Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

.DLL Files Getting Deleted After Trojan.Agent/Gen-Kryptik Infection [S


  • This topic is locked This topic is locked

#1
blueheadsets

blueheadsets

    Member

  • Member
  • PipPip
  • 37 posts
I use SUPERAntiSpyware and it detected Trojan.Agent/Gen-Kryptik. I removed the files and everything with SUPERAntiSpyware. Now I have 3 programs that I constantly have to re-install because the .DLL files keep getting deleted. The programs usually re-install and run OK but after a short while or a reboot when I try running the programs again it says it cannot locate a certain .DLL file. I disabled/stopped running SUPERAntiSpyware thinking it was quarantining the files but that didn't change anything. I use Panda anti-virus but that doesn't seem to be effecting what's happening either.

I do have the SUPERAntiSpyware log from the infection if needed.

Here are the programs I have to keep re-installing:

Thunderbird: NSLDAPPR32V60.DLL
Quickbooks: QBMAPILIBRARY.DLL
Dazzle Postage Software: EMWEIGHT.DLL

Any help would be greatly appreciated!!!!!!!!!!

OTL logfile created on: 8/30/2012 2:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Mark Hritz\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 42.17% Memory free
5.30 Gb Paging File | 3.68 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): C:\pagefile.sys 2791 4186 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.89 Gb Total Space | 18.47 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
Drive E: | 93.11 Gb Total Space | 93.11 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 93.21 Gb Total Space | 93.21 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MARK-OSX | User Name: Mark Hritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 14:29:33 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Hritz\My Documents\Downloads\OTL.exe
PRC - [2012/08/24 07:01:40 | 007,533,992 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/08/24 07:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/24 06:55:10 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/07/12 10:56:20 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 10:55:48 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/26 17:24:06 | 000,354,768 | ---- | M] (Plantronics, Inc.) -- C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2012/03/26 17:13:10 | 000,624,080 | ---- | M] (Plantronics, Inc.) -- C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/10/16 19:41:31 | 000,201,976 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe
PRC - [2011/08/18 01:48:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/06/26 13:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/05/21 13:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/11/15 01:40:46 | 000,427,296 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/09/16 17:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 17:32:48 | 001,135,904 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE
PRC - [2009/09/16 17:32:44 | 000,124,192 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2008/09/12 15:19:16 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/09/12 15:19:14 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/09/12 15:09:57 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/13 10:32:04 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgr.exe
PRC - [2005/08/23 20:00:48 | 000,430,080 | ---- | M] (J. Eric Vaughan) -- C:\Program Files\Stay On Top\StayOnTop.exe
PRC - [2004/12/03 12:04:18 | 000,396,316 | ---- | M] (Naissan Innovations, LLC) -- C:\Program Files\AtomTime Pro\AtomTime.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/30 11:48:31 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/08/30 11:48:31 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/08/17 18:28:55 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 18:28:52 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 18:27:23 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 18:27:22 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 18:27:21 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/08/17 17:28:22 | 009,255,624 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
MOD - [2012/06/14 03:30:11 | 000,346,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\2e6ec167c4b5840a9664b469f5be76b9\PlantronicsURE.ni.exe
MOD - [2012/06/14 03:30:03 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\350c07431b81c483d0d5c4574e7dd89f\PlantronicsBatteryStatus.ni.exe
MOD - [2012/06/14 03:29:59 | 000,128,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\388596826e6ffe5efd8189db15bdd847\Plantronics.UC.Skype.ni.dll
MOD - [2012/06/14 03:29:28 | 000,490,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\4717fc29cf79104a64c399d51f002e2e\Plantronics.Globalization.ni.dll
MOD - [2012/06/14 03:29:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:29:19 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:29:07 | 000,516,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\48f8b0fa54af59727424fa578e625e0d\Plantronics.Utility.ni.dll
MOD - [2012/06/14 03:27:28 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:27:15 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 03:23:22 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/06/14 03:14:56 | 000,054,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\c2b202f755140fc35e817470178e5e8d\Plantronics.UC.WebexConnect.ni.dll
MOD - [2012/06/14 03:13:48 | 000,112,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\6d8add850f05e4c0114eee5acf9e4692\Plantronics.Device.Hid.ni.dll
MOD - [2012/06/14 03:13:46 | 000,582,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\3506e6ecfd990b0db4a6d03da0f02469\Plantronics.Device.Common.ni.dll
MOD - [2012/06/14 03:13:26 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
MOD - [2012/05/13 03:29:51 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:29:15 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MOD - [2012/05/13 03:28:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\087dffb5022baf107cabf67fc160cea3\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2012/05/13 03:28:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d89fd09cf90ccd3c5f51459976fcfe18\Plantronics.UC.ShoreTel.ni.dll
MOD - [2012/05/13 03:28:15 | 000,112,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\b7d3a8d703c168ad2c75d38e5a779fc4\Plantronics.UC.SessionService.ni.dll
MOD - [2012/05/13 03:28:13 | 000,031,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest#\e367f351f2903b3a5232499595db52af\Plantronics.UC.Rest.JsonpExtension.ni.dll
MOD - [2012/05/13 03:27:14 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
MOD - [2012/05/13 03:27:10 | 000,299,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest\39db94387b79144b635f4e914fa519dd\Plantronics.UC.Rest.ni.dll
MOD - [2012/05/13 03:27:05 | 000,155,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\fcdf2e64b52f861ead68166aafe1c732\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2012/05/13 03:27:01 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.SP30SDKLib\4f6988a093db3c3d1403c2574a3f9f92\Interop.SP30SDKLib.ni.dll
MOD - [2012/05/13 03:27:00 | 000,065,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.NEC\dd78b6340b96ef4e359e0f8e6c6fd967\Plantronics.UC.NEC.ni.dll
MOD - [2012/05/13 03:26:57 | 000,039,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\f2e50e34930ab574a710455b74a96278\Plantronics.UC.iTunes.ni.dll
MOD - [2012/05/13 03:26:48 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
MOD - [2012/05/13 03:26:45 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012/05/13 03:26:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012/05/13 03:26:37 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/13 03:26:10 | 000,735,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\d5574220d32e4d800e81ddba2737813b\Plantronics.UC.CSFClient.ni.dll
MOD - [2012/05/13 03:26:08 | 000,139,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\21f3ffe05cee04b1383bf8ed2bed5294\Plantronics.UC.CSF.ni.dll
MOD - [2012/05/13 03:26:04 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\e7c0f4c824348e5b0f88f2470e4d0b5d\Plantronics.UC.Cisco.ni.dll
MOD - [2012/05/13 03:26:02 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\5fd5d9e7e24beaa13283b982a5c175c9\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2012/05/13 03:26:00 | 000,067,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\901c5e284c4ec9dbe4a75c4674402d75\Plantronics.UC.TAPI.ni.dll
MOD - [2012/05/13 03:25:59 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\3fc9f9f9d816cc85def3e32e12c73410\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2012/05/13 03:25:55 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\2590fd62f3e166474680b424af4d0220\Plantronics.UC.Common.ni.dll
MOD - [2012/05/13 03:25:53 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\2257d435dc1dcd01888577478ddd97f4\Plantronics.UC.Avaya.ni.dll
MOD - [2012/05/13 03:25:49 | 000,111,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\c1d4ceabd2c641c102905e8ece1a2391\Plantronics.License.Manager.ni.dll
MOD - [2012/05/13 03:25:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\b8aa36668909c37ed79559006d59b7af\Plantronics.License.Common.ni.dll
MOD - [2012/05/13 03:25:41 | 000,076,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\37d21c41c9bce51ac956a4a4347d9c3a\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2012/05/13 03:25:34 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Util#\5fa58996878ab9421e79758ffdb59ef8\Plantronics.UC.Utility.ni.dll
MOD - [2012/05/13 03:25:07 | 000,035,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\299815298c225dcf520401b8f95ffc83\Plantronics.Config.ni.dll
MOD - [2012/05/13 03:24:28 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\cb360d948d3a415eed4a9924b14c98e5\log4net.ni.dll
MOD - [2012/05/13 03:21:42 | 000,414,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\472a3c289a92db348fa8f7779d14738d\Interop.SKYPE4COMLib.ni.dll
MOD - [2012/05/13 03:21:32 | 000,214,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\69e282a3bf754cf69500be1a4d8380ca\Interop.FNCClient11Lib.ni.dll
MOD - [2012/05/13 03:21:29 | 000,144,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\c23505b38b9959f90a8580dd9dc1218d\Interop.CommunicatorAPI.ni.dll
MOD - [2012/05/13 03:21:26 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\1e39163c67bd28bc84e9b41c76a0e73c\Interop.CiscoInterface.ni.dll
MOD - [2012/05/13 03:20:47 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/05/13 03:20:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:20:34 | 000,440,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Atapi\ea18a74f1ed9daf4ffbf5ea32fd4f79f\Atapi.ni.dll
MOD - [2012/05/13 03:18:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:17:29 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012/05/13 03:15:40 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:15:18 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/16 19:41:31 | 000,201,976 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe
MOD - [2011/07/25 14:09:58 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/03/04 13:01:02 | 000,097,384 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2009/09/16 17:33:22 | 000,062,752 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\QBMAPILibrary.dll
MOD - [2009/09/16 17:33:08 | 000,054,560 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\mbpopup.dll
MOD - [2009/09/16 17:32:54 | 000,288,032 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\boost_regex-vc80-mt-p-1_33.dll
MOD - [2009/09/16 17:32:52 | 000,312,608 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\BackupLib.dll
MOD - [2009/08/08 21:55:01 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2008/12/22 13:52:02 | 002,236,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\5.0.22.2__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2008/12/22 13:52:01 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Api\5.0.22.2__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Api.dll
MOD - [2008/09/12 15:19:14 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
MOD - [2008/09/12 15:09:31 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/16 12:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2001/07/31 11:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (STSService)
SRV - [2012/08/27 20:35:22 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 07:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 16:37:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/12 10:56:20 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 10:55:48 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/08/18 01:48:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/12 15:19:16 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2008/09/12 15:19:14 | 000,136,496 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/10/22 11:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/13 07:02:48 | 000,120,616 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/07/13 07:02:47 | 000,179,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/07/13 07:02:47 | 000,114,728 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/07/13 07:02:47 | 000,101,544 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/07/13 07:02:46 | 000,149,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/07/12 10:55:53 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/06/27 15:51:05 | 000,051,496 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)
DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/03/26 19:42:10 | 000,121,080 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/09 13:54:48 | 000,038,536 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NNSNAHS.sys -- (NNSNAHS)
DRV - [2011/08/04 09:52:13 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 09:52:13 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2010/11/09 23:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 17:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 22:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 22:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 22:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/19 14:04:41 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/28 15:40:06 | 000,033,336 | ---- | M] (M2Tech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vadspdif.sys -- (vadspdif)
DRV - [2009/11/15 01:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 09:36:53 | 000,029,696 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp)
DRV - [2009/10/16 09:36:53 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm)
DRV - [2009/10/16 09:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/08/27 15:52:48 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/08/27 15:52:44 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/09/12 15:09:56 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/09/12 15:08:50 | 000,013,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/09/12 15:08:41 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/09/12 15:08:39 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/09/12 15:06:23 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/12 15:04:30 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/09/12 15:03:30 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 14:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bthprint.sys -- (BTHprint)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/07/19 09:35:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V-usbser.sys -- (usbser)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/03 19:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 19:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 19:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 19:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/06/13 06:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 06:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 06:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 06:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 06:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 09:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 09:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F7926C8D-7B78-4838-A95E-EC82CDB8E326}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://localhost:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\..\SearchScopes\{F7926C8D-7B78-4838-A95E-EC82CDB8E326}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.11.2.1
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.2.4181
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:6.010.023.001
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mark Hritz\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Mark Hritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mark Hritz\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mattelinc.com/HotWheelsLoader: C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\npHotWheelsLoader.dll (Mattel, Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2010/12/07 16:54:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/07 16:53:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/23 16:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/23 16:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/30 12:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mark Hritz\Application Data\Move Networks [2010/02/25 10:55:17 | 000,000,000 | ---D | M]

