnk

[2012/12/10 00:07:45 | 000,001,734 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader XI.lnk

[2012/12/07 01:45:50 | 000,000,249 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchElectrician Talk.URL

[2012/12/06 22:48:49 | 000,000,137 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchEPD.URL

[2012/12/05 22:36:53 | 000,000,309 | ---- | C] () -- C:Documents and SettingsTerryDesktopDashboard - Bing Webmaster Tools.URL

[2012/12/05 22:36:50 | 000,000,301 | ---- | C] () -- C:Documents and SettingsTerryDesktopGOPUSA.URL

[2012/12/05 22:36:46 | 000,000,338 | ---- | C] () -- C:Documents and SettingsTerryDesktopWiring Utility Controlled Meter-base, Wiring a New Main Service Rated Panel, Installing the Grounding System (NEC 2002) - Se.URL

[2012/12/05 22:36:44 | 000,000,238 | ---- | C] () -- C:Documents and SettingsTerryDesktopTwitter.URL

[2012/12/05 22:36:40 | 000,000,303 | ---- | C] () -- C:Documents and SettingsTerryDesktopRefacing Kitchen Cabinets Complete Instructions 3 of 6.URL

[2012/12/05 22:36:39 | 000,000,241 | ---- | C] () -- C:Documents and SettingsTerryDesktopPhotobucket.URL

[2012/12/05 22:36:35 | 000,000,279 | ---- | C] () -- C:Documents and SettingsTerryDesktopNatural handyman.URL

[2012/12/05 22:36:31 | 000,000,268 | ---- | C] () -- C:Documents and SettingsTerryDesktopHow to Calculate Your hourly Rate as a Handyman.URL

[2012/12/05 22:36:24 | 000,000,249 | ---- | C] () -- C:Documents and SettingsTerryDesktophome depot forums.URL

[2012/12/05 22:36:17 | 000,000,243 | ---- | C] () -- C:Documents and SettingsTerryDesktopHome Depot.URL

[2012/12/05 22:36:14 | 000,000,242 | ---- | C] () -- C:Documents and SettingsTerryDesktopheritage.org.URL

[2012/12/05 22:36:11 | 000,000,299 | ---- | C] () -- C:Documents and SettingsTerryDesktopGUILT - OR WHY IT'S GOOD TO FEEL BAD - NYTimes.com.URL

[2012/12/05 22:36:08 | 000,000,276 | ---- | C] () -- C:Documents and SettingsTerryDesktopGeorge Carlin On His Time In The Military - YouTube.URL

[2012/12/05 22:35:52 | 000,000,249 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchDIY Chatroom.URL

[2012/12/05 22:35:50 | 000,000,250 | ---- | C] () -- C:Documents and SettingsTerryDesktopBrowning Genealogy Evansville Area Obituary Search.URL

[2012/12/05 22:34:23 | 000,000,260 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsStars Fell On Alabama, acoustic guitar instrumental - YouTube.URL

[2012/12/05 22:34:18 | 000,000,260 | ---- | C] () -- C:Documents and SettingsTerryMy DocumentsAutumn Leaves Eric Clapton Cover - YouTube.URL

[2012/12/04 13:03:03 | 000,001,860 | ---- | C] () -- C:Documents and SettingsTerryStart MenuProgramsSpotify.lnk

[2012/12/04 13:03:03 | 000,001,854 | ---- | C] () -- C:Documents and SettingsTerryDesktopSpotify.lnk

[2012/12/02 23:40:56 | 000,001,349 | ---- | C] () -- C:Documents and SettingsTerryDesktop~electriciansforum_reply.rtf

[2012/12/01 08:13:24 | 000,017,435 | ---- | C] () -- C:Documents and SettingsTerryDesktopsoffit.jpg

[2012/11/30 07:20:21 | 000,087,627 | ---- | C] () -- C:Documents and SettingsTerryDesktopimage-3272025367.jpg

[2012/11/24 23:42:01 | 000,000,112 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchCNSnews.URL

[2012/11/24 23:36:43 | 000,000,074 | ---- | C] () -- C:Documents and SettingsTerryApplication DataMicrosoftInternet ExplorerQuick LaunchContractors ~Evansville.URL

[2012/11/14 20:22:55 | 000,120,200 | ---- | C] () -- C:WINDOWSSystem32DLLDEV32i.dll

[2012/11/09 20:11:16 | 000,000,034 | -H-- | C] () -- C:WINDOWSSystem32Converter_sysquict.dat

[2012/11/09 20:10:54 | 000,164,352 | ---- | C] () -- C:WINDOWSSystem32unrar.dll

[2012/11/09 20:10:51 | 000,755,027 | ---- | C] () -- C:WINDOWSSystem32xvidcore.dll

[2012/11/09 20:10:50 | 003,596,288 | ---- | C] () -- C:WINDOWSSystem32qt-dx331.dll

[2012/11/09 20:10:50 | 000,159,839 | ---- | C] () -- C:WINDOWSSystem32xvidvfw.dll

[2012/11/09 20:10:49 | 000,007,680 | ---- | C] () -- C:WINDOWSSystem32ff_vfw.dll

[2012/11/02 00:17:55 | 000,000,090 | ---- | C] () -- C:WINDOWSQBChanUtil_Trigger.ini

[2012/10/23 20:43:00 | 000,031,744 | ---- | C] () -- C:Documents and SettingsTerryLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/23 14:54:21 | 000,171,563 | ---- | C] () -- C:WINDOWShpwins27.dat

[2012/10/23 14:54:20 | 000,000,385 | ---- | C] () -- C:WINDOWShpwmdl27.dat

[2012/10/21 11:09:32 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll

[2012/10/21 08:11:08 | 000,040,960 | ---- | C] () -- C:WINDOWSSystem32ChCfg.exe

[2012/10/21 08:10:28 | 000,135,168 | ---- | C] () -- C:WINDOWSSystem32RtlCPAPI.dll