[2010/02/15 02:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Extensions
[2010/02/15 02:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/27 23:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions
[2012/08/22 08:07:26 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/04/27 15:38:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 03:16:27 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2012/07/05 14:39:57 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/04/27 15:38:46 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/08/27 23:20:27 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/05/27 15:25:42 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\[email protected]
[2009/03/27 19:18:29 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\ask.xml
[2010/08/23 14:34:27 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\askcom.xml
[2012/08/23 16:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/23 16:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/23 16:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/09/21 09:24:25 | 000,455,818 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK HRITZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PYGLMPHS.DEFAULT\EXTENSIONS\[email protected]
[2012/03/24 11:50:19 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK HRITZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PYGLMPHS.DEFAULT\EXTENSIONS\[email protected]
[2012/08/23 16:37:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/07/28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- C:\Program Files\mozilla firefox\plugins\NPEltr32.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/04/05 11:09:49 | 000,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/07/21 10:43:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/21 10:43:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: UPS Thermal 2442 Printer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Mark Hritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mark Hritz\Application Data\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: HotWheels Loader (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\npHotWheelsLoader.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\7.7_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Games = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fobcpibfeplaikcclojfdhfdmbbeofai\1.1_0\
CHR - Extension: Chrome Remote Desktop BETA = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.6.1180.51_0\
CHR - Extension: Music = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgakehlldcacnfhjampnkihibmkgclhk\1.1_0\
CHR - Extension: Keep My Opt-Outs = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Google Talk Launcher = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icjglmbkgdgdgdigllcokdabceikdppi\1.0.6_0\
CHR - Extension: Twitter Notifier = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn\4.1.1_0\
CHR - Extension: Calculator = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao\1.0.9_0\
CHR - Extension: Scratchpad = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\3.0.17_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/01 21:50:24 | 000,443,130 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15227 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AtomTime] C:\Program Files\AtomTime Pro\AtomTime.EXE (Naissan Innovations, LLC)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [699D660B7DDCBEB8C5A6CACA73D2DF4CFFD1BE20._service_run] C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Mattel HWRC Launcher] C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\PC Sleep.lnk = C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Installer\{FBAFC5DB-5511-4150-91EC-995E9BB2D099}\_4ae13d6c.exe ()
O4 - Startup: C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\Stay On Top.lnk = C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemywi...i Installer.cab (Support.com Configuration Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229476777125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingb...SlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...11/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA964EDF-1DAC-47D6-B8D4-6694DCA78CE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA964EDF-1DAC-47D6-B8D4-6694DCA78CE8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E745A1FC-2A42-4461-AAFC-5100B3C8391D}: NameServer = 192.168.1.1,208.67.222.222
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/17 01:18:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18d45278-f5cc-11de-9745-00236ca11623}\Shell\Shell00\Command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 12:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/30 11:52:00 | 000,046,280 | ---- | C] (Panda Security) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2012/08/30 09:35:57 | 000,000,000 | ---D | C] -- C:\Envelope Manager
[2012/08/29 17:33:58 | 298,569,104 | ---- | C] (Intuit, Inc. ) -- C:\Documents and Settings\Mark Hritz\Desktop\QuickBooksPro2008.exe
[2012/08/29 17:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Application Data\Download Manager
[2012/08/29 17:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2012/08/29 13:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2012/08/29 13:26:26 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2012/08/29 13:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2012
[2012/08/29 13:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\Quicken
[2012/08/29 13:08:08 | 101,538,008 | ---- | C] (Intuit Inc. ) -- C:\Documents and Settings\Mark Hritz\My Documents\Quicken_Deluxe_2012.exe
[2012/08/29 12:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai
[2012/08/28 09:06:42 | 000,000,000 | ---D | C] -- C:\endicia bu
[2012/08/27 20:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\backup
[2012/08/23 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/22 18:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\Music
[2012/08/22 18:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\Files from work
[2012/08/22 18:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\misc files
[2012/08/22 08:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Google Chrome
[2012/08/03 09:38:41 | 018,376,624 | ---- | C] (Mooii) -- C:\Documents and Settings\Mark Hritz\Desktop\PhotoScape_V3.6.2.exe
[2012/08/01 08:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2010/10/06 00:41:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mark Hritz\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/30 14:41:54 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/30 14:41:54 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/08/30 14:32:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/30 14:21:04 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003UA.job
[2012/08/30 14:18:29 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/08/30 14:18:29 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2012/08/30 11:53:01 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\Stay On Top.lnk
[2012/08/30 11:52:56 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\PC Sleep.lnk
[2012/08/30 11:52:11 | 000,190,797 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/30 11:51:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/30 11:48:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/30 11:48:16 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/30 11:37:52 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\orders.rtf
[2012/08/30 10:52:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 15a4099b-58b9-4a04-bbe9-2874d64da065.job
[2012/08/30 10:49:49 | 000,011,385 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\gsview32.ini
[2012/08/30 08:56:42 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\qbregistration.dat
[2012/08/30 08:21:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003Core.job
[2012/08/29 17:49:11 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw.nd
[2012/08/29 17:34:49 | 298,569,104 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Mark Hritz\Desktop\QuickBooksPro2008.exe
[2012/08/29 17:31:30 | 000,559,800 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Setup_QuickBooksPro2008.exe
[2012/08/29 13:26:19 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2012.lnk
[2012/08/29 13:26:10 | 000,000,165 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2012/08/29 13:08:25 | 101,538,008 | ---- | M] (Intuit Inc. ) -- C:\Documents and Settings\Mark Hritz\My Documents\Quicken_Deluxe_2012.exe
[2012/08/29 02:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a7a39e0b-48ad-48ff-a472-5f8bd268fb29.job
[2012/08/28 11:44:40 | 000,012,364 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\FAX_20120828_1346166317_4.efx
[2012/08/28 10:13:12 | 000,049,404 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\waffle_vodka.jpg
[2012/08/28 09:12:10 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DYMO Printable Postage.lnk
[2012/08/27 19:31:09 | 113,967,104 | R--- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw
[2012/08/27 08:24:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/23 21:55:14 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Firefox Recovery Key.html
[2012/08/23 10:34:48 | 000,189,257 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\screenshot.jpg
[2012/08/23 10:34:23 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\photothumb.db
[2012/08/22 10:16:04 | 000,058,526 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\2012-32.pdf
[2012/08/22 10:14:01 | 000,007,572 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\PamFax.pdf
[2012/08/22 08:13:03 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Google Chrome.lnk
[2012/08/22 08:13:03 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 22:47:20 | 000,000,437 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\My Documents\shipping label template.rtf
[2012/08/21 10:19:15 | 000,037,510 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\EMS 8-25.PDF
[2012/08/17 13:01:20 | 000,137,391 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\My Documents\fax page
[2012/08/16 12:04:14 | 000,037,248 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\EXPRESS 8-18.PDF
[2012/08/14 22:03:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/03 09:42:20 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/08/03 09:42:20 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\PhotoScape.lnk
[2012/08/03 09:38:50 | 018,376,624 | ---- | M] (Mooii) -- C:\Documents and Settings\Mark Hritz\Desktop\PhotoScape_V3.6.2.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 14:24:12 | 000,062,752 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\qbmapilibrary.dll
[2012/08/30 11:37:50 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\orders.rtf
[2012/08/30 09:27:38 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2012/08/30 08:56:42 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\qbregistration.dat
[2012/08/29 17:36:13 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw.nd
[2012/08/29 17:36:12 | 113,967,104 | R--- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw
[2012/08/29 17:33:16 | 000,559,800 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Setup_QuickBooksPro2008.exe
[2012/08/29 13:26:19 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2012.lnk
[2012/08/28 11:44:43 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\FAX_20120828_1346166317_4.efx
[2012/08/28 10:13:16 | 000,049,404 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\waffle_vodka.jpg
[2012/08/28 09:12:10 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DYMO Printable Postage.lnk
[2012/08/23 21:55:03 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Firefox Recovery Key.html
[2012/08/23 10:34:48 | 000,189,257 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\screenshot.jpg
[2012/08/22 18:25:02 | 000,052,304 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\ups forms.efx
[2012/08/22 10:16:03 | 000,058,526 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\2012-32.pdf
[2012/08/22 08:13:03 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Google Chrome.lnk
[2012/08/22 08:13:03 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/22 08:11:33 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003UA.job
[2012/08/22 08:11:31 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003Core.job
[2012/08/21 10:19:14 | 000,037,510 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\EMS 8-25.PDF
[2012/08/17 13:01:20 | 000,137,391 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\My Documents\fax page
[2012/08/16 12:04:11 | 000,037,248 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\EXPRESS 8-18.PDF
[2012/07/27 10:07:11 | 000,007,572 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\PamFax.pdf
[2012/06/04 14:42:59 | 000,021,682 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\info
[2012/05/07 10:29:03 | 000,023,966 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\email
[2012/02/14 19:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/11 10:18:41 | 000,142,359 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\102-0229827-3240243
[2011/05/11 12:01:24 | 000,006,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2011/04/20 14:23:09 | 000,020,836 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\details
[2011/04/12 18:28:25 | 000,000,227 | ---- | C] () -- C:\WINDOWS\DAZZLE.INI
[2011/02/01 15:59:36 | 000,103,016 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\fedex.com
[2010/10/06 00:41:57 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\inst.exe
[2010/10/06 00:41:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\pcouffin.cat
[2010/10/06 00:41:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\pcouffin.inf
[2010/10/05 16:47:30 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/22 01:11:23 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\.recently-used.xbel
[2010/01/05 08:51:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\prvlcl.dat
[2009/02/25 01:56:20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\$_hpcst$.hpc
[2009/01/12 12:39:21 | 000,011,385 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\gsview32.ini
[2009/01/08 03:07:23 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/08/04 09:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/05/12 01:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/01/08 12:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/18 01:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/09/14 16:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/04/13 11:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/11/24 17:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/07 16:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/23 13:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/08/30 14:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/11/24 17:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/03 15:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/12/31 11:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2012/04/15 23:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/08/30 11:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/29 16:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/08/01 00:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/11/29 17:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/04/12 02:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2010/06/03 19:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
[2010/10/05 16:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/12/23 23:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarzEntertainment
[2012/07/01 21:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/12 01:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/08/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wi-Fi Connect
[2009/08/07 17:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WiFiTemp
[2009/04/06 12:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/12/26 21:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 11:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/08/21 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\.purple
[2009/05/12 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\acccore
[2009/01/08 13:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Acronis
[2009/09/17 15:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Any Video Converter
[2010/12/07 16:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\AVG10
[2010/09/04 21:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\com.linnrecords.DownloadManager.40C89B3FC753A97A186C409C1D89AC73BA0FCCBF.1
[2009/08/17 02:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\DataCast
[2009/02/03 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\eFax Messenger
[2009/01/13 13:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Endicia
[2010/04/07 23:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Facebook
[2011/11/27 01:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\foobar2000
[2012/08/30 09:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Galaxy Ship
[2009/09/12 10:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\GetRightToGo
[2011/04/20 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\gtk-2.0
[2010/08/22 16:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\ImgBurn
[2011/11/27 03:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\InstaPostage
[2009/02/03 15:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\j2 Global
[2009/02/19 20:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Kryptel
[2012/07/01 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Oracle
[2010/11/29 17:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Panda Security
[2011/12/04 18:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\PhotoScape
[2012/03/05 09:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Scendix Software
[2009/10/28 13:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Sling Media
[2009/03/09 22:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Smith Micro
[2012/03/05 09:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Softland
[2009/10/17 09:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Southwest Airlines
[2011/07/04 14:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\TeamViewer
[2010/02/15 02:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Thunderbird
[2009/05/13 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Viewpoint
[2010/10/14 13:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\Vso
[2008/12/23 00:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hritz\Application Data\WinPatrol
[2012/08/30 10:52:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 15a4099b-58b9-4a04-bbe9-2874d64da065.job
[2012/08/29 02:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a7a39e0b-48ad-48ff-a472-5f8bd268fb29.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello blueheadsets, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.



Please post the Extras.txt file that was generated when you ran OTL. You can find it here: C:\Documents and Settings\Mark Hritz\My Documents\Downloads\extras.txt


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-2.

Things For Your Next Post:
1. The Extras.txt log
2. The aswMBR log
  • 0

#3
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL Extras logfile created on: 8/30/2012 2:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Mark Hritz\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 42.17% Memory free
5.30 Gb Paging File | 3.68 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): C:\pagefile.sys 2791 4186 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.89 Gb Total Space | 18.47 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
Drive E: | 93.11 Gb Total Space | 93.11 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 93.21 Gb Total Space | 93.21 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MARK-OSX | User Name: Mark Hritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.PBAFOCWMTSFP456Y35L6LR6UWE] -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"1055:TCP" = 1055:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\StarzPlay\StarzPlay.exe" = C:\Program Files\StarzPlay\StarzPlay.exe:*:Enabled:StarzPlay -- (Starz Entertainment, LLC)
"C:\Program Files\StarzPlay\StarzPlayTray.exe" = C:\Program Files\StarzPlay\StarzPlayTray.exe:*:Enabled:StarzPlayTray -- (Starz Entertainment, LLC)
"C:\Program Files\StarzPlay\StarzPlayPlayer.exe" = C:\Program Files\StarzPlay\StarzPlayPlayer.exe:*:Enabled:StarzPlayPlayer -- (Starz Entertainment, LLC)
"C:\Program Files\StarzPlay\StarzUpdater.exe" = C:\Program Files\StarzPlay\StarzUpdater.exe:*:Enabled:StarzUpdater -- (Starz Entertainment, LLC)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe" = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe:*:Enabled:PdaNetPC
"C:\Program Files\Vidalia Bundle\Tor\tor.exe" = C:\Program Files\Vidalia Bundle\Tor\tor.exe:*:Enabled:tor
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D04A86B-2B25-41AB-99AF-F071B420D8D1}" = Starz Play
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A8F7860-F5C6-48FE-8F0E-5CB113A40B13}" = Tracer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C6C0192-BA75-4932-8931-B2FF88346E49}" = Stay On Top
"{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F0F54C-6197-9D25-0D93-AF2FB79C6A31}" = Linn Download Manager
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}" = hp LaserJet 1160/1320 series
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{90B5E602-1867-449D-86FD-FC9DEA4434BF}" = HP Software Update
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A595CC0D-F39E-4A66-B057-B0DBE9BAD757}" = Calisto DFU Driver (x86)
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C95F28-A6B0-4F27-8B65-D159225B87F6}" = Wi-Fi Connect
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}" = UPS Thermal Printer Plugin - Version 8.10
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E338AFA2-6923-4B30-97C2-F6E60EFD1081}" = Plantronics Spokes Software
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FBAFC5DB-5511-4150-91EC-995E9BB2D099}" = PC Sleep 2.1
"07AFE62D73C8799E9E5689F86FB9F48389717BA3" = Windows Driver Package - Plantronics, Inc. (usbser.nt) Ports (04/21/2009 5.1)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"67EB5CEF2A8C9A4153D3EBDCD5607B9796F7AD3D" = Windows Driver Package - Apple Inc. Apple Multitouch (12/04/2008 2.1.2.100)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"7-Zip" = 7-Zip 4.65
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"8262228CD4A5E4AAF3C55B3196FEA46E66F48B99" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/04/2008 2.1.2.100)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"845BCE57FD1EE6BD21926EE98DFE247DC941211A" = Windows Driver Package - M2Tech (vadspdif) MEDIA (01/28/2010 1.0.3.140)
"87669768B0BCCAA9F8AECD401BA4233A85BE181C" = Windows Driver Package - Broadcom (BCM43XX) Net (03/21/2008 4.170.77.3)
"8BBE3DC2B1A38488ADAF1D96E1296F4F88B7F69C" = Windows Driver Package - CirrusLogic (HdAudAddService) MEDIA (09/15/2009 1.0.0.26)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"984ACA88D282310838AF29D5199CDF43AE388FD6" = Windows Driver Package - Apple Inc. Apple Multitouch (09/02/2008 2.1.1.9)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"A5C01BFF56C237567F15CEF109611AE653AA118B" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/02/2008 2.1.1.9)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AnyDVD" = AnyDVD
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AtomTime Pro_is1" = AtomTime Pro 3.1d
"AudibleManager" = AudibleManager
"C5D9C9B48779BE5EB9696772045E4640741CD044" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (05/30/2008 2.1.1.0)
"CCleaner" = CCleaner
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.linnrecords.DownloadManager.40C89B3FC753A97A186C409C1D89AC73BA0FCCBF.1" = Linn Download Manager
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D9EFDADB2FBDCD0488D823F90CA5FC940F84F2BB" = Windows Driver Package - Apple Inc. Apple Keyboard (06/18/2008 2.1.1.1)
"DAZzle" = DAZzle
"Defraggler" = Defraggler (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Endicia Professional" = Endicia Professional
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"foobar2000" = foobar2000 v1.1
"Freecorder4.01" = Freecorder 4.01 Application
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"ImTOO Windows Mobile Ringtone Maker" = ImTOO Windows Mobile Ringtone Maker
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 15.0 (x86 en-US)" = Mozilla Thunderbird 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"Printable Postage.exe" = DYMO Printable Postage
"Revo Uninstaller" = Revo Uninstaller 1.91
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SysInfo" = Creative System Information
"TeamViewer 7" = TeamViewer 7
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 8:55:55 AM | Computer Name = MARK-OSX | Source = Application Hang | ID = 1002
Description = Hanging application SDFiles.exe, version 1.6.1.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/30/2012 11:59:27 AM | Computer Name = MARK-OSX | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 15.0.0.4619, faulting
module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.

Error - 8/30/2012 2:24:51 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:24:51 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:24:51 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:25:13 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:25:13 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:25:13 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:32:03 PM | Computer Name = MARK-OSX | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 15.0.0.4619, faulting
module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.

Error - 8/30/2012 2:40:43 PM | Computer Name = MARK-OSX | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 15.0.0.4619, faulting
module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.

[ System Events ]
Error - 8/14/2012 10:18:05 PM | Computer Name = MARK-OSX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 8/21/2012 10:55:30 PM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 8/21/2012 10:55:30 PM | Computer Name = MARK-OSX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 8/27/2012 7:46:45 PM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 8/27/2012 8:45:49 PM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 8/27/2012 8:49:52 PM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Amazon Unbox Video Service
service to connect.

Error - 8/30/2012 3:17:41 AM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 8/30/2012 11:48:26 AM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 8/30/2012 11:54:18 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 8/30/2012 2:41:18 PM | Computer Name = MARK-OSX | Source = DCOM | ID = 10010
Description = The server {29F458BE-8866-11D5-A3DD-00B0D0F3BAA7} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Could you post the aswMBR log please?
  • 0

#5
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 21:56:53
-----------------------------
21:56:53.952 OS Version: Windows 5.1.2600 Service Pack 3
21:56:53.952 Number of processors: 2 586 0x1706
21:56:53.952 ComputerName: MARK-OSX UserName:
21:56:56.030 Initialize success
21:57:13.109 AVAST engine defs: 12083001
21:57:27.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:57:27.405 Disk 0 Vendor: Hitachi_HTS543232L9SA02 FB4AC50F Size: 305245MB BusType: 3
21:57:27.421 Disk 1 \Device\Harddisk1\DR5 -> \Device\Sbp2\LaCie&d2 quadra&0&00d04b96_1908b32c_Instance00
21:57:27.421 Disk 1 Vendor: LaCie___ Size: 476940MB BusType: 4
21:57:27.452 Disk 0 MBR read successfully
21:57:27.452 Disk 0 MBR scan
21:57:27.515 Disk 0 Windows XP default MBR code
21:57:27.530 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
21:57:27.546 Disk 0 Partition 2 00 AF HFS / HFS+ 243093 MB offset 409640
21:57:27.577 Disk 0 Partition 3 00 AB Darwin boot 619 MB offset 498264280
21:57:27.593 Disk 0 Partition 4 80 (A) 07 HPFS/NTFS NTFS 61332 MB offset 499533824
21:57:27.609 Disk 0 scanning sectors +625141760
21:57:27.702 Disk 0 scanning C:\WINDOWS\system32\drivers
21:57:49.890 Service scanning
21:58:17.062 Modules scanning
21:58:37.405 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:58:41.530 Disk 0 trace - called modules:
21:58:41.577 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:58:41.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae76ab8]
21:58:41.577 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000090[0x8acae968]
21:58:41.577 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ada4940]
21:58:42.421 AVAST engine scan C:\WINDOWS
21:58:59.562 AVAST engine scan C:\WINDOWS\system32
22:04:04.046 AVAST engine scan C:\WINDOWS\system32\drivers
22:04:41.218 AVAST engine scan C:\Documents and Settings\Mark Hritz
22:30:54.468 AVAST engine scan C:\Documents and Settings\All Users
22:36:42.702 Scan finished successfully
22:37:32.124 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark Hritz\Desktop\MBR.dat"
22:37:32.140 The log file has been saved successfully to "C:\Documents and Settings\Mark Hritz\Desktop\aswMBR.txt"
22:38:15.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark Hritz\Desktop\MBR.dat"
22:38:15.515 The log file has been saved successfully to "C:\Documents and Settings\Mark Hritz\Desktop\aswMBR.txt"
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi, :)

Your system has parts of AVG antivirus left on it. We will use the AVG remove tool to take care of it.

You have 3 antispyware programs on the machine. You don't need any more than 1 with real-time scanning and one more for on-demand scanning. You have SpybotS&D running real-time scanning so you will want to keep that. Then you have MalwareBytes and SuperAntiSpyware installed. Since we use MalwareBytes here I will have you uninstall SuperAntiSpyware. If you want to keep SAS, you can uninstall MalwareBytes and reinstall SAS when we are done.

There are 3 programs that you should uninstall. Two of them are known questionable/security risk programs and one is a registry cleaner.

Registry Cleaning Tools

I see Eusing Free Registry Cleaner is installed. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

I also see CCleaner. GeeksToGo does not recommend the use of the registry cleaning tools in CCleaner for the reasons above.


NOTE: OTL, our diagnostic tool was developed to be run from the Desktop. Please go to the C:\Documents and Settings\Mark Hritz\My Documents\Downloads folder.
  • Double click the OTL icon to run the program
  • Click on Posted Image
    You will be prompted to reboot your system. Please do so.
This will delete the OTL program and the files it created.