[2012/10/21 08:09:30 | 000,061,440 | ---- | C] () -- C:WINDOWSSystem32vuins32.dll

[2012/10/21 07:57:49 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2012/10/21 07:52:25 | 000,021,640 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2012/10/21 02:43:40 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2012/10/21 02:42:26 | 000,282,928 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2012/01/18 00:44:00 | 010,919,784 | ---- | C] () -- C:WINDOWSSystem32LogiDPP.dll

[2012/01/18 00:44:00 | 000,338,136 | ---- | C] () -- C:WINDOWSSystem32DevManagerCore.dll

[2012/01/18 00:44:00 | 000,103,272 | ---- | C] () -- C:WINDOWSSystem32LogiDPPApp.exe

[2011/11/16 19:40:38 | 000,028,418 | ---- | C] () -- C:WINDOWSSystem32lvcoinst.ini

 

========== ZeroAccess Check ==========

 

[2012/10/22 23:30:23 | 000,000,227 | RHS- | M] () -- C:WINDOWSassemblyDesktop.ini

 

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

 

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

"" = %SystemRoot%system32shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]

"" = C:WINDOWSsystem32wbemfastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

"" = C:WINDOWSsystem32wbemwbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< End of report >

Link to comment
Share on other sites

Hello tacticaltal

 

Lets take care of the following and see if it helps your browser speed issues:

  • Please open OTL

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKU\S-1-5-21-606747145-1060284298-725345543-1004\..\SearchScopes\{0C72F88E-F61B-4866-9153-B0919761F63D}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
    O3 - HKU\S-1-5-21-606747145-1060284298-725345543-1004\..\Toolbar\WebBrowser: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
    
    
  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
Please post the OTL log in your next reply and let me know if the browser is still laggy.

 

Link to comment
Share on other sites

It's still slow and hangs quite a bit.

 

I see a lot of "Errors on Page" in taskbar

 

also, I see loading (in taskbar when opening a page): static.ak.facebook. I couldn't get the rest of it.

 

Here's the log after running fix

 

All processes killed

========== OTL ==========

Process explorer.exe killed successfully!

Registry key HKEY_USERSS-1-5-21-606747145-1060284298-725345543-1004SoftwareMicrosoftInternet ExplorerSearchScopes{0C72F88E-F61B-4866-9153-B0919761F63D} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0C72F88E-F61B-4866-9153-B0919761F63D} not found.

Registry key HKEY_USERSS-1-5-21-606747145-1060284298-725345543-1004SoftwareMicrosoftInternet ExplorerToolbarWebBrowser not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{311B58DC-A4DC-4B04-B1B5-60299AD3D803} not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Deborah

->Temp folder emptied: 67545 bytes

->Temporary Internet Files folder emptied: 50249302 bytes

->Flash cache emptied: 3847 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Ryan

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Terry

->Temp folder emptied: 8435 bytes

->Temporary Internet Files folder emptied: 48063127 bytes

->FireFox cache emptied: 32491483 bytes

->Flash cache emptied: 2041 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 43536 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 5058422 bytes

 

Total Files Cleaned = 130.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Deborah

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Ryan

->Flash cache emptied: 0 bytes

 

User: Terry

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12242012_184902

FilesFolders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to comment
Share on other sites

Hello tacticaltal

 

It's still slow and hangs quite a bit.

I see a lot of "Errors on Page" in taskbar

The ESET scan was clean and your latest OTL log looks good. Although you are still having issues with Internet Explorer it does not appear to be malware related at this time as your scans are coming back clean.

 

We can try the following but if it does not help you may need to begin a new thread in our networking, email and internet connections forum.

 

 

Please download Windows Repair (all in one) from here

 

Install the program then run it

 

Go to step 2 and allow it to run Disk check

 

%20http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif

 

Once that is done then go to step 3 and allow it to run SFC

 

Posted Image

 

On the the Start Repairs tab => Click the Start

 

Posted Image

 

Click on the select all check box and then click on Start

 

DON'T use the computer while each scan is in progress.

 

Restart may be needed to finish the repair procedure.

 

Let me know if there is any change in your next reply.

Link to comment
Share on other sites

I wasn't able to use the System File Check in Step 3 because I'm currently running SP3, and my CD has SP2 OS on it. I did run the Start Repairs in the last step, but it closed and rebooted the computer, so I wasn't able to see any report it may have generated.

 

IE is still messed up, so I guess I'll amble on over to the forum you suggested.

 

Thank you for your assistance.

 

On a side note, does Windows (or IE/Firefox) store the messages seen in the Status Bar when opening a page or clicking a link?

Link to comment
Share on other sites

Hello tacticaltal

 

IE is still messed up, so I guess I'll amble on over to the forum you suggested.

You can find it here

 

On a side note, does Windows (or IE/Firefox) store the messages seen in the Status Bar when opening a page or clicking a link?

That would be a question for the browser/tech experts.

 

Lets remove the tools we used in the steps below:

 

  • Please perform the following cleanup procedure

    • Double click on the OTM.exe icon on your desktop to run the program. (Note: If you are running Vista/Windows 7, right-click on the file and choose Run As Administrator).
    • Once OTM has opened, click on the "CleanUp!" button.
    • Follow any prompts that you receive.
  • Removal of Tools

    • You no longer need aswMBR, Junkware Removal Tool, TDSSKiller or Windows repair all in one. Please delete them from your machine.
    Once you have completed the above steps you should be good to go!
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • You can download Firefox from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    • Please Note: IE9 is not configured to run on XP machines.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...