Now download a fresh copy of OTL and save it to the desktop. Download Link



There is a good bit to do so I'm gonna break it into managable posts. First we will get programs cleaned off of the system and get some files/folders scanned. Then we'll be ready to start killing stuff. :thumbsup: Please read the directions carefully. I would suggest printing them out before starting.

As always, IF you run into problems or don't understand something STOP and ask.


Step-1

Disable SpyBot S&D TeaTimer

Before we begin we need to disable the SpyBot Teatimer.
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Right click the Spybot Icon in the System Tray (looks like a calendar with a padlock symbol ) and click Exit Spybot S&D Resident
  • Run Spybot S&D
  • Go to the Mode menu, and make sure Advanced Mode is selected.
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these boxes:
    Posted Image
  • Close Spybot S&D and Restart your computer.
Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
You can re-start TeaTimer after we are done.


Step-2.

Run the AVG Removal Tool

AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.

Download the AVG removal tool here and save it to the Desktop.
Double click the avg_remover_stf_x86_2012_2125.exe file to run the program and follow all prompts.


Step-3.

Malicious program uninstalls and Optional Removals

Programs in this color are optional rempvals. If you uninstall the program, you must delete the folder(s) in the corresponding color. Programs in black must be uninstalled.

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Akamai NetSession Interface
Viewpoint Media Player
SUPERAntiSpyware Professional
Eusing Free Registry Cleaner


3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Akamai
C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\SUPERAntiSpyware
C:\Documents and Settings\Mark Hritz\Application Data\SUPERAntiSpyware.com
C:\Program Files\Eusing Free Registry Cleaner


2. Close Windows Explorer.


Step-4.

Virustotal File Upload:

There are some files/folders I need scanned.
To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
    • C:\Documents and Settings\Mark Hritz\info
    • C:\Documents and Settings\Mark Hritz\email
    • C:\Documents and Settings\Mark Hritz\102-0229827-3240243
    • C:\Documents and Settings\Mark Hritz\details
    • C:\Documents and Settings\Mark Hritz\Application Data\inst.exe
    • C:\Documents and Settings\All Users\Application Data\.zreglib
    • C:\Documents and Settings\Mark Hritz\My Documents\fax page
    • C:\endicia bu
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.


Step-5.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • If a suspicious object is detected, the default action will be Skip. Do Not change the default action, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    We don't wan't to cure anything yet
  • If Cure is selected, click the down arrow beside it and select Skip,then click Continue => If you are asked to Reboot the computer, please do so.
    Posted Image
  • Note: Choose Skip for everything. Do not choose Cure or
    Delete

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



Step-6.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
  • XP users, double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click and select Run as administrator
  • Click the Search button and wait for the scan to finish.
    Posted Image
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R1].txt


Step-7.

Things For Your Next Post:
1. The VirusTotal links
2. The TDSSKiller log
3. The AdwCleaner[R1].txt log
4. Let me know if the program removal and the uninstalls went OK.
  • 0

#7
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
The file SASCORE.EXE in the Program Files\Superantispyware folder cannot be deleted. Access is denied error.

I did reboot properly and rebooted again and still wasn't able to delete it. Since I am not sure if I should proceed and since the other steps will take some time I will await your reply before moving forward.

Thank you!
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi :)

Were you trying to uninstall SAS? When it didn't delete the file did the uninstall abort? Do you still have SAS in the programs list in Control Panel? If so does the SAS icon (it looks like a bug) show up in the system tray? The error indicates that SAS was running in the background but I didn't see that in the OTL log.
  • 0

#9
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
https://www.virustot...sis/1346462441/
https://www.virustot...sis/1346462557/
https://www.virustot...sis/1346462670/
https://www.virustot...sis/1346462715/
https://www.virustot...sis/1346462804/
https://www.virustot...sis/1346462940/
https://www.virustot...sis/1346463048/
C:\endicia bu is a folder with hundreds of files in it. I created it as a backup to my Endicia Postage Software.
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

C:\endicia bu is a folder with hundreds of files in it. I created it as a backup to my Endicia Postage Software.

That's :cool:, as long as you know what it is. The other files are fine.

Can you answer my questions in post #8 please?
  • 0

Advertisements


#11
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Sorry, I thought I replied. I must not have hit post.

This error was after I uninstalled and re-booted. It happens when I go in to Explorer and try to delete the remaining file folder. \Program Files\Superantispyware It's the only file that won't delete.

There is nothing in the system tray.

Thanks.
  • 0

#12
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
08:39:26.0651 3424 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:39:26.0932 3424 ============================================================
08:39:26.0932 3424 Current date / time: 2012/09/01 08:39:26.0932
08:39:26.0932 3424 SystemInfo:
08:39:26.0932 3424
08:39:26.0932 3424 OS Version: 5.1.2600 ServicePack: 3.0
08:39:26.0932 3424 Product type: Workstation
08:39:26.0932 3424 ComputerName: MARK-OSX
08:39:26.0932 3424 UserName: Mark Hritz
08:39:26.0932 3424 Windows directory: C:\WINDOWS
08:39:26.0932 3424 System windows directory: C:\WINDOWS
08:39:26.0932 3424 Processor architecture: Intel x86
08:39:26.0932 3424 Number of processors: 2
08:39:26.0932 3424 Page size: 0x1000
08:39:26.0932 3424 Boot type: Normal boot
08:39:26.0932 3424 ============================================================
08:39:28.0322 3424 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:39:28.0322 3424 ============================================================
08:39:28.0322 3424 \Device\Harddisk0\DR0:
08:39:28.0322 3424 GPT partitions:
08:39:28.0385 3424 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00003E29-045D-0000-372D-0000380B0000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
08:39:28.0385 3424 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {000046BC-360E-0000-2D5B-000081480000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x1DACA8B0
08:39:28.0385 3424 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {29B83F87-26DB-4E12-9BC5-9AABE693C50E}, Name: Recovery HD, StartLBA 0x1DB2E8D8, BlocksNum 0x135F28
08:39:28.0385 3424 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {47EB0AFB-FCB5-4E84-B38F-2333F6CE9CF0}, Name: Untitled, StartLBA 0x1DC64800, BlocksNum 0x77CA000
08:39:28.0385 3424 MBR partitions:
08:39:28.0385 3424 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1DC64800, BlocksNum 0x77CA000
08:39:28.0385 3424 ============================================================
08:39:28.0416 3424 C: <-> \Device\Harddisk0\DR0\Partition5
08:39:28.0432 3424 ============================================================
08:39:28.0432 3424 Initialize success
08:39:28.0432 3424 ============================================================
08:40:47.0994 3484 ============================================================
08:40:47.0994 3484 Scan started
08:40:47.0994 3484 Mode: Manual; SigCheck; TDLFS;
08:40:47.0994 3484 ============================================================
08:40:48.0260 3484 ================ Scan system memory ========================
08:40:48.0260 3484 System memory - ok
08:40:48.0260 3484 ================ Scan services =============================
08:40:48.0322 3484 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:40:48.0463 3484 !SASCORE - ok
08:40:48.0572 3484 Abiosdsk - ok
08:40:48.0588 3484 abp480n5 - ok
08:40:48.0729 3484 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:40:49.0932 3484 ACPI - ok
08:40:49.0963 3484 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:40:50.0135 3484 ACPIEC - ok
08:40:50.0276 3484 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:40:50.0307 3484 AdobeFlashPlayerUpdateSvc - ok
08:40:50.0307 3484 adpu160m - ok
08:40:50.0385 3484 [ 985E43B02D2443F6C0F440771C77E5D1 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
08:40:50.0416 3484 ADVService ( UnsignedFile.Multi.Generic ) - warning
08:40:50.0416 3484 ADVService - detected UnsignedFile.Multi.Generic (1)
08:40:50.0432 3484 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:40:50.0588 3484 aec - ok
08:40:50.0619 3484 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:40:50.0697 3484 AFD - ok
08:40:50.0713 3484 Aha154x - ok
08:40:50.0713 3484 aic78u2 - ok
08:40:50.0729 3484 aic78xx - ok
08:40:50.0776 3484 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:40:50.0901 3484 Alerter - ok
08:40:50.0916 3484 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:40:51.0057 3484 ALG - ok
08:40:51.0057 3484 AliIde - ok
08:40:51.0057 3484 amsint - ok
08:40:51.0088 3484 [ 99B278C7206221B1F2A4743EB76CA049 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
08:40:51.0151 3484 AnyDVD - ok
08:40:51.0229 3484 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:40:51.0244 3484 Apple Mobile Device - ok
08:40:51.0276 3484 [ 1C8C86FBC8769BE3024BB531A6788A69 ] applemtm C:\WINDOWS\system32\DRIVERS\applemtm.sys
08:40:51.0651 3484 applemtm - ok
08:40:51.0666 3484 [ 3FD269F1D21EFBA4A9EF1AB25E71A25F ] applemtp C:\WINDOWS\system32\DRIVERS\applemtp.sys
08:40:51.0697 3484 applemtp - ok
08:40:51.0744 3484 [ 59B88A527591B8FB8C93765F3B70D1DE ] AppleOSSMgr C:\WINDOWS\system32\AppleOSSMgr.exe
08:40:51.0760 3484 AppleOSSMgr - ok
08:40:51.0776 3484 [ 1EF24FC85A153F8B1A6517A349B87E30 ] AppleTimeSrv C:\WINDOWS\system32\AppleTimeSrv.exe
08:40:51.0791 3484 AppleTimeSrv - ok
08:40:51.0822 3484 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:40:51.0947 3484 AppMgmt - ok
08:40:51.0979 3484 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:40:52.0104 3484 Arp1394 - ok
08:40:52.0104 3484 asc - ok
08:40:52.0119 3484 asc3350p - ok
08:40:52.0119 3484 asc3550 - ok
08:40:52.0276 3484 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:40:52.0307 3484 aspnet_state - ok
08:40:52.0338 3484 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:40:52.0447 3484 AsyncMac - ok
08:40:52.0463 3484 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:40:52.0588 3484 atapi - ok
08:40:52.0588 3484 Atdisk - ok
08:40:52.0635 3484 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:40:52.0760 3484 Atmarpc - ok
08:40:52.0791 3484 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:40:52.0916 3484 AudioSrv - ok
08:40:53.0026 3484 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:40:53.0135 3484 audstub - ok
08:40:53.0213 3484 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:40:53.0276 3484 BCM43XX ( UnsignedFile.Multi.Generic ) - warning
08:40:53.0276 3484 BCM43XX - detected UnsignedFile.Multi.Generic (1)
08:40:53.0307 3484 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:40:53.0447 3484 Beep - ok
08:40:53.0479 3484 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:40:53.0635 3484 BITS - ok
08:40:53.0697 3484 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:40:53.0729 3484 Bonjour Service - ok
08:40:53.0791 3484 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:40:53.0854 3484 Browser - ok
08:40:53.0901 3484 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:40:54.0010 3484 BthEnum - ok
08:40:54.0026 3484 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:40:54.0135 3484 BTHMODEM - ok
08:40:54.0151 3484 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:40:54.0276 3484 BthPan - ok
08:40:54.0307 3484 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
08:40:54.0354 3484 BTHPORT - ok
08:40:54.0401 3484 [ BB68CEBFFD181E18A26112D1B9F90F3D ] BTHprint C:\WINDOWS\system32\DRIVERS\bthprint.sys
08:40:54.0510 3484 BTHprint - ok
08:40:54.0541 3484 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
08:40:54.0666 3484 BthServ - ok
08:40:54.0666 3484 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:40:54.0791 3484 BTHUSB - ok
08:40:54.0807 3484 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:40:54.0947 3484 cbidf2k - ok
08:40:54.0979 3484 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:40:55.0104 3484 CCDECODE - ok
08:40:55.0104 3484 cd20xrnt - ok
08:40:55.0197 3484 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:40:55.0307 3484 Cdaudio - ok
08:40:55.0401 3484 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:40:55.0510 3484 Cdfs - ok
08:40:55.0588 3484 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:40:55.0713 3484 Cdrom - ok
08:40:55.0713 3484 Changer - ok
08:40:55.0744 3484 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:40:55.0854 3484 CiSvc - ok
08:40:55.0869 3484 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:40:56.0010 3484 ClipSrv - ok
08:40:56.0119 3484 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:40:56.0182 3484 clr_optimization_v2.0.50727_32 - ok
08:40:56.0213 3484 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:40:56.0338 3484 CmBatt - ok
08:40:56.0338 3484 CmdIde - ok
08:40:56.0338 3484 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:40:56.0463 3484 Compbatt - ok
08:40:56.0463 3484 COMSysApp - ok
08:40:56.0479 3484 Cpqarray - ok
08:40:56.0494 3484 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:40:56.0635 3484 CryptSvc - ok
08:40:56.0666 3484 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
08:40:56.0666 3484 CVirtA ( UnsignedFile.Multi.Generic ) - warning
08:40:56.0666 3484 CVirtA - detected UnsignedFile.Multi.Generic (1)
08:40:56.0776 3484 [ DAD192D12DD0B4C92F6843203852829F ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
08:40:56.0822 3484 CVPND - ok
08:40:56.0869 3484 [ 26DEEF07394624247D1F549BD94F0B15 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
08:40:56.0885 3484 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
08:40:56.0901 3484 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
08:40:56.0901 3484 dac2w2k - ok
08:40:56.0901 3484 dac960nt - ok
08:40:56.0947 3484 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:40:57.0010 3484 DcomLaunch - ok
08:40:57.0041 3484 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:40:57.0166 3484 Dhcp - ok
08:40:57.0182 3484 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:40:57.0307 3484 Disk - ok
08:40:57.0432 3484 [ A14524D3F130A57163E0B3E057FC85D5 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:40:57.0432 3484 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0432 3484 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
08:40:57.0447 3484 [ 7581407A6A3C56860AE31E6E423FE824 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:40:57.0447 3484 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0447 3484 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
08:40:57.0463 3484 [ 7C4CDF8A684B63D7482E0BF7440DC3B5 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
08:40:57.0463 3484 DLADResN ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0463 3484 DLADResN - detected UnsignedFile.Multi.Generic (1)
08:40:57.0479 3484 [ 97BCA2AAC06A9FEA56615B4B15BDB9B8 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:40:57.0494 3484 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0494 3484 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
08:40:57.0510 3484 [ BE8D558CF749424F0DE612813F7C6725 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:40:57.0510 3484 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0510 3484 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
08:40:57.0510 3484 [ 7E5277CB45DC5E2A86AF8CE093C7EF31 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:40:57.0526 3484 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0526 3484 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
08:40:57.0541 3484 [ 693DFD92D41A3D270053CD97834E4960 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
08:40:57.0557 3484 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0557 3484 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
08:40:57.0588 3484 [ D886B6D02B51E5BD61B8A571A16D5CA2 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:40:57.0604 3484 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0604 3484 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
08:40:57.0619 3484 [ 2C0ECF7A9D5162D87C64E2AE868B5039 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:40:57.0635 3484 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
08:40:57.0635 3484 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
08:40:57.0635 3484 dmadmin - ok
08:40:57.0697 3484 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:40:57.0854 3484 dmboot - ok
08:40:57.0885 3484 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:40:58.0010 3484 dmio - ok
08:40:58.0041 3484 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:40:58.0166 3484 dmload - ok
08:40:58.0197 3484 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:40:58.0307 3484 dmserver - ok
08:40:58.0338 3484 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:40:58.0447 3484 DMusic - ok
08:40:58.0479 3484 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
08:40:58.0494 3484 DNE - ok
08:40:58.0526 3484 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:40:58.0604 3484 Dnscache - ok
08:40:58.0651 3484 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:40:58.0776 3484 Dot3svc - ok
08:40:58.0822 3484 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
08:40:58.0947 3484 Dot4 - ok
08:40:58.0963 3484 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
08:40:59.0072 3484 Dot4Print - ok
08:40:59.0072 3484 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
08:40:59.0197 3484 dot4usb - ok
08:40:59.0197 3484 dpti2o - ok
08:40:59.0307 3484 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:40:59.0416 3484 drmkaud - ok
08:40:59.0432 3484 [ 73623D89FAEF4D1AA600EDEE8B490BC5 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:40:59.0447 3484 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
08:40:59.0447 3484 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
08:40:59.0447 3484 [ 2AEEE1600D0F14BA535F90A1F4411B54 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:40:59.0447 3484 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
08:40:59.0447 3484 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
08:40:59.0494 3484 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:40:59.0604 3484 EapHost - ok
08:40:59.0697 3484 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
08:40:59.0713 3484 ElbyCDIO - ok
08:40:59.0744 3484 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:40:59.0885 3484 ERSvc - ok
08:40:59.0916 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:40:59.0947 3484 Eventlog - ok
08:40:59.0994 3484 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:41:00.0057 3484 EventSystem - ok
08:41:00.0072 3484 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:41:00.0197 3484 Fastfat - ok
08:41:00.0229 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:41:00.0307 3484 FastUserSwitchingCompatibility - ok
08:41:00.0338 3484 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
08:41:00.0463 3484 Fdc - ok
08:41:00.0479 3484 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:41:00.0588 3484 Fips - ok
08:41:00.0604 3484 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:41:00.0729 3484 Flpydisk - ok
08:41:00.0744 3484 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:41:00.0869 3484 FltMgr - ok
08:41:00.0932 3484 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:41:00.0947 3484 FontCache3.0.0.0 - ok
08:41:00.0963 3484 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:41:01.0072 3484 Fs_Rec - ok
08:41:01.0088 3484 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:41:01.0197 3484 Ftdisk - ok
08:41:01.0229 3484 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:41:01.0244 3484 GEARAspiWDM - ok
08:41:01.0291 3484 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
08:41:01.0307 3484 GoogleDesktopManager-051210-111108 - ok
08:41:01.0354 3484 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:41:01.0463 3484 Gpc - ok
08:41:01.0494 3484 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:41:01.0604 3484 HDAudBus - ok
08:41:01.0682 3484 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:41:01.0791 3484 helpsvc - ok
08:41:01.0901 3484 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
08:41:02.0010 3484 HidBth - ok
08:41:02.0057 3484 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:41:02.0166 3484 HidServ - ok
08:41:02.0213 3484 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:41:02.0338 3484 hidusb - ok
08:41:02.0369 3484 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:41:02.0494 3484 hkmsvc - ok
08:41:02.0494 3484 hpn - ok
08:41:02.0526 3484 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:41:02.0588 3484 HTTP - ok
08:41:02.0604 3484 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:41:02.0713 3484 HTTPFilter - ok
08:41:02.0713 3484 i2omgmt - ok
08:41:02.0729 3484 i2omp - ok
08:41:02.0807 3484 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:41:02.0854 3484 idsvc - ok
08:41:02.0963 3484 [ C135BFF15563592B8EA070EA109967F7 ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
08:41:02.0979 3484 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning
08:41:02.0979 3484 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1)
08:41:03.0026 3484 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:41:03.0135 3484 Imapi - ok
08:41:03.0213 3484 [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
08:41:03.0229 3484 Imapi Helper ( UnsignedFile.Multi.Generic ) - warning
08:41:03.0229 3484 Imapi Helper - detected UnsignedFile.Multi.Generic (1)
08:41:03.0276 3484 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:41:03.0385 3484 ImapiService - ok
08:41:03.0401 3484 ini910u - ok
08:41:03.0588 3484 [ C73A4A48FBB3D00C7DBC6FE4F5E3675F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:41:03.0776 3484 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
08:41:03.0776 3484 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
08:41:03.0776 3484 IntelIde - ok
08:41:03.0822 3484 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:41:03.0932 3484 intelppm - ok
08:41:03.0947 3484 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:41:04.0057 3484 Ip6Fw - ok
08:41:04.0072 3484 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:41:04.0213 3484 IpFilterDriver - ok
08:41:04.0229 3484 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:41:04.0354 3484 IpInIp - ok
08:41:04.0401 3484 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:41:04.0526 3484 IpNat - ok
08:41:04.0572 3484 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:41:04.0619 3484 iPod Service - ok
08:41:04.0635 3484 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:41:04.0744 3484 IPSec - ok
08:41:04.0760 3484 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:41:04.0869 3484 IRENUM - ok
08:41:04.0901 3484 [ DD4C1A21ABD0C41184D3F529421E4650 ] IRRemoteFlt C:\WINDOWS\system32\DRIVERS\IRFilter.sys
08:41:04.0916 3484 IRRemoteFlt ( UnsignedFile.Multi.Generic ) - warning
08:41:04.0916 3484 IRRemoteFlt - detected UnsignedFile.Multi.Generic (1)
08:41:04.0932 3484 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:41:05.0057 3484 isapnp - ok
08:41:05.0135 3484 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
08:41:05.0151 3484 JavaQuickStarterService - ok
08:41:05.0182 3484 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:41:05.0291 3484 Kbdclass - ok
08:41:05.0307 3484 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:41:05.0416 3484 kbdhid - ok
08:41:05.0463 3484 [ 41FFD6CF9745C54FA2310CFEC88EE5ED ] KeyAgent C:\WINDOWS\system32\drivers\KeyAgent.sys
08:41:05.0479 3484 KeyAgent ( UnsignedFile.Multi.Generic ) - warning
08:41:05.0479 3484 KeyAgent - detected UnsignedFile.Multi.Generic (1)
08:41:05.0494 3484 [ F0135C184560C73AACD53AD07A9AA434 ] KeyMagic C:\WINDOWS\system32\DRIVERS\KeyMagic.sys
08:41:05.0510 3484 KeyMagic - ok
08:41:05.0541 3484 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:41:05.0682 3484 kmixer - ok
08:41:05.0713 3484 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:41:05.0791 3484 KSecDD - ok
08:41:05.0822 3484 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:41:05.0885 3484 lanmanserver - ok
08:41:05.0916 3484 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:41:05.0963 3484 lanmanworkstation - ok
08:41:05.0963 3484 lbrtfdc - ok
08:41:06.0026 3484 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
08:41:06.0041 3484 LBTServ - ok
08:41:06.0072 3484 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:41:06.0088 3484 LHidFilt - ok
08:41:06.0119 3484 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:41:06.0244 3484 LmHosts - ok
08:41:06.0322 3484 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:41:06.0338 3484 LMIGuardianSvc - ok
08:41:06.0385 3484 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
08:41:06.0401 3484 LMIInfo - ok
08:41:06.0432 3484 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
08:41:06.0447 3484 LMIMaint - ok
08:41:06.0463 3484 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
08:41:06.0479 3484 lmimirr - ok
08:41:06.0479 3484 LMIRfsClientNP - ok
08:41:06.0494 3484 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
08:41:06.0510 3484 LMIRfsDriver - ok
08:41:06.0557 3484 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:41:06.0572 3484 LMouFilt - ok
08:41:06.0619 3484 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:41:06.0651 3484 LogMeIn - ok
08:41:06.0697 3484 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
08:41:06.0713 3484 LUsbFilt - ok
08:41:06.0744 3484 [ 46AE58F99CD6CD5AB2D160C750D20DDD ] MacHALDriver C:\WINDOWS\system32\drivers\MacHALDriver.sys
08:41:06.0760 3484 MacHALDriver ( UnsignedFile.Multi.Generic ) - warning
08:41:06.0760 3484 MacHALDriver - detected UnsignedFile.Multi.Generic (1)
08:41:06.0791 3484 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
08:41:06.0822 3484 MBAMProtector - ok
08:41:06.0869 3484 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:41:06.0901 3484 MBAMService - ok
08:41:06.0963 3484 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
08:41:06.0979 3484 McciCMService ( UnsignedFile.Multi.Generic ) - warning
08:41:06.0979 3484 McciCMService - detected UnsignedFile.Multi.Generic (1)
08:41:07.0026 3484 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:41:07.0151 3484 Messenger - ok
08:41:07.0182 3484 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:41:07.0307 3484 mnmdd - ok
08:41:07.0338 3484 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:41:07.0463 3484 mnmsrvc - ok
08:41:07.0494 3484 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:41:07.0619 3484 Modem - ok
08:41:07.0651 3484 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:41:07.0760 3484 Mouclass - ok
08:41:07.0760 3484 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:41:07.0885 3484 mouhid - ok
08:41:07.0979 3484 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:41:08.0088 3484 MountMgr - ok
08:41:08.0135 3484 [ 1884AF4BE7622EE267279B5D93CEB582 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:41:08.0151 3484 MozillaMaintenance - ok
08:41:08.0166 3484 mraid35x - ok
08:41:08.0213 3484 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:41:08.0229 3484 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
08:41:08.0229 3484 MREMP50 - detected UnsignedFile.Multi.Generic (1)
08:41:08.0244 3484 MREMPR5 - ok
08:41:08.0244 3484 MRENDIS5 - ok
08:41:08.0260 3484 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:41:08.0276 3484 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
08:41:08.0276 3484 MRESP50 - detected UnsignedFile.Multi.Generic (1)
08:41:08.0291 3484 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:41:08.0416 3484 MRxDAV - ok
08:41:08.0463 3484 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:41:08.0541 3484 MRxSmb - ok
08:41:08.0588 3484 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:41:08.0713 3484 MSDTC - ok
08:41:08.0729 3484 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:41:08.0838 3484 Msfs - ok
08:41:08.0854 3484 MSIServer - ok
08:41:08.0869 3484 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:41:08.0979 3484 MSKSSRV - ok
08:41:08.0979 3484 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:41:09.0104 3484 MSPCLOCK - ok
08:41:09.0119 3484 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:41:09.0260 3484 MSPQM - ok
08:41:09.0291 3484 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:41:09.0401 3484 mssmbios - ok
08:41:09.0416 3484 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:41:09.0526 3484 MSTEE - ok
08:41:09.0572 3484 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:41:09.0588 3484 Mup - ok
08:41:09.0619 3484 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:41:09.0744 3484 NABTSFEC - ok
08:41:09.0807 3484 [ 07B2740CF3294B98380B9E1BF8AB05B8 ] NanoServiceMain C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
08:41:09.0822 3484 NanoServiceMain - ok
08:41:09.0869 3484 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:41:09.0979 3484 napagent - ok
08:41:10.0135 3484 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
08:41:10.0151 3484 NAUpdate - ok
08:41:10.0182 3484 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:41:10.0291 3484 NDIS - ok
08:41:10.0338 3484 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:41:10.0463 3484 NdisIP - ok
08:41:10.0494 3484 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:41:10.0557 3484 NdisTapi - ok
08:41:10.0572 3484 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:41:10.0682 3484 Ndisuio - ok
08:41:10.0776 3484 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:41:10.0885 3484 NdisWan - ok
08:41:10.0916 3484 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:41:10.0963 3484 NDProxy - ok
08:41:10.0994 3484 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:41:11.0119 3484 NetBIOS - ok
08:41:11.0135 3484 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:41:11.0260 3484 NetBT - ok
08:41:11.0291 3484 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:41:11.0416 3484 NetDDE - ok
08:41:11.0416 3484 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:41:11.0526 3484 NetDDEdsdm - ok
08:41:11.0557 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:41:11.0666 3484 Netlogon - ok
08:41:11.0697 3484 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:41:11.0822 3484 Netman - ok
08:41:11.0854 3484 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:41:11.0869 3484 NetTcpPortSharing - ok
08:41:11.0885 3484 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:41:12.0010 3484 NIC1394 - ok
08:41:12.0026 3484 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:41:12.0057 3484 Nla - ok
08:41:12.0104 3484 [ CFEE15A88280D369672DA0E378BBC702 ] NNSALPC C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
08:41:12.0119 3484 NNSALPC - ok
08:41:12.0135 3484 [ 2708799ADC223C4412341F0C68D032E3 ] NNSHTTP C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
08:41:12.0151 3484 NNSHTTP - ok
08:41:12.0166 3484 [ 533F19056B98D9CCE466B64186905BC1 ] NNSIDS C:\WINDOWS\system32\DRIVERS\NNSIds.sys
08:41:12.0182 3484 NNSIDS - ok
08:41:12.0229 3484 [ 5F7A83B1FC6CAE3E46B215F5E5C759E9 ] NNSNAHS C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys
08:41:12.0244 3484 NNSNAHS - ok
08:41:12.0260 3484 [ 1F054C5CA627FCD3983538D74574016B ] NNSPICC C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
08:41:12.0276 3484 NNSPICC - ok
08:41:12.0291 3484 [ 1ABA7D70E4F029892A381C75EE144C16 ] NNSPIHS C:\WINDOWS\system32\DRIVERS\NNSPihs.sys
08:41:12.0307 3484 NNSPIHS - ok
08:41:12.0338 3484 [ 5F8C023775B8F4A0A8FFC93DD0A27285 ] NNSPOP3 C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
08:41:12.0354 3484 NNSPOP3 - ok
08:41:12.0369 3484 [ CA541CE4A1FC034EEC8CFD6C155B9D30 ] NNSPROT C:\WINDOWS\system32\DRIVERS\NNSProt.sys
08:41:12.0385 3484 NNSPROT - ok
08:41:12.0401 3484 [ 938E8CCC7AC5922F2E3DBDF3E7A3035C ] NNSPRV C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
08:41:12.0416 3484 NNSPRV - ok
08:41:12.0447 3484 [ 2458E950F0A0DD9AD08385209B5E1702 ] NNSSMTP C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
08:41:12.0463 3484 NNSSMTP - ok
08:41:12.0463 3484 [ 75D990651236A570C4C80ED56BFB4009 ] NNSSTRM C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
08:41:12.0479 3484 NNSSTRM - ok
08:41:12.0510 3484 [ 9D526B79E7D438056ED7D382AB94019A ] NNSTLSC C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
08:41:12.0526 3484 NNSTLSC - ok
08:41:12.0557 3484 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:41:12.0682 3484 Npfs - ok
08:41:12.0713 3484 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:41:12.0854 3484 Ntfs - ok
08:41:12.0854 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:41:12.0963 3484 NtLmSsp - ok
08:41:13.0026 3484 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:41:13.0151 3484 NtmsSvc - ok
08:41:13.0182 3484 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:41:13.0291 3484 Null - ok
08:41:13.0541 3484 [ F735A156EA89A42EBF004FF9DBB55829 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:41:13.0916 3484 nv ( UnsignedFile.Multi.Generic ) - warning
08:41:13.0916 3484 nv - detected UnsignedFile.Multi.Generic (1)
08:41:13.0947 3484 [ 28727D0F5CA6579890D0B6AD1598C935 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:41:13.0963 3484 NVENETFD ( UnsignedFile.Multi.Generic ) - warning
08:41:13.0963 3484 NVENETFD - detected UnsignedFile.Multi.Generic (1)
08:41:13.0979 3484 [ A3CD61AF33E8B3CC2CC22BD37F867D54 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:41:13.0979 3484 nvnetbus ( UnsignedFile.Multi.Generic ) - warning
08:41:13.0979 3484 nvnetbus - detected UnsignedFile.Multi.Generic (1)
08:41:13.0994 3484 [ B1FB1516FD38E69749886C9BDD357BAB ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
08:41:13.0994 3484 nvsmu ( UnsignedFile.Multi.Generic ) - warning
08:41:13.0994 3484 nvsmu - detected UnsignedFile.Multi.Generic (1)
08:41:14.0010 3484 [ 8108BE2F26248E457B08EC4A5483E1A0 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:41:14.0026 3484 NVSvc ( UnsignedFile.Multi.Generic ) - warning
08:41:14.0026 3484 NVSvc - detected UnsignedFile.Multi.Generic (1)
08:41:14.0057 3484 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:41:14.0182 3484 NwlnkFlt - ok
08:41:14.0213 3484 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:41:14.0338 3484 NwlnkFwd - ok
08:41:14.0369 3484 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:41:14.0494 3484 ohci1394 - ok
08:41:14.0510 3484 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:41:14.0635 3484 Parport - ok
08:41:14.0651 3484 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:41:14.0760 3484 PartMgr - ok
08:41:14.0791 3484 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:41:14.0901 3484 ParVdm - ok
08:41:14.0932 3484 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:41:15.0041 3484 PCI - ok
08:41:15.0041 3484 PCIDump - ok
08:41:15.0057 3484 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:41:15.0182 3484 PCIIde - ok
08:41:15.0197 3484 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:41:15.0322 3484 Pcmcia - ok
08:41:15.0354 3484 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
08:41:15.0369 3484 pcouffin ( UnsignedFile.Multi.Generic ) - warning
08:41:15.0369 3484 pcouffin - detected UnsignedFile.Multi.Generic (1)
08:41:15.0369 3484 PDCOMP - ok
08:41:15.0369 3484 PDFRAME - ok
08:41:15.0385 3484 PDRELI - ok
08:41:15.0385 3484 PDRFRAME - ok
08:41:15.0385 3484 perc2 - ok
08:41:15.0385 3484 perc2hib - ok
08:41:15.0447 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:41:15.0463 3484 PlugPlay - ok
08:41:15.0494 3484 [ F9D3BB81BDF8B279E1F37282CD52A9B5 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
08:41:15.0510 3484 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:41:15.0510 3484 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:41:15.0541 3484 [ DA19E3401F39C10DF193BE029C7E7BBA ] pnetmdm C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
08:41:15.0557 3484 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
08:41:15.0557 3484 pnetmdm - detected UnsignedFile.Multi.Generic (1)
08:41:15.0572 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:41:15.0682 3484 PolicyAgent - ok
08:41:15.0713 3484 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:41:15.0822 3484 PptpMiniport - ok
08:41:15.0838 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:41:15.0947 3484 ProtectedStorage - ok
08:41:15.0963 3484 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:41:16.0088 3484 PSched - ok
08:41:16.0104 3484 [ 8ABBC5F1492BFDE63FEAE2718A630E5C ] PSINAflt C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
08:41:16.0119 3484 PSINAflt - ok
08:41:16.0135 3484 [ D92FD5186C6ED7A0CFE5E4FA69CFEF59 ] PSINFile C:\WINDOWS\system32\DRIVERS\PSINFile.sys
08:41:16.0151 3484 PSINFile - ok
08:41:16.0182 3484 [ C24FA396FF16D8C671D9E5807A0BC8B7 ] PSINKNC C:\WINDOWS\system32\DRIVERS\psinknc.sys
08:41:16.0197 3484 PSINKNC - ok
08:41:16.0213 3484 [ C52B3E1631CFA5E3BBDE6D2558C0CC72 ] PSINProc C:\WINDOWS\system32\DRIVERS\PSINProc.sys
08:41:16.0229 3484 PSINProc - ok
08:41:16.0260 3484 [ 0E4C4813C2AA327229F387E3921E69C3 ] PSINProt C:\WINDOWS\system32\DRIVERS\PSINProt.sys
08:41:16.0276 3484 PSINProt - ok
08:41:16.0307 3484 [ 476769481841007583875023F7ECC4CA ] PSKMAD C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
08:41:16.0307 3484 PSKMAD - ok
08:41:16.0354 3484 [ 98A9D3236C6301503571DE79B86E8538 ] PSUAService C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
08:41:16.0354 3484 PSUAService - ok
08:41:16.0401 3484 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:41:16.0510 3484 Ptilink - ok
08:41:16.0588 3484 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
08:41:16.0604 3484 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
08:41:16.0604 3484 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
08:41:16.0666 3484 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
08:41:16.0697 3484 QBFCService ( UnsignedFile.Multi.Generic ) - warning
08:41:16.0697 3484 QBFCService - detected UnsignedFile.Multi.Generic (1)
08:41:16.0697 3484 ql1080 - ok
08:41:16.0713 3484 Ql10wnt - ok
08:41:16.0729 3484 ql12160 - ok
08:41:16.0729 3484 ql1240 - ok
08:41:16.0729 3484 ql1280 - ok
08:41:16.0760 3484 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:41:16.0885 3484 RasAcd - ok
08:41:16.0916 3484 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:41:17.0026 3484 RasAuto - ok
08:41:17.0072 3484 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:41:17.0229 3484 Rasl2tp - ok
08:41:17.0276 3484 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:41:17.0385 3484 RasMan - ok
08:41:17.0401 3484 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:41:17.0510 3484 RasPppoe - ok
08:41:17.0526 3484 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:41:17.0651 3484 Raspti - ok
08:41:17.0666 3484 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:41:17.0776 3484 Rdbss - ok
08:41:17.0791 3484 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:41:17.0916 3484 RDPCDD - ok
08:41:17.0932 3484 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:41:18.0057 3484 rdpdr - ok
08:41:18.0104 3484 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:41:18.0166 3484 RDPWD - ok
08:41:18.0197 3484 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:41:18.0322 3484 RDSessMgr - ok
08:41:18.0338 3484 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:41:18.0463 3484 redbook - ok
08:41:18.0494 3484 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:41:18.0604 3484 RemoteAccess - ok
08:41:18.0635 3484 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:41:18.0760 3484 RemoteRegistry - ok
08:41:18.0791 3484 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:41:18.0901 3484 RFCOMM - ok
08:41:18.0932 3484 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
08:41:19.0057 3484 ROOTMODEM - ok
08:41:19.0088 3484 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:41:19.0197 3484 RpcLocator - ok
08:41:19.0229 3484 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:41:19.0260 3484 RpcSs - ok
08:41:19.0291 3484 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:41:19.0416 3484 RSVP - ok
08:41:19.0432 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:41:19.0557 3484 SamSs - ok
08:41:19.0557 3484 SASKUTIL - ok
08:41:19.0588 3484 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
08:41:19.0697 3484 sbp2port - ok
08:41:19.0729 3484 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:41:19.0838 3484 SCardSvr - ok
08:41:19.0885 3484 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:41:20.0010 3484 Schedule - ok
08:41:20.0026 3484 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:41:20.0151 3484 Secdrv - ok
08:41:20.0151 3484 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:41:20.0260 3484 seclogon - ok
08:41:20.0276 3484 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:41:20.0401 3484 SENS - ok
08:41:20.0416 3484 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
08:41:20.0526 3484 Serial - ok
08:41:20.0557 3484 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:41:20.0666 3484 Sfloppy - ok
08:41:20.0713 3484 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:41:20.0838 3484 SharedAccess - ok
08:41:20.0869 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:41:20.0885 3484 ShellHWDetection - ok
08:41:20.0901 3484 Simbad - ok
08:41:20.0979 3484 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:41:20.0994 3484 SkypeUpdate - ok
08:41:21.0057 3484 [ 0973BD0931BF4D0DFB1885BD464E9766 ] SlingAgentService C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
08:41:21.0072 3484 SlingAgentService - ok
08:41:21.0119 3484 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:41:21.0229 3484 SLIP - ok
08:41:21.0260 3484 [ E0F0F9B03FE292378384BF658148AC32 ] SndTAudio C:\WINDOWS\system32\drivers\SndTAudio.sys
08:41:21.0276 3484 SndTAudio ( UnsignedFile.Multi.Generic ) - warning
08:41:21.0276 3484 SndTAudio - detected UnsignedFile.Multi.Generic (1)
08:41:21.0307 3484 [ 98E05705E6543D09049186959EE23DE3 ] SndTVideo C:\WINDOWS\system32\DRIVERS\SndTVideo.sys
08:41:21.0322 3484 SndTVideo ( UnsignedFile.Multi.Generic ) - warning
08:41:21.0322 3484 SndTVideo - detected UnsignedFile.Multi.Generic (1)
08:41:21.0338 3484 Sparrow - ok
08:41:21.0338 3484 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:41:21.0463 3484 splitter - ok
08:41:21.0494 3484 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:41:21.0526 3484 Spooler - ok
08:41:21.0541 3484 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:41:21.0651 3484 sr - ok
08:41:21.0697 3484 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:41:21.0807 3484 srservice - ok
08:41:21.0854 3484 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:41:21.0885 3484 Srv - ok
08:41:21.0932 3484 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
08:41:21.0979 3484 sscdbus - ok
08:41:22.0010 3484 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
08:41:22.0072 3484 sscdmdfl - ok
08:41:22.0104 3484 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
08:41:22.0135 3484 sscdmdm - ok
08:41:22.0166 3484 [ 9FA66E361A99F8920C7609BAE6814A0E ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
08:41:22.0182 3484 sscdserd - ok
08:41:22.0229 3484 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:41:22.0338 3484 SSDPSRV - ok
08:41:22.0385 3484 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:41:22.0494 3484 stisvc - ok
08:41:22.0541 3484 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:41:22.0666 3484 streamip - ok
08:41:22.0697 3484 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:41:22.0807 3484 swenum - ok
08:41:22.0822 3484 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:41:22.0932 3484 swmidi - ok
08:41:22.0947 3484 SwPrv - ok
08:41:22.0947 3484 symc810 - ok
08:41:22.0947 3484 symc8xx - ok
08:41:22.0947 3484 sym_hi - ok
08:41:22.0963 3484 sym_u3 - ok
08:41:22.0979 3484 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:41:23.0088 3484 sysaudio - ok
08:41:23.0119 3484 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:41:23.0244 3484 SysmonLog - ok
08:41:23.0260 3484 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:41:23.0385 3484 TapiSrv - ok
08:41:23.0432 3484 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:41:23.0447 3484 Tcpip - ok
08:41:23.0479 3484 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:41:23.0604 3484 TDPIPE - ok
08:41:23.0619 3484 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:41:23.0744 3484 TDTCP - ok
08:41:24.0104 3484 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
08:41:24.0197 3484 TeamViewer7 - ok
08:41:24.0244 3484 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:41:24.0369 3484 TermDD - ok
08:41:24.0401 3484 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:41:24.0526 3484 TermService - ok
08:41:24.0541 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:41:24.0557 3484 Themes - ok
08:41:24.0588 3484 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:41:24.0729 3484 TlntSvr - ok
08:41:24.0729 3484 TosIde - ok
08:41:24.0744 3484 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:41:24.0869 3484 TrkWks - ok
08:41:24.0885 3484 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:41:25.0010 3484 Udfs - ok
08:41:25.0010 3484 ultra - ok
08:41:25.0057 3484 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:41:25.0197 3484 Update - ok
08:41:25.0229 3484 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:41:25.0338 3484 upnphost - ok
08:41:25.0354 3484 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:41:25.0479 3484 UPS - ok
08:41:25.0510 3484 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:41:25.0588 3484 USBAAPL - ok
08:41:25.0619 3484 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:41:25.0729 3484 usbaudio - ok
08:41:25.0776 3484 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:41:25.0885 3484 usbccgp - ok
08:41:25.0885 3484 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:41:26.0010 3484 usbehci - ok
08:41:26.0010 3484 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:41:26.0135 3484 usbhub - ok
08:41:26.0166 3484 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:41:26.0276 3484 usbohci - ok
08:41:26.0322 3484 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:41:26.0432 3484 usbprint - ok
08:41:26.0479 3484 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:41:26.0588 3484 usbscan - ok
08:41:26.0619 3484 [ C0488CC01A1C686B08A3D360C7F50324 ] usbser C:\WINDOWS\system32\DRIVERS\V-usbser.sys
08:41:26.0635 3484 usbser ( UnsignedFile.Multi.Generic ) - warning
08:41:26.0635 3484 usbser - detected UnsignedFile.Multi.Generic (1)
08:41:26.0666 3484 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:41:26.0776 3484 USBSTOR - ok
08:41:26.0807 3484 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
08:41:26.0932 3484 usbvideo - ok
08:41:26.0947 3484 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:41:27.0041 3484 usb_rndisx - ok
08:41:27.0072 3484 [ D394CA7C348720737F84E3A394D7FF4D ] vadspdif C:\WINDOWS\system32\DRIVERS\vadspdif.sys
08:41:27.0088 3484 vadspdif - ok
08:41:27.0119 3484 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:41:27.0229 3484 VgaSave - ok
08:41:27.0244 3484 ViaIde - ok
08:41:27.0244 3484 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:41:27.0369 3484 VolSnap - ok
08:41:27.0401 3484 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:41:27.0510 3484 VSS - ok
08:41:27.0526 3484 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:41:27.0635 3484 Wanarp - ok
08:41:27.0682 3484 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
08:41:27.0729 3484 wceusbsh - ok
08:41:27.0776 3484 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:41:27.0807 3484 Wdf01000 - ok
08:41:27.0807 3484 WDICA - ok
08:41:27.0822 3484 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:41:27.0947 3484 wdmaud - ok
08:41:27.0994 3484 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:41:28.0104 3484 WebClient - ok
08:41:28.0182 3484 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:41:28.0291 3484 winmgmt - ok
08:41:28.0338 3484 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:41:28.0354 3484 WmdmPmSN - ok
08:41:28.0416 3484 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:41:28.0447 3484 Wmi - ok
08:41:28.0510 3484 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:41:28.0619 3484 WmiApSrv - ok
08:41:28.0729 3484 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:41:28.0791 3484 WMPNetworkSvc - ok
08:41:28.0822 3484 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:41:28.0854 3484 WpdUsb - ok
08:41:28.0901 3484 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:41:29.0026 3484 wscsvc - ok
08:41:29.0057 3484 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:41:29.0182 3484 WSTCODEC - ok
08:41:29.0197 3484 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:41:29.0322 3484 wuauserv - ok
08:41:29.0369 3484 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:41:29.0401 3484 WudfPf - ok
08:41:29.0432 3484 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:41:29.0447 3484 WudfRd - ok
08:41:29.0463 3484 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:41:29.0479 3484 WudfSvc - ok
08:41:29.0526 3484 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:41:29.0666 3484 WZCSVC - ok
08:41:29.0729 3484 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:41:29.0838 3484 xmlprov - ok
08:41:29.0869 3484 ================ Scan global ===============================
08:41:29.0901 3484 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:41:29.0947 3484 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:41:29.0963 3484 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:41:29.0979 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:41:29.0979 3484 [Global] - ok
08:41:29.0979 3484 ================ Scan MBR ==================================
08:41:29.0994 3484 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:41:30.0307 3484 \Device\Harddisk0\DR0 - ok
08:41:30.0307 3484 ================ Scan VBR ==================================
08:41:30.0338 3484 [ 4628F295EBBF0A2D58EF655DBE5A16CC ] \Device\Harddisk0\DR0\Partition1
08:41:30.0338 3484 \Device\Harddisk0\DR0\Partition1 - ok
08:41:30.0338 3484 [ 62C6BEE322976FFE159DA09C65412A07 ] \Device\Harddisk0\DR0\Partition2
08:41:30.0338 3484 \Device\Harddisk0\DR0\Partition2 - ok
08:41:30.0338 3484 [ 50CB6D00F3BFF40AC79F6A3F9DC627C0 ] \Device\Harddisk0\DR0\Partition3
08:41:30.0338 3484 \Device\Harddisk0\DR0\Partition3 - ok
08:41:30.0338 3484 [ 55786FDEE0DFA7B72D05D534C1121B53 ] \Device\Harddisk0\DR0\Partition4
08:41:30.0338 3484 \Device\Harddisk0\DR0\Partition4 - ok
08:41:30.0354 3484 [ 55786FDEE0DFA7B72D05D534C1121B53 ] \Device\Harddisk0\DR0\Partition5
08:41:30.0354 3484 \Device\Harddisk0\DR0\Partition5 - ok
08:41:30.0354 3484 ============================================================
08:41:30.0354 3484 Scan finished
08:41:30.0354 3484 ============================================================
08:41:30.0463 4932 Detected object count: 37
08:41:30.0463 4932 Actual detected object count: 37
08:42:00.0854 4932 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0854 4932 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0854 4932 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0854 4932 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 CVirtA ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 CVirtA ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0869 4932 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0869 4932 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 Imapi Helper ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 Imapi Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 IRRemoteFlt ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 IRRemoteFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 KeyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 KeyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 MacHALDriver ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 MacHALDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 nv ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 NVENETFD ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0885 4932 NVENETFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0885 4932 nvnetbus ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 nvnetbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 nvsmu ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 nvsmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0901 4932 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0901 4932 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0916 4932 SndTAudio ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0916 4932 SndTAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0916 4932 SndTVideo ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0916 4932 SndTVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:42:00.0916 4932 usbser ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:00.0916 4932 usbser ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#13
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
# AdwCleaner v2.000 - Logfile created 09/01/2012 at 08:52:06
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mark Hritz - MARK-OSX
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mark Hritz\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\Ask.xml
File Found : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\Conduit
Folder Found : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\ConduitCommon
Folder Found : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\CT1060933
Folder Found : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\CompeteInc
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-1343024091-789336058-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-1343024091-789336058-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Wed Aug 22 2012 08:09:34 GMT-0400 (Eastern Daylight[...]
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Thu Aug 30 2012 15:50:09 GMT-0400 (Eastern D[...]
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "31-8-2012");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri Aug 31 2012 08:08:57 GMT-0400 (Eastern Daylig[...]
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Aug 29 2012 10:08:22 GMT-0400 (Eastern [...]
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "20-7-2010");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FirstTimeSettingsDone", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", false);
Found : user_pref("CT1060933.GroupingInvalidateCache", false);
Found : user_pref("CT1060933.GroupingLastCheckTime", "0");
Found : user_pref("CT1060933.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", false);
Found : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://www.google.com/");
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Tue Jul 20 2010 01:04:47 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Thu Aug 30 2012 09:38:42 GMT-0400 (Eastern Dayligh[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_2.7.1.3", "Fri May 27 2011 12:21:50 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT1060933.LastLogin_3.10.0.1", "Sat Mar 17 2012 06:51:53 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 09:54:24 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Fri Apr 27 2012 10:29:13 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Wed Jun 27 2012 11:18:47 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Jul 21 2012 07:02:04 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Aug 31 2012 07:17:18 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Sat Aug 13 2011 09:45:32 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT1060933.LastLogin_3.8.0.8", "Fri Nov 11 2011 15:55:48 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT1060933.LastLogin_3.8.1.0", "Sun Dec 25 2011 09:50:53 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Sat Feb 04 2012 15:54:41 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.LoginCache", 4);
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipShow", false);
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Thu Aug 30 2012 09:39:18 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Found : user_pref("CT1060933.SearchBoxWidth", 152);
Found : user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "AVG Secure Search");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Thu Aug 30 2012 09:38:41 GMT-0400 (Eastern Dayli[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1060933.SearchProtectorEnabled", false);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Thu Aug 30 2012 09:38:41 GMT-0400 (Eastern Daylight [...]
Found : user_pref("CT1060933.SettingsCheckIntervalMin", 120);
Found : user_pref("CT1060933.SettingsLastCheckTime", "Thu Aug 30 2012 15:17:21 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1346236895");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Aug 22 2012 08:08:16 GMT-0400 (Eastern Day[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN27064476820221033");
Found : user_pref("CT1060933.ValidationData_Search", 2);
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6B6D73727170");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737575717379787776242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7<79f8k>>&qfi", "247E61393F236B25737276792A212C6E414F[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;[email protected]=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7c==!ahe%peh", "247E61393F236B25707875722A212C6E414F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj:[email protected](shk", "247E61393F236B25746F77712A212C6E41[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj<f86?=e>cg?amhjf-xmp", "247E61393F236B25707875792A212[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj=<>::j>$odg", "247E61393F236B25717171752A212C6E414F44[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj=j8jf\"mbe", "247E61393F236B25717871792A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjdfhh6\"mbe", "247E61393F236B256E7374792A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!la$=h", "247E61393F236B25767179722A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjgck:i\"mbe", "247E61393F236B256E7373742A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjhj>b?iodmakru*ujm", "247E61393F236B25717171792A212C6E[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cji>k3?a#nc&?j", "247E61393F236B257677287E2A6C3F4D424B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B307[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cji?ckmmo$odg", "247E61393F236B257373287E2A6C3F4D424B30[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6F3B706A6A7174727A477244482048494E7A257A52237D2A27[...]
Found : user_pref("CT1060933.backendstorage./[email protected]:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "3A3E69413D7074727A72774546784B7A7A4E4F7A24");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6F6F6B6D73727570707277");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT1060933.backendstorage.cb_experience_000", "343331");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423436353139363536323032385F46697265666F78")[...]
Found : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5765642044656320313420323031312030393A32323A34312[...]
Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "5361742053657020303120323031322032333A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT1060933.backendstorage.url_history", "68747470733A2F2F70617970616C6D616E616765722E70617[...]
Found : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F717569636B656E2E696E747569742E6[...]
Found : user_pref("CT1060933.clientLogIsEnabled", true);
Found : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Wed Aug 22 2012 08:09:34 GMT-0400 (Eastern [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", false);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Thu Aug 30 2012 09:38:42 GMT-0400 (Eastern D[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Wed Aug 22 2012 08:09:33 GMT-0400 (Eastern D[...]
Found : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Mark Hritz\\Applic[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.applian.com/freecorder-gadget/loader.[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://us.yhs.search.yahoo.com/avg/searc[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 27 2011 13:34:35 GMT-04[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Aug 13 2011 09:45:41 GMT-0400 (Easte[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Aug 13 2011 09:45:30 GMT-0400 (Eastern D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{87b71d38-f7a5-484b-a6d8-2c1f38d982af}");
Found : user_pref("CommunityToolbar.globalUserId", "76632b9f-108f-499e-925f-d49c146dc10d");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 29 2012 08:09:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Aug 30 2012 09:39:29 GMT-040[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Aug 30 2012 09:39:21 GMT-0400 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "afb73e10-6d1c-4449-9479-3de9c55d93ca");
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("[email protected]", true);
Found : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&g[...]

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [31639 octets] - [01/09/2012 08:52:06]

########## EOF - C:\AdwCleaner[R1].txt - [31700 octets] ##########
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi, :)

OK, let's see if we can get OTL to stop the process and delete the SASCORE.EXE file. If that doesn't do it we will use the SuperAntiSpyware removal tool.
Next we'll kill what the scans have found and see where we are. A new variant of the zero access rootkit has just been found so I want to scan for that as well.

If you have disabled SpyBot's TeaTimer we will start. Please carefully read the instructions. It may be helpful to print them out before starting.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:SERVICES
!SASCORE

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://localhost:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\..\SearchScopes\{F7926C8D-7B78-4838-A95E-EC82CDB8E326}: "URL" = http://us.yhs.search...p=
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Ask.com
FF - prefs.js..extensions.enabledItems: [email protected]:6.010.023.001
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2010/12/07 16:54:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/07 16:53:15 | 000,000,000 | ---D | M]
[2009/03/27 19:18:29 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\ask.xml
[2010/08/23 14:34:27 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\askcom.xml
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/04/05 11:09:49 | 000,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O33 - MountPoints2\{18d45278-f5cc-11de-9745-00236ca11623}\Shell\Shell00\Command - "" = E:\Start.exe
[2012/08/30 10:52:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 15a4099b-58b9-4a04-bbe9-2874d64da065.job
[2012/08/29 02:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a7a39e0b-48ad-48ff-a472-5f8bd268fb29.job

:FILES
ipconfig /flushdns /c
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run AdwCleaner Fix

Re-open AdwCleaner
  • Click the Delete button and wait for the scan.
    Posted Image
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[S1].txt


Step-3.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
%systemdrive%\$Recycle.Bin|@;true;true;true
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • The Include 64bit Scans box should not be checked
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extras Registry section, click the radio button beside Use Safelist<---Very Important
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-4.

Run RogueKiller

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-7.

Things For Your Next Post:
1. The OTL fixes log
2. The AdwCleaner[S1].txt log
3. The new OTL.txt log
4. The Extras.txt log
5. The REreport.txt log
6. How is the computer running?
  • 0

#15
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service !SASCORE stopped successfully!
Service !SASCORE deleted successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7926C8D-7B78-4838-A95E-EC82CDB8E326}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7926C8D-7B78-4838-A95E-EC82CDB8E326}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.babylo...=browsersearch" removed from browser.search.defaulturl
Prefs.js: "Ask.com removed from browser.search.order.1
Prefs.js: [email protected]:6.010.023.001 removed from extensions.enabledItems
Prefs.js: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8118 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 8118 removed from network.proxy.ssl_port
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f963a5b-e555-4543-90e2-c3908898db71}\ not found.
File C:\Program Files\AVG\AVG10\Firefox\ not found.
C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\ask.xml moved successfully.
C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\searchplugins\askcom.xml moved successfully.
File C:\Program Files\mozilla firefox\plugins\npViewpoint.dll not found.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18d45278-f5cc-11de-9745-00236ca11623}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18d45278-f5cc-11de-9745-00236ca11623}\ not found.
File E:\Start.exe not found.
File C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 15a4099b-58b9-4a04-bbe9-2874d64da065.job not found.
File C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a7a39e0b-48ad-48ff-a472-5f8bd268fb29.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mark Hritz\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark Hritz\Desktop\cmd.txt deleted successfully.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 9460941 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mark Hritz
->Temp folder emptied: 806385507 bytes
->Temporary Internet Files folder emptied: 266234405 bytes
->Java cache emptied: 167295 bytes
->FireFox cache emptied: 236177313 bytes
->Google Chrome cache emptied: 312334720 bytes
->Flash cache emptied: 77920 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 211098687 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19761795 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 254689178 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 193650787 bytes

Total Files Cleaned = 2,205.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09022012_075201

Files\Folders moved on Reboot...
C:\Documents and Settings\Mark Hritz\Local Settings\Temp\WCESLog.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP