Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rogue:js/FakePav and Virtool:Win32/obfuscator.xg [Solved]

Started by jp17315 , Nov 23 2012 08:15 PM

  • This topic is locked This topic is locked

#1
jp17315
Posted 23 November 2012 - 08:15 PM

jp17315

    Member

  • Member
  • PipPipPip
  • 127 posts
I found these in MSE quarantine area this morning, Rogue:js/FakePav and Virtool:Win32/obfuscator.xg. I downloaded OTL and I am posting its log file to make sure system is clean. Some symptoms that I am experiencing is when I run IE it takes about 5 min to load the homepage. Firefox loads in about 10 seconds. This is a relatives computer that I am trying to clean.

Thanks for your help.



OTL logfile created on: 11/23/2012 8:55:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\djokrall\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.98% Memory free
3.98 Gb Paging File | 2.83 Gb Available in Paging File | 70.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.48 Gb Total Space | 360.37 Gb Free Space | 78.95% Space Free | Partition Type: NTFS
Drive D: | 9.28 Gb Total Space | 1.28 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: DJOKRALL-PC | User Name: djokrall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Downloads\OTL.exe
PRC - [2012/11/17 17:41:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/11/07 16:29:30 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/10/24 12:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/10/11 11:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2010/04/29 09:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/04/11 02:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/17 17:41:29 | 014,586,808 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/10/24 12:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/07/17 03:11:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll


========== Services (SafeList) ==========

SRV - [2012/11/17 17:41:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/07 16:29:50 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/11/07 16:29:48 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 04:49:47 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/17 03:11:21 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 08:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 08:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2976654
IE - HKLM\..\SearchScopes\{CF446D0F-3D66-4EC7-ADA6-CB849752F032}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001c258900cc
IE - HKCU\..\SearchScopes\{14E57420-8F0A-4479-9831-19765F4BF88D}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...5B-9BE019499DC9
IE - HKCU\..\SearchScopes\{20BD4B27-9490-47A9-8EF3-B07A4D634B4A}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....0120625,0,0,0,0
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{5A6CF06D-7D23-4071-A02D-A50176EC5979}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...ion=2.5.18000.3
IE - HKCU\..\SearchScopes\{5E063DB8-80C1-4FAC-A81E-46A6EFD297BC}: "URL" = http://search.yahoo....,18175,0,0,6484
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNRM_en
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupon...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{A8B6F467-0D68-48AC-9D49-BCBC5229AE24}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80291&lng=en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=DgW52S5Su3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com...911=1353192691"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121008104707
FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:10.13.40.15
FF - prefs.js..keyword.URL: "http://mystart.incre...2S5Su3&search="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin: C:\Program Files\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll (BringMeSports)
FF - HKLM\Software\MozillaPlugins\@ei.iWon_5k.com/Plugin: C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/10/07 15:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WeatherBlink\bar\1.bin [2012/10/07 15:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 17:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/17 17:35:17 | 000,000,000 | ---D | M]

[2012/09/03 16:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Extensions
[2012/11/18 12:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions
[2012/11/18 12:14:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/18 06:12:01 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2012/10/07 15:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions
[2011/11/05 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/03 16:49:04 | 000,000,000 | ---D | M] (Game Master 2.1 Community Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}
[2011/11/05 18:25:03 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012/06/26 05:57:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/19 09:44:05 | 000,000,000 | ---D | M] (ShopToWin8) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}
[2012/09/23 17:10:24 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\39ffxtbr@MapsGalaxy_39.com
[2012/09/03 16:49:02 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/08/13 14:51:57 | 000,000,000 | ---D | M] ("Game Discovery") -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2011/12/28 17:35:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/06/16 13:22:18 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/09/27 08:05:48 | 000,000,000 | ---D | M] (WeatherBlink) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/01/20 15:19:03 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2011/10/24 10:21:43 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/07/19 09:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\extensionManager
[2012/08/13 14:51:53 | 000,021,674 | ---- | M] () (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/07/12 16:04:08 | 000,000,598 | ---- | M] () (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox\validators\VBExpiredValidator.js
[2012/10/13 13:00:47 | 000,002,185 | ---- | M] () -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\searchplugins\MyStart Search.xml
[2012/11/17 17:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 17:02:42 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/25 09:41:58 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml
[2011/12/28 16:35:21 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/03 14:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/08/25 14:57:15 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/16 10:15:49 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober20211941.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifcondhjchebdnckhimgoancfmfggbe\1.15.132_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (no name) - !{364ea597-e728-4ce4-bb4a-ed846ef47970} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38423836-BD19-40F9-9050-4DDC6EF47611}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 06:23:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 16:29:48 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/11/03 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanaticEI
[2012/11/03 14:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\BringMeSports_1cEI

========== Files - Modified Within 30 Days ==========

[2012/11/23 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 20:17:04 | 000,640,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/23 20:17:04 | 000,118,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 20:10:52 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 20:10:48 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/11/23 20:10:48 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/11/23 20:10:47 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/11/23 20:10:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 20:10:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 20:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 20:10:26 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 19:01:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 18:00:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/11/21 07:24:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/11/18 11:07:19 | 000,000,166 | ---- | M] () -- C:\Users\djokrall\Desktop\Yahoo!.url
[2012/11/17 17:38:34 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 17:35:17 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 16:23:49 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 06:48:58 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/11/15 03:32:56 | 000,318,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 03:13:05 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/11/06 13:48:30 | 000,000,189 | ---- | M] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url

========== Files Created - No Company Name ==========

[2012/11/17 17:35:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 17:35:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/06 13:48:30 | 000,000,189 | ---- | C] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url
[2012/08/19 18:22:42 | 000,172,448 | ---- | C] () -- C:\Program Files\5zres.dll
[2012/08/19 18:21:33 | 000,172,440 | ---- | C] () -- C:\Program Files\2pres.dll
[2012/08/19 18:20:33 | 000,172,448 | ---- | C] () -- C:\Program Files\1cres.dll
[2012/08/19 18:17:35 | 000,172,464 | ---- | C] () -- C:\Program Files\20res.dll
[2012/06/23 18:32:25 | 000,172,456 | ---- | C] () -- C:\Program Files\14res.dll
[2012/04/03 13:01:19 | 000,006,144 | ---- | C] () -- C:\Users\djokrall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 16:28:41 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/02 10:03:42 | 000,011,948 | -HS- | C] () -- C:\Users\djokrall\AppData\Local\p5b76gj2m278
[2011/06/02 10:03:42 | 000,011,948 | -HS- | C] () -- C:\ProgramData\p5b76gj2m278
[2011/05/11 17:57:23 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/04/21 09:46:23 | 000,011,916 | -HS- | C] () -- C:\Users\djokrall\AppData\Local\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3
[2011/04/21 09:46:23 | 000,011,916 | -HS- | C] () -- C:\ProgramData\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3
[2011/02/19 23:22:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/19 23:21:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/19 22:20:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/19 19:07:05 | 000,103,720 | ---- | C] () -- C:\Users\djokrall\GoToAssistDownloadHelper.exe
[2011/02/19 16:26:21 | 000,000,680 | ---- | C] () -- C:\Users\djokrall\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/23 15:29:40 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Activeris
[2012/05/13 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Auslogics
[2011/12/28 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Babylon
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\DriverCure
[2012/08/25 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\FreeBurner
[2011/07/02 09:46:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\funkitron
[2012/06/03 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\GameCards
[2011/05/19 16:23:38 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\iWin
[2012/06/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\MusicNet
[2012/06/23 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Nuance
[2012/06/23 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Oberon Media
[2011/08/21 17:41:48 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\OpenCandy
[2011/12/20 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\OpenOffice.org
[2012/05/27 10:00:02 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\ParetoLogic
[2012/06/01 06:15:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PC Cleaners
[2012/06/01 06:15:46 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PCPro
[2011/03/26 14:04:38 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\RebateInformer
[2011/05/08 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Sammsoft
[2011/02/19 16:17:07 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Snapfish
[2012/06/26 06:12:34 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedMaxPc
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedyPC Software
[2012/10/27 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Systweak
[2011/04/18 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Tific
[2012/08/12 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Triplay
[2011/12/28 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WeatherBug
[2012/06/03 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WildTangent
[2011/02/27 17:27:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WinBatch
[2012/05/17 13:01:03 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\djokrall\Documents\justin romero.eml:OECustomProperty
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7D6E8689
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A64A7256
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4E85037E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C46995DA

< End of report >
  • 0

Advertisements

#2
Jasmyne
Posted 23 November 2012 - 08:27 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • Please follow my instructions carefully and in the order they are posted.
  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • lease note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean. Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!
With that all stated, let's get started! :)

While I go over the OTL log you've posted could you please look the in the location that OTL was run from and post the Extras.txt. It should be in C:\Users\djokrall\Downloads.
  • 0

#3
jp17315
Posted 23 November 2012 - 09:35 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Here is the extra log:



OTL Extras logfile created on: 11/23/2012 8:12:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\djokrall\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 58.87% Memory free
3.98 Gb Paging File | 3.23 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.48 Gb Total Space | 360.45 Gb Free Space | 78.96% Space Free | Partition Type: NTFS
Drive D: | 9.28 Gb Total Space | 1.28 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: DJOKRALL-PC | User Name: djokrall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A8580E-A106-4505-9978-3F32D13B774F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{05DA4230-AC02-4194-8B7E-4AFA6835FE99}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe |
"{0A46CB31-AA7D-41E8-822D-4CE21E3EC714}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{1051D092-0E82-4F58-B06D-946048213D10}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{1E24DFE5-1FDD-474C-BF5D-A8C989748C97}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2F6C4CC8-DE4B-43A6-9325-D1F009CE2370}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe |
"{32E2B869-1B24-4C0F-8CD5-E14F8C20B427}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe |
"{5F89F5FC-E26A-4BB9-A06F-722075B758E1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{872CA458-8B17-44BA-9687-A3548F356F9A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8C635867-0624-43C0-B798-3A2896519173}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{96A07AC8-0019-4D79-B355-27612066DB97}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe |
"{AEE1BDA7-113F-453D-8C52-599DB348F793}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D9D257D3-34D0-4C55-BD39-F8893305AA20}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DA19C120-5431-4038-A3B4-DFF0F1A5B194}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{F98315EB-DD66-4F61-B6D6-C628E1DAA0A7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{70881A4A-16C8-4F79-8983-F9AA7832E31F}C:\users\djokrall\appdata\local\apps\2.0\jccv63vm.wg4\3elyyj74.4zq\mymu..tion_da82e680ae126aed_0002.0000_ab4080c725f8a56e\mymusiccloud sync agent.exe" = protocol=6 | dir=in | app=c:\users\djokrall\appdata\local\apps\2.0\jccv63vm.wg4\3elyyj74.4zq\mymu..tion_da82e680ae126aed_0002.0000_ab4080c725f8a56e\mymusiccloud sync agent.exe |
"UDP Query User{B976A73C-0060-4590-AF7F-274CD01FA68D}C:\users\djokrall\appdata\local\apps\2.0\jccv63vm.wg4\3elyyj74.4zq\mymu..tion_da82e680ae126aed_0002.0000_ab4080c725f8a56e\mymusiccloud sync agent.exe" = protocol=17 | dir=in | app=c:\users\djokrall\appdata\local\apps\2.0\jccv63vm.wg4\3elyyj74.4zq\mymu..tion_da82e680ae126aed_0002.0000_ab4080c725f8a56e\mymusiccloud sync agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111174417}" = Hotel Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112241997}" = Jewel Quest 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11994487}" = Vesuvia
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"amg-alohasolitaire" = Aloha Solitaire
"amg-texttwist2" = TextTwist 2
"am-jewelquestrsolitaire" = Jewel Quest® Solitaire
"am-mahjongescapetmancientchina" = Mahjong Escape™ - Ancient China
"am-supergamehousesolitairevolume2" = Super GameHouse Solitaire Volume 2
"am-supermahjong" = Super Mahjong
"am-supertexttwist" = Super TextTwist
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"FileHippo.com" = FileHippo.com Update Checker
"Game Discovery" = Game Discovery
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Rapport_msi" = Rapport
"Setup Support for Weatherbug" = Setup Support for Weatherbug 1.0
"Web Games Player Plugin" = Web Games Player Plugin
"WildTangent hp Master Uninstall" = HP Games
"WTA-90b3d5f5-12fc-424f-9370-5ce50351366f" = SpiderMania Solitaire
"WTA-a2a18a32-089b-455c-a853-f0ade69e01a3" = Gold Rush Deluxe
"WTA-cc7e864a-a0b7-423f-a85c-9a7d861e7e79" = Bejeweled 3
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2012 7:09:21 AM | Computer Name = djokrall-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2012 7:29:23 AM | Computer Name = djokrall-PC | Source = VSS | ID = 8194
Description =

Error - 11/19/2012 7:31:20 AM | Computer Name = djokrall-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2012 7:39:43 AM | Computer Name = djokrall-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2012 7:39:43 AM | Computer Name = djokrall-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2012 7:39:43 AM | Computer Name = djokrall-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/20/2012 5:46:21 AM | Computer Name = djokrall-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/20/2012 5:50:44 AM | Computer Name = djokrall-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/20/2012 5:50:44 AM | Computer Name = djokrall-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/20/2012 5:50:44 AM | Computer Name = djokrall-PC | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 11/22/2012 7:47:43 AM | Computer Name = djokrall-PC | Source = DCOM | ID = 10010
Description =

Error - 11/22/2012 8:48:12 PM | Computer Name = djokrall-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/23/2012 8:56:36 AM | Computer Name = djokrall-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001C258900CC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/23/2012 9:03:31 AM | Computer Name = djokrall-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/23/2012 11:28:24 AM | Computer Name = djokrall-PC | Source = DCOM | ID = 10010
Description =

Error - 11/23/2012 4:52:57 PM | Computer Name = djokrall-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/23/2012 4:57:20 PM | Computer Name = djokrall-PC | Source = DCOM | ID = 10010
Description =

Error - 11/23/2012 8:03:36 PM | Computer Name = djokrall-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/23/2012 8:09:17 PM | Computer Name = djokrall-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/23/2012 8:12:38 PM | Computer Name = djokrall-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

#4
Jasmyne
Posted 24 November 2012 - 08:51 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I've got quite a few scans for you that will hopefully remove most of what is there, if you have any questions let me know. :)

Step 1 Let's get rid of the bad toolbars.
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that.


Step 2 Run RogueKiller
  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.

Step 3 Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4 Finally, let's get a fresh OTL Scan.
  • First, move OTL from your downloads folder to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. adwCleaner Log
2. RogueKiller Log(s)
3. TDSSKiller Log
4. Fresh OTL Scan
  • 0

#5
jp17315
Posted 24 November 2012 - 02:06 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
here are the logs:

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 14:28:53
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : djokrall - DJOKRALL-PC
# Boot Mode : Normal
# Running from : C:\Users\djokrall\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\ask.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\searchplugins\MyStart Search.xml
File Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
File Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\searchplugins\Askcom.xml
File Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files\BringMeSports_1cEI
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\I Want This
Folder Deleted : C:\Program Files\Shop To Win
Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\djokrall\AppData\Local\Babylon
Folder Deleted : C:\Users\djokrall\AppData\Local\Conduit
Folder Deleted : C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Folder Deleted : C:\Users\djokrall\AppData\Local\OpenCandy
Folder Deleted : C:\Users\djokrall\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\djokrall\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\djokrall\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\djokrall\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\djokrall\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\djokrall\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Babylon
Folder Deleted : C:\Users\djokrall\AppData\Roaming\iWin
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\ConduitCommon
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\CT3018509
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\FCTB
Folder Deleted : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\GamesBar
Folder Deleted : C:\Users\djokrall\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\djokrall\AppData\Roaming\RebateInformer
Folder Deleted : C:\Users\djokrall\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1cInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1cInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062377.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062377.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2976654
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\FCSB000062385
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\prefs.js

C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\user.js ... Deleted !

Deleted : user_pref("CT3018509..clientLogIsEnabled", false);
Deleted : user_pref("CT3018509..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3018509..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3018509.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3018509.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3018509.AppTrackingLastCheckTime", "Sat Dec 10 2011 13:52:39 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129575141437797586", true);
Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129683388555092712", true);
Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129774349446762757", true);
Deleted : user_pref("CT3018509.CT3018509", "CT3018509");
Deleted : user_pref("CT3018509.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT3018509.CurrentServerDate", "7-10-2012");
Deleted : user_pref("CT3018509.DSInstall", false);
Deleted : user_pref("CT3018509.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3018509.DialogsGetterLastCheckTime", "Sun Oct 07 2012 16:40:44 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT3018509.DownloadReferralCookieData", "");
Deleted : user_pref("CT3018509.EMailNotifierPollDate", "Sat Jun 23 2012 20:13:04 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT3018509.ExternalComponentPollDate129510405198305199", "Fri Jun 22 2012 18:57:11 GMT-040[...]
Deleted : user_pref("CT3018509.ExternalComponentPollDate129510405203040747", "Fri Jun 22 2012 18:57:11 GMT-040[...]
Deleted : user_pref("CT3018509.FirstServerDate", "13-11-2011");
Deleted : user_pref("CT3018509.FirstTime", true);
Deleted : user_pref("CT3018509.FirstTimeFF3", true);
Deleted : user_pref("CT3018509.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3018509.GroupingInvalidateCache", false);
Deleted : user_pref("CT3018509.GroupingLastCheckTime", "0");
Deleted : user_pref("CT3018509.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT3018509.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3018509.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3018509.HPInstall", false);
Deleted : user_pref("CT3018509.HasUserGlobalKeys", true);
Deleted : user_pref("CT3018509.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3018509.HomepageBeforeUnload", "www.yahoo.com");
Deleted : user_pref("CT3018509.Initialize", true);
Deleted : user_pref("CT3018509.InitializeCommonPrefs", true);
Deleted : user_pref("CT3018509.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3018509.InstallationType", "Unknown");
Deleted : user_pref("CT3018509.InstalledDate", "Sat Nov 12 2011 16:13:23 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT3018509.InvalidateCache", false);
Deleted : user_pref("CT3018509.IsAlertDBUpdated", true);
Deleted : user_pref("CT3018509.IsGrouping", false);
Deleted : user_pref("CT3018509.IsInitSetupIni", true);
Deleted : user_pref("CT3018509.IsMulticommunity", false);
Deleted : user_pref("CT3018509.IsOpenThankYouPage", true);
Deleted : user_pref("CT3018509.IsOpenUninstallPage", true);
Deleted : user_pref("CT3018509.IsProtectorsInit", true);
Deleted : user_pref("CT3018509.LanguagePackLastCheckTime", "Sun Oct 07 2012 16:40:44 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT3018509.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3018509.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3018509.LastLogin_3.10.0.1", "Thu Apr 19 2012 16:20:50 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.LastLogin_3.12.0.7", "Fri Apr 27 2012 16:10:43 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.LastLogin_3.12.2.3", "Wed May 30 2012 06:47:41 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.LastLogin_3.13.0.6", "Mon Jul 16 2012 07:22:39 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.LastLogin_3.14.1.0", "Sat Sep 01 2012 06:37:04 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.LastLogin_3.15.1.0", "Sun Oct 07 2012 16:40:44 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.LastLogin_3.8.0.8", "Mon Dec 05 2011 15:10:25 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT3018509.LastLogin_3.8.1.0", "Mon Jan 09 2012 11:46:16 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT3018509.LastLogin_3.9.0.3", "Tue Mar 06 2012 14:59:48 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT3018509.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT3018509.Locale", "en-us");
Deleted : user_pref("CT3018509.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3018509.MCDetectTooltipShow", false);
Deleted : user_pref("CT3018509.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3018509.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3018509.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3018509.OriginalFirstVersion", "3.8.0.8");
Deleted : user_pref("CT3018509.RadioIsPodcast", false);
Deleted : user_pref("CT3018509.RadioLastCheckTime", "Thu Jun 21 2012 14:20:33 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3018509.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3018509.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3018509.RadioMediaID", "9962");
Deleted : user_pref("CT3018509.RadioMediaType", "Media Player");
Deleted : user_pref("CT3018509.RadioMenuSelectedID", "EBRadioMenu_CT30185099962");
Deleted : user_pref("CT3018509.RadioShrinked", "shrinked");
Deleted : user_pref("CT3018509.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3018509.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3018509.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3018509.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT3018509.SearchCaption", "Game Master 2.1 Customized Web Search");
Deleted : user_pref("CT3018509.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT3018509.SearchEngineBeforeUnload", "Ask.com");
Deleted : user_pref("CT3018509.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3018509.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]
Deleted : user_pref("CT3018509.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3018509.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3018509.SearchInNewTabLastCheckTime", "Sun Oct 07 2012 16:40:41 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT3018509.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3018509.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3018509.SearchProtectorEnabled", false);
Deleted : user_pref("CT3018509.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3018509.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3018509.ServiceMapLastCheckTime", "Sun Oct 07 2012 16:40:43 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT3018509.SettingsLastCheckTime", "Sun Oct 07 2012 16:40:40 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT3018509.SettingsLastUpdate", "1348502557");
Deleted : user_pref("CT3018509.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3018509&SearchSource=13");
Deleted : user_pref("CT3018509.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3018509.ThirdPartyComponentsLastCheck", "Sat Jun 16 2012 14:22:31 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT3018509.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3018509.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT3018509.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3018509");
Deleted : user_pref("CT3018509.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3018509.UserID", "UN22890941671309084");
Deleted : user_pref("CT3018509.ValidationData_Search", 2);
Deleted : user_pref("CT3018509.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3018509.alertChannelId", "1410096");
Deleted : user_pref("CT3018509.approveUntrustedApps", false);
Deleted : user_pref("CT3018509.backendstorage.cb_experience_000", "38");
Deleted : user_pref("CT3018509.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3018509.backendstorage.cb_user_id_000", "43423139333936393634343938325F46697265666F78")[...]
Deleted : user_pref("CT3018509.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3018509.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3018509.backendstorage.cbfirsttime", "536174204E6F7620313220323031312031363A31333A32352[...]
Deleted : user_pref("CT3018509.backendstorage.favorites", "3134373833");
Deleted : user_pref("CT3018509.backendstorage.last-search-provider", "2262696E6722");
Deleted : user_pref("CT3018509.backendstorage.last-social-provider", "227477697474657222");
Deleted : user_pref("CT3018509.backendstorage.search-providers", "7B227961686F6F223A5B322C31333339383832323638[...]
Deleted : user_pref("CT3018509.backendstorage.shoppingapp.gk.exipres", "546875204A756E20323820323031322031383A[...]
Deleted : user_pref("CT3018509.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT3018509.backendstorage.social-providers", "7B2266616365626F6F6B223A5B312C31333430303435[...]
Deleted : user_pref("CT3018509.backendstorage.url_history", "6A6176617363726970743A5941484F4F2E7974732E656E645[...]
Deleted : user_pref("CT3018509.backendstorage.url_history0001", "687474703A2F2F617070732E6D7973746172742E636F6[...]
Deleted : user_pref("CT3018509.components.1000034", true);
Deleted : user_pref("CT3018509.components.1000080", true);
Deleted : user_pref("CT3018509.components.1000082", false);
Deleted : user_pref("CT3018509.components.129570392343604094", false);
Deleted : user_pref("CT3018509.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3018509.globalFirstTimeInfoLastCheckTime", "Sat Jun 23 2012 09:51:18 GMT-0400 (Eastern [...]
Deleted : user_pref("CT3018509.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3018509.initDone", true);
Deleted : user_pref("CT3018509.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3018509.isFirstRadioInstallation", false);
Deleted : user_pref("CT3018509.myStuffEnabled", true);
Deleted : user_pref("CT3018509.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3018509.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3018509.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3018509.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3018509.oldAppsList", "129510405195990639,129510405197729003,111,129510405198305199,129[...]
Deleted : user_pref("CT3018509.revertSettingsEnabled", false);
Deleted : user_pref("CT3018509.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3018509.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3018509.testingCtid", "");
Deleted : user_pref("CT3018509.toolbarAppMetaDataLastCheckTime", "Sun Oct 07 2012 16:40:44 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3018509.toolbarContextMenuLastCheckTime", "Sat Jun 16 2012 11:41:01 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3018509.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3018509/CT3018509[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1410096/1405754/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3018509", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3018509",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3018509&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/maxi.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play_min[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\djokrall\\AppData\\Roaming\\Mozilla[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://app5.playtika.com/playtika/php/view/socia[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://cdn.tictacti.com/widgets/WidgetView.html?[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://cdn.tictacti.com/widgets/WidgetView.html?[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/content/games/players/solitaire[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/content/games/players/sonic.php[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://app5.playtika.com/playtika/php/view/social/fb[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/content/games/alawar/alawarplayer.p[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/content/games/players/come2play.php[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/content/games/players/solitaire.php[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/content/games/players/sonic.php", "[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/mochigadget", "640x683");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3018509");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3018509");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3018509");
Deleted : user_pref("CommunityToolbar.globalUserId", "bc7c231d-030b-46d7-a4a9-9346099826d3");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jun 23 2012 18:55:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jun 23 2012 18:55:17 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jun 23 2012 18:55:09 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "69a18171-0e00-4786-8471-add105722b78");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.yahoo.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/421");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108907");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "20da66b2000000000000001c258900cc");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15336");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:35:27");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 88202448);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:35:27");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108907");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "20da66b2000000000000001c258900cc");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "20da66b2000000000000001c258900cc");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15336");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:35:27");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.RecipeHub_2j.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opense[...]
Deleted : user_pref("extensions.RecipeHub_2j.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jh[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1336817055);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 15);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1336817055");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1336817055");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Sun Oct 07 2012 16:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Oct 14 2012 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1349642434");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346236600616");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2235998%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346236600163");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "82");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Sun Oct 07[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 6);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 90);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", 14);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "13728952041d61ff7fa8f41080035914");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1336817168);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22494041);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22494042);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340708509162");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340708509158");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Deleted : user_pref("extensions.crossriderapp2397.2397.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2397.2397.InstallationTime", 1339878872);
Deleted : user_pref("extensions.crossriderapp2397.2397.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.active", true);
Deleted : user_pref("extensions.crossriderapp2397.2397.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.affid", "0");
Deleted : user_pref("extensions.crossriderapp2397.2397.backgroundjs", "\n\n/**********************************[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.backgroundver", 16);
Deleted : user_pref("extensions.crossriderapp2397.2397.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2397.2397.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_channels.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_channels.value", "%7B%22app0%[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_displayed_messages.expiration[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_displayed_messages.value", "%[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_geolocation.expiration", "Sun[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_geolocation.value", "%22US%22[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_messages.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_messages.value", "%7B%22data%[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_placeholders.expiration", "Fr[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderNotifier_placeholders.value", "%7B%22M[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderSidebar_showed.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.CrossriderSidebar_showed.value", "true");
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.InstallationTime.value", "1339878872");
Deleted : user_pref("extensions.crossriderapp2397.2397.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.description", "Find out about exciting and fun games th[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.domain", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.group", 0);
Deleted : user_pref("extensions.crossriderapp2397.2397.homepage", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.iframe", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_appVer.value", "149");
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_nextCheck.expiration", "Sun Oct 07[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2397.2397.js", "\nbase64 = {\n _keyStr: \"ABCDEFGHIJKLMNOPQRSTUV[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.name", "Game Discovery");
Deleted : user_pref("extensions.crossriderapp2397.2397.newtab", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_17.code", "/*!\n * jQuery JavaScript Lib[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_28.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_5.name", "notifications");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_5.ver", 2);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_6.code", "appAPI.sidebar=(function(x){va[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_6.name", "sidebar");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_6.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,ho[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_7.name", "hooks");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_7.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchE[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_9.name", "search_engine_hook");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins.plugin_9.ver", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins_lists.plugins_0", "17,14,16,47");
Deleted : user_pref("extensions.crossriderapp2397.2397.plugins_lists.plugins_1", "17,14,13,16,15,4,1,7,9,6,5,2[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2397.2397.pluginsversion", 14);
Deleted : user_pref("extensions.crossriderapp2397.2397.premium", true);
Deleted : user_pref("extensions.crossriderapp2397.2397.publisher", "Popstiko");
Deleted : user_pref("extensions.crossriderapp2397.2397.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2397.2397.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2397.2397.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.thankyou", "");
Deleted : user_pref("extensions.crossriderapp2397.2397.updateinterval", 1);
Deleted : user_pref("extensions.crossriderapp2397.2397.ver", 149);
Deleted : user_pref("extensions.crossriderapp2397.adsOldValue", 14);
Deleted : user_pref("extensions.crossriderapp2397.apps", "2397");
Deleted : user_pref("extensions.crossriderapp2397.bic", "13728952041d61ff7fa8f41080035914");
Deleted : user_pref("extensions.crossriderapp2397.cid", 2397);
Deleted : user_pref("extensions.crossriderapp2397.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2397.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2397.installationdate", 1339881149);
Deleted : user_pref("extensions.crossriderapp2397.lastcheck", 22494041);
Deleted : user_pref("extensions.crossriderapp2397.lastcheckitem", 22494042);
Deleted : user_pref("extensions.crossriderapp2397.misc.lastBgWorkerTimer", "1342709792108");
Deleted : user_pref("extensions.crossriderapp2397.misc.lastDomWorkerTimer", "1342709792106");
Deleted : user_pref("extensions.crossriderapp2397.modetype", "production");
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.2.0,[email protected]:1.3,textli[...]
Deleted : user_pref("extensions.incredibarmusic.admin", false);
Deleted : user_pref("extensions.incredibarmusic.aflt", "orgnl");
Deleted : user_pref("extensions.incredibarmusic.autoRvrt", "false");
Deleted : user_pref("extensions.incredibarmusic.dfltLng", "");
Deleted : user_pref("extensions.incredibarmusic.excTlbr", false);
Deleted : user_pref("extensions.incredibarmusic.id", "20da66b2000000000000001c258900cc");
Deleted : user_pref("extensions.incredibarmusic.instlDay", "15564");
Deleted : user_pref("extensions.incredibarmusic.instlRef", "");
Deleted : user_pref("extensions.incredibarmusic.prdct", "incredibarmusic");
Deleted : user_pref("extensions.incredibarmusic.prtnrId", "incredibar");
Deleted : user_pref("extensions.incredibarmusic.tlbrId", "base");
Deleted : user_pref("extensions.incredibarmusic.tlbrSrchUrl", "hxxp://mystart.incredibar.com/?loc=Music_TB&i=3[...]
Deleted : user_pref("extensions.incredibarmusic.vrsn", "1.5.23.13");
Deleted : user_pref("extensions.incredibarmusic.vrsni", "1.5.23.13");
Deleted : user_pref("extensions.incredibarmusic_i.newTab", false);
Deleted : user_pref("extensions.incredibarmusic_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibarmusic_i.vrsnTs", "1.5.23.1311:01:30");
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.sahtb.alerts.menu", "[{\"text\":\"[b]Click here for Pogo Scrabble Coupo[...]
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._14Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://w[...]
Deleted : user_pref("extensions.toolbar.mindspark._1cMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._20Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://w[...]
Deleted : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.ClearCacheDate", 23);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.DNSCatch", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.DisplayEULA", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.EBOMode", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.FirstLaunchShown", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.InstallDomain", "freecause.com");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.InstallType", "standard");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.LoadLayoutDate.100685", 23);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.ShowRecommendedOptions", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.StateReportDate", "1340370868209");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.beforeInstallSaved", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.beforeinstall.homepage", "hxxp%3A//www.ask.com/[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.beforeinstall.search", "Ask.com");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.customNewTab", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.helpUsImprove", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.hideOthers", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.partnerauth", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.processAddrBar", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.restoreSearch", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.searchHistory", true);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.session", "21976B90C805DED1705A2F462BBF454FCB7F[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.showFirstLaunchOptions", false);
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.tb_lang", "en");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.tool_id", "100685");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.user_id", "114495000");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.user_key", "93fac702e912b68427121986f44ed219637[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.user_layouts", "100685");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.user_lnames", "Shop%20to%20Win%2037");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.vars.disablecuidinject", "1");
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.vars.lastcheck", "Sat%20Jun%2023%202012%2002%3A[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Deleted : user_pref("freecause5701241f8b56a0d455d2bd14aeac91fc.yahooSearch", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.DNSCatch", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.FirstLaunchShown", true);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.LastDate", 7);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.customNewTab", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.CaptureType", 3);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.clickSendingStats.20121007.connection_e[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.clickSendingStats.20121007.invalid_cert[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.clickSendingStats.20121007.server_error[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.clickSendingStats.20121007.success", 0)[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.currentOffset", 2);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.dcaConfigInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.enableVoicebox", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.epochTimeInterval", "1440");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.eulaVersion", 20110301);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.externalJSInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.externalJSRshInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.externalJSSerpInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.externalJSShoppingcartInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastDcaConfigModification", "Tue, 05 Ju[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastDcaConfigTime", "1349642444661");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastDcaStatus", 1);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastEpochTime", "1349642449850");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consume[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastEventSendAttemptDate", "20121007");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastEventSendSuccessDate", "20121007");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSModification", "Tue, 15 M[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSRshModification", "Tue, 1[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSRshTime", "1349642443762"[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSRshUrl", "hxxps://dcs-fil[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSSerpModification", "Mon, [...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSSerpTime", "1349642444470[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSSerpUrl", "hxxps://dcs-fi[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSShoppingcartModification"[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSShoppingcartTime", "13496[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSShoppingcartUrl", "hxxps:[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSTime", "1349642442689");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastExternalJSUrl", "hxxps://dcs-files.[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastPingTime", "1349642498846");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastPrivacyRulesModification", "Mon, 17[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastPrivacyRulesTime", "1349642442647")[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastPrivacyRulesUrl", "hxxps://dcs-file[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastWhitelistModification", "Fri, 05 Oc[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastWhitelistTime", "1349642444657");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.lastWhitelistUrl", "hxxps://dcs-files.c[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.panelID", "FCZ3E7Bfox");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.pingInterval", "1440");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.privacyFailures", 0);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.privacyFailuresThreshold", 6);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.privacyRulesInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.probationLength", 1440);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.rulesVersion", "2003");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.userID", "FCZ3E7B68264897");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.version", "1.7.0.9411");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.dca.whitelistInterval", "60");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.installDate", "06242012");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.dca.version", "1.0.39");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.processAddrBar", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.tb_lang", "en");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.user_id", "68264897");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.vars.dcaAlertShown", "1");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.vars.disablecuidinject", "1");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.vars.lastcheck", "Wed%20Jul%2011%202012%2008%3A[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2e7.yahooSearch", false);
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=00A2EB3E[...]
Deleted : user_pref("playsushi.position.button", true);

Profile name : default-1349642571038 [Profil par défaut]
File : C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\prefs.js

Deleted : user_pref("CT2724386_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : search_url ={"browser":{"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.[...]

*************************

AdwCleaner[S1].txt - [70548 octets] - [24/11/2012 14:28:53]

########## EOF - C:\AdwCleaner[S1].txt - [70609 octets] ##########

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : djokrall [Admin rights]
Mode : Scan -- Date : 11/24/2012 14:36:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM ("C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-646951214-2927039730-2231423905-1000[...]\Run : ISUSPM ("C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-646951214-2927039730-2231423905-1000[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 5032 : wscript.exe C:\Users\djokrall\AppData\Local\Temp\launchie.vbs //B -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 45e529626d80a9baf5eef71992ba14d2
[BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467435 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 957307680 | Size: 9501 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11242012_02d1436.txt >>
RKreport[1]_S_11242012_02d1436.txt



RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : djokrall [Admin rights]
Mode : Remove -- Date : 11/24/2012 14:37:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM ("C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> DELETED
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 5032 : wscript.exe C:\Users\djokrall\AppData\Local\Temp\launchie.vbs //B -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 45e529626d80a9baf5eef71992ba14d2
[BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467435 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 957307680 | Size: 9501 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11242012_02d1437.txt >>
RKreport[1]_S_11242012_02d1436.txt ; RKreport[2]_D_11242012_02d1437.txt



RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : djokrall [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/24/2012 14:38:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 84 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 75 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_11242012_02d1438.txt >>
RKreport[1]_S_11242012_02d1436.txt ; RKreport[2]_D_11242012_02d1437.txt ; RKreport[3]_SC_11242012_02d1438.txt


14:39:42.0739 3240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:39:43.0199 3240 ============================================================
14:39:43.0199 3240 Current date / time: 2012/11/24 14:39:43.0199
14:39:43.0199 3240 SystemInfo:
14:39:43.0199 3240
14:39:43.0199 3240 OS Version: 6.0.6002 ServicePack: 2.0
14:39:43.0199 3240 Product type: Workstation
14:39:43.0199 3240 ComputerName: DJOKRALL-PC
14:39:43.0199 3240 UserName: djokrall
14:39:43.0199 3240 Windows directory: C:\Windows
14:39:43.0199 3240 System windows directory: C:\Windows
14:39:43.0199 3240 Processor architecture: Intel x86
14:39:43.0199 3240 Number of processors: 2
14:39:43.0199 3240 Page size: 0x1000
14:39:43.0199 3240 Boot type: Normal boot
14:39:43.0199 3240 ============================================================
14:39:44.0739 3240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:39:44.0759 3240 ============================================================
14:39:44.0759 3240 \Device\Harddisk0\DR0:
14:39:44.0759 3240 MBR partitions:
14:39:44.0759 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x390F5AE1
14:39:44.0759 3240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x390F5B20, BlocksNum 0x128ED70
14:39:44.0759 3240 ============================================================
14:39:44.0779 3240 C: <-> \Device\Harddisk0\DR0\Partition1
14:39:44.0949 3240 D: <-> \Device\Harddisk0\DR0\Partition2
14:39:44.0949 3240 ============================================================
14:39:44.0949 3240 Initialize success
14:39:44.0949 3240 ============================================================
14:40:12.0218 1524 Deinitialize success


14:42:53.0334 3452 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:42:53.0724 3452 ============================================================
14:42:53.0724 3452 Current date / time: 2012/11/24 14:42:53.0724
14:42:53.0724 3452 SystemInfo:
14:42:53.0724 3452
14:42:53.0724 3452 OS Version: 6.0.6002 ServicePack: 2.0
14:42:53.0724 3452 Product type: Workstation
14:42:53.0724 3452 ComputerName: DJOKRALL-PC
14:42:53.0724 3452 UserName: djokrall
14:42:53.0724 3452 Windows directory: C:\Windows
14:42:53.0724 3452 System windows directory: C:\Windows
14:42:53.0724 3452 Processor architecture: Intel x86
14:42:53.0724 3452 Number of processors: 2
14:42:53.0724 3452 Page size: 0x1000
14:42:53.0724 3452 Boot type: Normal boot
14:42:53.0724 3452 ============================================================
14:42:57.0484 3452 BG loaded
14:42:58.0295 3452 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:42:58.0357 3452 ============================================================
14:42:58.0357 3452 \Device\Harddisk0\DR0:
14:42:58.0389 3452 MBR partitions:
14:42:58.0389 3452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x390F5AE1
14:42:58.0389 3452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x390F5B20, BlocksNum 0x128ED70
14:42:58.0389 3452 ============================================================
14:42:58.0576 3452 C: <-> \Device\Harddisk0\DR0\Partition1
14:42:58.0794 3452 D: <-> \Device\Harddisk0\DR0\Partition2
14:42:58.0794 3452 ============================================================
14:42:58.0794 3452 Initialize success
14:42:58.0794 3452 ============================================================
14:43:25.0612 2624 ============================================================
14:43:25.0612 2624 Scan started
14:43:25.0612 2624 Mode: Manual; SigCheck; TDLFS;
14:43:25.0612 2624 ============================================================
14:43:28.0217 2624 ================ Scan system memory ========================
14:43:28.0217 2624 System memory - ok
14:43:28.0217 2624 ================ Scan services =============================
14:43:29.0028 2624 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:43:29.0278 2624 ACPI - ok
14:43:29.0402 2624 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:43:29.0449 2624 AdobeARMservice - ok
14:43:29.0839 2624 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:43:29.0902 2624 AdobeFlashPlayerUpdateSvc - ok
14:43:33.0661 2624 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:43:33.0739 2624 adp94xx - ok
14:43:33.0755 2624 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:43:33.0802 2624 adpahci - ok
14:43:33.0848 2624 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:43:33.0895 2624 adpu160m - ok
14:43:33.0926 2624 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:43:33.0958 2624 adpu320 - ok
14:43:34.0082 2624 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:43:35.0455 2624 AeLookupSvc - ok
14:43:35.0689 2624 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:43:35.0845 2624 AFD - ok
14:43:36.0001 2624 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:43:36.0048 2624 agp440 - ok
14:43:36.0079 2624 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:43:36.0110 2624 aic78xx - ok
14:43:36.0126 2624 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:43:36.0251 2624 ALG - ok
14:43:36.0298 2624 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:43:36.0329 2624 aliide - ok
14:43:36.0360 2624 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:43:36.0376 2624 amdagp - ok
14:43:36.0391 2624 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:43:36.0407 2624 amdide - ok
14:43:36.0422 2624 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:43:36.0454 2624 AmdK7 - ok
14:43:36.0485 2624 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:43:36.0532 2624 AmdK8 - ok
14:43:36.0578 2624 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:43:36.0610 2624 Appinfo - ok
14:43:36.0641 2624 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:43:36.0672 2624 arc - ok
14:43:36.0703 2624 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:43:36.0719 2624 arcsas - ok
14:43:36.0797 2624 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:43:36.0844 2624 aspnet_state - ok
14:43:36.0875 2624 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:36.0922 2624 AsyncMac - ok
14:43:36.0953 2624 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:43:36.0984 2624 atapi - ok
14:43:37.0031 2624 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:43:37.0109 2624 AudioEndpointBuilder - ok
14:43:37.0109 2624 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:43:37.0140 2624 Audiosrv - ok
14:43:37.0171 2624 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:43:37.0218 2624 Beep - ok
14:43:37.0234 2624 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:43:37.0280 2624 BFE - ok
14:43:37.0327 2624 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:43:37.0436 2624 BITS - ok
14:43:37.0468 2624 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:43:37.0561 2624 blbdrive - ok
14:43:37.0592 2624 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:43:37.0624 2624 bowser - ok
14:43:37.0639 2624 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:43:37.0670 2624 BrFiltLo - ok
14:43:37.0702 2624 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:43:37.0733 2624 BrFiltUp - ok
14:43:37.0764 2624 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:43:37.0811 2624 Browser - ok
14:43:37.0826 2624 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:43:37.0951 2624 Brserid - ok
14:43:37.0951 2624 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:43:38.0029 2624 BrSerWdm - ok
14:43:38.0045 2624 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:43:38.0107 2624 BrUsbMdm - ok
14:43:38.0154 2624 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:43:38.0201 2624 BrUsbSer - ok
14:43:38.0232 2624 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:43:38.0310 2624 BTHMODEM - ok
14:43:38.0341 2624 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:43:38.0388 2624 cdfs - ok
14:43:38.0419 2624 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:43:38.0466 2624 cdrom - ok
14:43:38.0497 2624 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:43:38.0528 2624 CertPropSvc - ok
14:43:38.0560 2624 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:43:38.0606 2624 circlass - ok
14:43:38.0638 2624 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:43:38.0653 2624 CLFS - ok
14:43:38.0700 2624 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:38.0747 2624 clr_optimization_v2.0.50727_32 - ok
14:43:38.0840 2624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:43:39.0074 2624 clr_optimization_v4.0.30319_32 - ok
14:43:39.0137 2624 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:43:39.0184 2624 cmdide - ok
14:43:39.0215 2624 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:43:39.0246 2624 Compbatt - ok
14:43:39.0262 2624 COMSysApp - ok
14:43:39.0308 2624 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:43:39.0355 2624 crcdisk - ok
14:43:39.0386 2624 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:43:39.0496 2624 Crusoe - ok
14:43:39.0636 2624 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:43:39.0714 2624 CryptSvc - ok
14:43:39.0761 2624 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:43:39.0839 2624 DcomLaunch - ok
14:43:39.0870 2624 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:43:39.0917 2624 DfsC - ok
14:43:40.0026 2624 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:43:40.0120 2624 DFSR - ok
14:43:40.0166 2624 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:43:40.0213 2624 Dhcp - ok
14:43:40.0244 2624 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:43:40.0276 2624 disk - ok
14:43:40.0307 2624 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:43:40.0354 2624 Dnscache - ok
14:43:40.0369 2624 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:43:40.0416 2624 dot3svc - ok
14:43:40.0447 2624 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:43:40.0478 2624 Dot4 - ok
14:43:40.0494 2624 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:43:40.0541 2624 Dot4Print - ok
14:43:40.0556 2624 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:43:40.0603 2624 dot4usb - ok
14:43:40.0634 2624 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:43:40.0666 2624 DPS - ok
14:43:40.0697 2624 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:43:40.0728 2624 drmkaud - ok
14:43:40.0775 2624 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:43:40.0806 2624 DXGKrnl - ok
14:43:40.0837 2624 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:43:40.0884 2624 E1G60 - ok
14:43:40.0915 2624 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:43:40.0946 2624 EapHost - ok
14:43:40.0993 2624 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:43:41.0009 2624 Ecache - ok
14:43:41.0071 2624 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:43:41.0102 2624 ehRecvr - ok
14:43:41.0134 2624 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:43:41.0165 2624 ehSched - ok
14:43:41.0196 2624 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:43:41.0243 2624 ehstart - ok
14:43:41.0321 2624 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:43:41.0352 2624 elxstor - ok
14:43:41.0383 2624 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:43:41.0492 2624 EMDMgmt - ok
14:43:41.0586 2624 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:43:41.0633 2624 ErrDev - ok
14:43:41.0664 2624 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:43:41.0695 2624 EventSystem - ok
14:43:41.0726 2624 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:43:41.0773 2624 exfat - ok
14:43:41.0789 2624 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:43:41.0836 2624 fastfat - ok
14:43:41.0867 2624 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:43:41.0914 2624 fdc - ok
14:43:41.0945 2624 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:43:41.0992 2624 fdPHost - ok
14:43:42.0007 2624 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:43:42.0085 2624 FDResPub - ok
14:43:42.0101 2624 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:43:42.0116 2624 FileInfo - ok
14:43:42.0132 2624 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:43:42.0194 2624 Filetrace - ok
14:43:42.0210 2624 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:42.0241 2624 flpydisk - ok
14:43:42.0272 2624 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:43:42.0288 2624 FltMgr - ok
14:43:42.0366 2624 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:43:42.0428 2624 FontCache - ok
14:43:42.0475 2624 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:42.0506 2624 FontCache3.0.0.0 - ok
14:43:42.0538 2624 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:43:42.0584 2624 Fs_Rec - ok
14:43:42.0616 2624 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:43:42.0631 2624 gagp30kx - ok
14:43:42.0694 2624 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
14:43:42.0709 2624 GamesAppService - ok
14:43:42.0818 2624 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:43:42.0896 2624 gpsvc - ok
14:43:42.0990 2624 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:43.0006 2624 gupdate - ok
14:43:43.0006 2624 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:43.0021 2624 gupdatem - ok
14:43:43.0099 2624 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:43.0193 2624 HDAudBus - ok
14:43:43.0255 2624 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:43:43.0318 2624 HidBth - ok
14:43:43.0349 2624 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:43:43.0458 2624 HidIr - ok
14:43:43.0489 2624 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:43:43.0536 2624 hidserv - ok
14:43:43.0567 2624 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:43:43.0598 2624 HidUsb - ok
14:43:43.0630 2624 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:43:43.0676 2624 hkmsvc - ok
14:43:43.0754 2624 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:43:43.0770 2624 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:43:43.0770 2624 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:43:43.0786 2624 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:43:43.0817 2624 HpCISSs - ok
14:43:43.0864 2624 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
14:43:43.0926 2624 HSF_DP - ok
14:43:43.0942 2624 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:43:43.0973 2624 HSXHWBS2 - ok
14:43:44.0004 2624 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:43:44.0051 2624 HTTP - ok
14:43:44.0082 2624 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:43:44.0098 2624 i2omp - ok
14:43:44.0129 2624 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:44.0207 2624 i8042prt - ok
14:43:44.0222 2624 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:43:44.0254 2624 iaStorV - ok
14:43:44.0300 2624 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:43:44.0347 2624 idsvc - ok
14:43:44.0378 2624 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:43:44.0410 2624 iirsp - ok
14:43:44.0456 2624 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:43:44.0503 2624 IKEEXT - ok
14:43:44.0706 2624 [ 84ED2154239F9D013BBD3220755ADA8B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:43:44.0800 2624 IntcAzAudAddService - ok
14:43:44.0831 2624 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:43:44.0862 2624 intelide - ok
14:43:44.0878 2624 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:43:44.0924 2624 intelppm - ok
14:43:44.0956 2624 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:43:45.0002 2624 IPBusEnum - ok
14:43:45.0049 2624 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:45.0143 2624 IpFilterDriver - ok
14:43:45.0205 2624 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:43:45.0283 2624 iphlpsvc - ok
14:43:45.0299 2624 IpInIp - ok
14:43:45.0330 2624 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:43:45.0377 2624 IPMIDRV - ok
14:43:45.0408 2624 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:43:45.0455 2624 IPNAT - ok
14:43:45.0486 2624 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:43:45.0533 2624 IRENUM - ok
14:43:45.0548 2624 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:43:45.0564 2624 isapnp - ok
14:43:45.0611 2624 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:45.0642 2624 iScsiPrt - ok
14:43:45.0658 2624 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:43:45.0673 2624 iteatapi - ok
14:43:45.0689 2624 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:43:45.0720 2624 iteraid - ok
14:43:45.0751 2624 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:45.0767 2624 kbdclass - ok
14:43:45.0798 2624 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:45.0907 2624 kbdhid - ok
14:43:45.0923 2624 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:43:45.0970 2624 KeyIso - ok
14:43:46.0032 2624 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:43:46.0094 2624 KSecDD - ok
14:43:46.0141 2624 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:43:46.0250 2624 KtmRm - ok
14:43:46.0297 2624 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:43:46.0360 2624 LanmanServer - ok
14:43:46.0406 2624 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:43:46.0484 2624 LanmanWorkstation - ok
14:43:46.0578 2624 [ 9039717A906DA0AE38420918801D9AB3 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:43:46.0609 2624 LightScribeService - ok
14:43:46.0672 2624 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:43:46.0718 2624 lltdio - ok
14:43:46.0750 2624 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:43:46.0796 2624 lltdsvc - ok
14:43:46.0812 2624 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:43:46.0874 2624 lmhosts - ok
14:43:46.0906 2624 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:43:46.0952 2624 LSI_FC - ok
14:43:46.0968 2624 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:43:46.0984 2624 LSI_SAS - ok
14:43:47.0015 2624 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:43:47.0062 2624 LSI_SCSI - ok
14:43:47.0077 2624 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:43:47.0124 2624 luafv - ok
14:43:47.0171 2624 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:43:47.0202 2624 Mcx2Svc - ok
14:43:47.0233 2624 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:43:47.0264 2624 mdmxsdk - ok
14:43:47.0296 2624 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:43:47.0327 2624 megasas - ok
14:43:47.0358 2624 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:43:47.0420 2624 MegaSR - ok
14:43:47.0467 2624 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:43:47.0561 2624 MMCSS - ok
14:43:47.0592 2624 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:43:47.0639 2624 Modem - ok
14:43:47.0670 2624 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:43:47.0732 2624 monitor - ok
14:43:47.0748 2624 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:43:47.0764 2624 mouclass - ok
14:43:47.0779 2624 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:43:47.0826 2624 mouhid - ok
14:43:47.0842 2624 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:43:47.0873 2624 MountMgr - ok
14:43:48.0013 2624 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:43:48.0044 2624 MozillaMaintenance - ok
14:43:48.0091 2624 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:48.0122 2624 MpFilter - ok
14:43:48.0154 2624 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:43:48.0185 2624 mpio - ok
14:43:48.0232 2624 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:43:48.0278 2624 mpsdrv - ok
14:43:48.0341 2624 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:43:48.0388 2624 MpsSvc - ok
14:43:48.0434 2624 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:43:48.0466 2624 Mraid35x - ok
14:43:48.0497 2624 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:43:48.0544 2624 MRxDAV - ok
14:43:48.0590 2624 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:48.0637 2624 mrxsmb - ok
14:43:48.0668 2624 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:48.0700 2624 mrxsmb10 - ok
14:43:48.0762 2624 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:48.0793 2624 mrxsmb20 - ok
14:43:48.0856 2624 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
14:43:48.0887 2624 msahci - ok
14:43:49.0058 2624 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:43:49.0105 2624 msdsm - ok
14:43:49.0136 2624 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:43:49.0277 2624 MSDTC - ok
14:43:49.0324 2624 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:43:49.0433 2624 Msfs - ok
14:43:49.0511 2624 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:43:49.0542 2624 msisadrv - ok
14:43:49.0604 2624 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:43:49.0760 2624 MSiSCSI - ok
14:43:49.0760 2624 msiserver - ok
14:43:49.0870 2624 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:43:49.0948 2624 MSKSSRV - ok
14:43:50.0135 2624 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:43:50.0166 2624 MsMpSvc - ok
14:43:50.0275 2624 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:50.0384 2624 MSPCLOCK - ok
14:43:50.0447 2624 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:43:50.0540 2624 MSPQM - ok
14:43:50.0618 2624 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:43:50.0665 2624 MsRPC - ok
14:43:50.0712 2624 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:50.0759 2624 mssmbios - ok
14:43:50.0774 2624 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:43:50.0837 2624 MSTEE - ok
14:43:50.0884 2624 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:43:50.0915 2624 Mup - ok
14:43:50.0946 2624 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:43:50.0993 2624 napagent - ok
14:43:51.0024 2624 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:43:51.0055 2624 NativeWifiP - ok
14:43:51.0102 2624 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:43:51.0133 2624 NDIS - ok
14:43:51.0164 2624 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:51.0196 2624 NdisTapi - ok
14:43:51.0211 2624 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:51.0274 2624 Ndisuio - ok
14:43:51.0305 2624 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:51.0367 2624 NdisWan - ok
14:43:51.0383 2624 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:43:51.0430 2624 NDProxy - ok
14:43:51.0445 2624 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:43:51.0508 2624 NetBIOS - ok
14:43:51.0554 2624 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:43:51.0601 2624 netbt - ok
14:43:51.0617 2624 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:43:51.0648 2624 Netlogon - ok
14:43:51.0679 2624 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:43:51.0757 2624 Netman - ok
14:43:51.0835 2624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:51.0913 2624 NetMsmqActivator - ok
14:43:51.0929 2624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:51.0944 2624 NetPipeActivator - ok
14:43:51.0991 2624 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:43:52.0038 2624 netprofm - ok
14:43:52.0038 2624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:52.0054 2624 NetTcpActivator - ok
14:43:52.0069 2624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:52.0085 2624 NetTcpPortSharing - ok
14:43:52.0132 2624 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:43:52.0163 2624 nfrd960 - ok
14:43:52.0194 2624 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:43:52.0225 2624 NisDrv - ok
14:43:52.0303 2624 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:43:52.0334 2624 NisSrv - ok
14:43:52.0381 2624 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:43:52.0444 2624 NlaSvc - ok
14:43:52.0475 2624 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:43:52.0506 2624 Npfs - ok
14:43:52.0522 2624 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:43:52.0568 2624 nsi - ok
14:43:52.0584 2624 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:43:52.0631 2624 nsiproxy - ok
14:43:52.0818 2624 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:43:52.0880 2624 Ntfs - ok
14:43:52.0896 2624 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:43:52.0958 2624 ntrigdigi - ok
14:43:52.0990 2624 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
14:43:53.0005 2624 NuidFltr - ok
14:43:53.0005 2624 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:43:53.0036 2624 Null - ok
14:43:53.0146 2624 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:43:53.0192 2624 NVENETFD - ok
14:43:53.0551 2624 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:43:53.0770 2624 nvlddmkm - ok
14:43:53.0816 2624 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:43:53.0848 2624 nvraid - ok
14:43:53.0863 2624 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
14:43:53.0894 2624 nvsmu - ok
14:43:53.0926 2624 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:43:53.0941 2624 nvstor - ok
14:43:53.0972 2624 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:43:54.0004 2624 nvsvc - ok
14:43:54.0019 2624 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:43:54.0050 2624 nv_agp - ok
14:43:54.0066 2624 NwlnkFlt - ok
14:43:54.0082 2624 NwlnkFwd - ok
14:43:54.0113 2624 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:43:54.0175 2624 ohci1394 - ok
14:43:54.0238 2624 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:43:54.0347 2624 p2pimsvc - ok
14:43:54.0362 2624 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:43:54.0456 2624 p2psvc - ok
14:43:54.0487 2624 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:43:54.0581 2624 Parport - ok
14:43:54.0659 2624 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:43:54.0706 2624 partmgr - ok
14:43:54.0737 2624 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:43:54.0830 2624 Parvdm - ok
14:43:54.0862 2624 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:43:54.0924 2624 PcaSvc - ok
14:43:54.0955 2624 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:43:54.0986 2624 pci - ok
14:43:55.0018 2624 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
14:43:55.0033 2624 pciide - ok
14:43:55.0064 2624 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:43:55.0111 2624 pcmcia - ok
14:43:55.0158 2624 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:43:55.0283 2624 PEAUTH - ok
14:43:55.0564 2624 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:43:55.0720 2624 pla - ok
14:43:55.0766 2624 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:43:55.0829 2624 PlugPlay - ok
14:43:55.0860 2624 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:43:55.0907 2624 PNRPAutoReg - ok
14:43:55.0922 2624 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:43:55.0985 2624 PNRPsvc - ok
14:43:56.0032 2624 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:43:56.0094 2624 PolicyAgent - ok
14:43:56.0125 2624 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:43:56.0188 2624 PptpMiniport - ok
14:43:56.0203 2624 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:43:56.0266 2624 Processor - ok
14:43:56.0297 2624 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:43:56.0359 2624 ProfSvc - ok
14:43:56.0375 2624 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:43:56.0406 2624 ProtectedStorage - ok
14:43:56.0453 2624 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:43:56.0515 2624 PSched - ok
14:43:56.0562 2624 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:43:56.0624 2624 ql2300 - ok
14:43:56.0671 2624 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:43:56.0718 2624 ql40xx - ok
14:43:56.0749 2624 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:43:56.0796 2624 QWAVE - ok
14:43:56.0812 2624 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:43:56.0843 2624 QWAVEdrv - ok
14:43:57.0014 2624 [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
14:43:57.0046 2624 RapportCerberus_43926 - ok
14:43:57.0139 2624 [ E59302E32009F38A24AB573B039D8F21 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:43:57.0155 2624 RapportEI - ok
14:43:57.0186 2624 [ 25BFCB71DE17B2DE56800219F8E80959 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
14:43:57.0217 2624 RapportKELL - ok
14:43:57.0358 2624 [ 4D7B30001787A7E36B899BE4693C8769 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
14:43:57.0420 2624 RapportMgmtService - ok
14:43:57.0451 2624 [ 0DE51300C256DE1206EE892521764C76 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:43:57.0482 2624 RapportPG - ok
14:43:57.0498 2624 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:43:57.0560 2624 RasAcd - ok
14:43:57.0576 2624 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:43:57.0654 2624 RasAuto - ok
14:43:57.0685 2624 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:57.0732 2624 Rasl2tp - ok
14:43:57.0810 2624 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:43:57.0872 2624 RasMan - ok
14:43:57.0888 2624 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:57.0966 2624 RasPppoe - ok
14:43:58.0013 2624 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:43:58.0060 2624 RasSstp - ok
14:43:58.0138 2624 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:43:58.0169 2624 rdbss - ok
14:43:58.0216 2624 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:58.0262 2624 RDPCDD - ok
14:43:58.0309 2624 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:43:58.0356 2624 rdpdr - ok
14:43:58.0528 2624 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:43:58.0574 2624 RDPENCDD - ok
14:43:58.0964 2624 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:43:59.0089 2624 RDPWD - ok
14:43:59.0136 2624 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:43:59.0183 2624 RemoteAccess - ok
14:43:59.0214 2624 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:43:59.0276 2624 RemoteRegistry - ok
14:43:59.0323 2624 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:43:59.0417 2624 RpcLocator - ok
14:43:59.0432 2624 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:43:59.0495 2624 RpcSs - ok
14:43:59.0526 2624 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:43:59.0573 2624 rspndr - ok
14:43:59.0588 2624 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:43:59.0635 2624 SamSs - ok
14:43:59.0729 2624 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:43:59.0760 2624 sbp2port - ok
14:43:59.0791 2624 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:43:59.0869 2624 SCardSvr - ok
14:43:59.0932 2624 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:44:00.0010 2624 Schedule - ok
14:44:00.0025 2624 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:44:00.0072 2624 SCPolicySvc - ok
14:44:00.0103 2624 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:44:00.0166 2624 SDRSVC - ok
14:44:00.0197 2624 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:44:00.0290 2624 secdrv - ok
14:44:00.0322 2624 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:44:00.0400 2624 seclogon - ok
14:44:00.0446 2624 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:44:00.0509 2624 SENS - ok
14:44:00.0524 2624 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:44:00.0618 2624 Serenum - ok
14:44:00.0649 2624 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:44:00.0727 2624 Serial - ok
14:44:00.0758 2624 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:44:00.0836 2624 sermouse - ok
14:44:00.0868 2624 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:44:00.0914 2624 SessionEnv - ok
14:44:00.0946 2624 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:44:00.0977 2624 sffdisk - ok
14:44:00.0992 2624 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:44:01.0039 2624 sffp_mmc - ok
14:44:01.0055 2624 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:44:01.0086 2624 sffp_sd - ok
14:44:01.0102 2624 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:44:01.0164 2624 sfloppy - ok
14:44:01.0226 2624 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:44:01.0289 2624 SharedAccess - ok
14:44:01.0320 2624 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:44:01.0351 2624 ShellHWDetection - ok
14:44:01.0382 2624 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:44:01.0414 2624 sisagp - ok
14:44:01.0429 2624 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:44:01.0460 2624 SiSRaid2 - ok
14:44:01.0492 2624 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:44:01.0523 2624 SiSRaid4 - ok
14:44:01.0648 2624 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:44:01.0757 2624 slsvc - ok
14:44:01.0804 2624 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:44:01.0835 2624 SLUINotify - ok
14:44:01.0882 2624 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:44:01.0897 2624 Smb - ok
14:44:01.0928 2624 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:44:01.0960 2624 SNMPTRAP - ok
14:44:01.0991 2624 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:44:02.0038 2624 spldr - ok
14:44:02.0053 2624 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:44:02.0100 2624 Spooler - ok
14:44:02.0147 2624 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:44:02.0194 2624 srv - ok
14:44:02.0225 2624 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:44:02.0272 2624 srv2 - ok
14:44:02.0287 2624 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:44:02.0318 2624 srvnet - ok
14:44:02.0350 2624 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:44:02.0381 2624 SSDPSRV - ok
14:44:02.0412 2624 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:44:02.0428 2624 SstpSvc - ok
14:44:02.0474 2624 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:44:02.0552 2624 stisvc - ok
14:44:02.0599 2624 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:44:02.0615 2624 swenum - ok
14:44:02.0708 2624 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:44:02.0786 2624 swprv - ok
14:44:02.0833 2624 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:44:02.0849 2624 Symc8xx - ok
14:44:02.0864 2624 SymIM - ok
14:44:02.0864 2624 SymIMMP - ok
14:44:02.0896 2624 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:44:02.0927 2624 Sym_hi - ok
14:44:02.0942 2624 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:44:02.0974 2624 Sym_u3 - ok
14:44:03.0020 2624 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:44:03.0114 2624 SysMain - ok
14:44:03.0145 2624 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:44:03.0176 2624 TabletInputService - ok
14:44:03.0223 2624 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:44:03.0286 2624 TapiSrv - ok
14:44:03.0301 2624 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:44:03.0364 2624 TBS - ok
14:44:03.0520 2624 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:44:03.0598 2624 Tcpip - ok
14:44:03.0629 2624 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:44:03.0691 2624 Tcpip6 - ok
14:44:03.0769 2624 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:44:03.0816 2624 tcpipreg - ok
14:44:03.0847 2624 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:44:03.0894 2624 TDPIPE - ok
14:44:03.0925 2624 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:44:03.0972 2624 TDTCP - ok
14:44:03.0988 2624 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:44:04.0019 2624 tdx - ok
14:44:04.0034 2624 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:44:04.0050 2624 TermDD - ok
14:44:04.0159 2624 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:44:04.0190 2624 TermService - ok
14:44:04.0206 2624 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:44:04.0237 2624 Themes - ok
14:44:04.0253 2624 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:44:04.0284 2624 THREADORDER - ok
14:44:04.0331 2624 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:44:04.0378 2624 TrkWks - ok
14:44:04.0424 2624 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:44:04.0456 2624 TrustedInstaller - ok
14:44:04.0487 2624 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:04.0534 2624 tssecsrv - ok
14:44:04.0565 2624 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:44:04.0596 2624 tunmp - ok
14:44:04.0627 2624 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:44:04.0674 2624 tunnel - ok
14:44:04.0690 2624 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:44:04.0705 2624 uagp35 - ok
14:44:04.0752 2624 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:44:04.0783 2624 udfs - ok
14:44:04.0846 2624 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:44:04.0908 2624 UI0Detect - ok
14:44:04.0955 2624 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:44:04.0986 2624 uliagpkx - ok
14:44:05.0002 2624 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:44:05.0033 2624 uliahci - ok
14:44:05.0048 2624 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:44:05.0080 2624 UlSata - ok
14:44:05.0095 2624 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:44:05.0126 2624 ulsata2 - ok
14:44:05.0142 2624 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:44:05.0189 2624 umbus - ok
14:44:05.0236 2624 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:44:05.0282 2624 upnphost - ok
14:44:05.0314 2624 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:05.0454 2624 usbccgp - ok
14:44:05.0470 2624 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:44:05.0563 2624 usbcir - ok
14:44:05.0610 2624 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:44:05.0641 2624 usbehci - ok
14:44:05.0672 2624 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:44:05.0719 2624 usbhub - ok
14:44:05.0797 2624 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:44:05.0860 2624 usbohci - ok
14:44:05.0891 2624 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:44:05.0938 2624 usbprint - ok
14:44:05.0969 2624 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:44:06.0016 2624 usbscan - ok
14:44:06.0047 2624 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:06.0094 2624 USBSTOR - ok
14:44:06.0140 2624 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:06.0187 2624 usbuhci - ok
14:44:06.0218 2624 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:44:06.0265 2624 UxSms - ok
14:44:06.0328 2624 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:44:06.0406 2624 vds - ok
14:44:06.0452 2624 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:06.0546 2624 vga - ok
14:44:06.0577 2624 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:44:06.0655 2624 VgaSave - ok
14:44:06.0702 2624 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:44:06.0749 2624 viaagp - ok
14:44:06.0796 2624 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:44:06.0858 2624 ViaC7 - ok
14:44:06.0874 2624 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:44:06.0905 2624 viaide - ok
14:44:06.0920 2624 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:44:06.0952 2624 volmgr - ok
14:44:06.0983 2624 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:44:07.0014 2624 volmgrx - ok
14:44:07.0045 2624 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:44:07.0076 2624 volsnap - ok
14:44:07.0123 2624 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:44:07.0186 2624 vsmraid - ok
14:44:07.0232 2624 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:44:07.0310 2624 VSS - ok
14:44:07.0342 2624 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:44:07.0388 2624 W32Time - ok
14:44:07.0404 2624 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:44:07.0498 2624 WacomPen - ok
14:44:07.0513 2624 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:44:07.0576 2624 Wanarp - ok
14:44:07.0576 2624 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:44:07.0622 2624 Wanarpv6 - ok
14:44:07.0685 2624 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:44:07.0747 2624 wcncsvc - ok
14:44:07.0825 2624 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:44:07.0888 2624 WcsPlugInService - ok
14:44:07.0903 2624 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:44:07.0934 2624 Wd - ok
14:44:07.0966 2624 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:44:08.0012 2624 Wdf01000 - ok
14:44:08.0028 2624 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:44:08.0075 2624 WdiServiceHost - ok
14:44:08.0075 2624 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:44:08.0122 2624 WdiSystemHost - ok
14:44:08.0137 2624 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:44:08.0168 2624 WebClient - ok
14:44:08.0200 2624 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:44:08.0231 2624 Wecsvc - ok
14:44:08.0246 2624 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:44:08.0278 2624 wercplsupport - ok
14:44:08.0293 2624 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:44:08.0340 2624 WerSvc - ok
14:44:08.0371 2624 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:44:08.0402 2624 winachsf - ok
14:44:08.0465 2624 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:44:08.0496 2624 WinDefend - ok
14:44:08.0512 2624 WinHttpAutoProxySvc - ok
14:44:08.0730 2624 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:44:08.0761 2624 Winmgmt - ok
14:44:08.0886 2624 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:44:08.0980 2624 WinRM - ok
14:44:09.0058 2624 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:44:09.0120 2624 Wlansvc - ok
14:44:09.0151 2624 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:44:09.0214 2624 WmiAcpi - ok
14:44:09.0276 2624 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:44:09.0338 2624 wmiApSrv - ok
14:44:09.0463 2624 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:44:09.0588 2624 WMPNetworkSvc - ok
14:44:09.0666 2624 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:44:09.0728 2624 WPCSvc - ok
14:44:09.0760 2624 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:44:09.0806 2624 WPDBusEnum - ok
14:44:09.0962 2624 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:44:10.0025 2624 WPFFontCache_v0400 - ok
14:44:10.0056 2624 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:44:10.0103 2624 ws2ifsl - ok
14:44:10.0134 2624 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
14:44:10.0181 2624 wscsvc - ok
14:44:10.0181 2624 WSearch - ok
14:44:10.0259 2624 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:44:10.0321 2624 wuauserv - ok
14:44:10.0368 2624 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:10.0399 2624 WUDFRd - ok
14:44:10.0415 2624 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:44:10.0462 2624 wudfsvc - ok
14:44:10.0493 2624 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
14:44:10.0508 2624 XAudio - ok
14:44:10.0540 2624 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
14:44:10.0586 2624 XAudioService - ok
14:44:10.0696 2624 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:44:10.0727 2624 YahooAUService - ok
14:44:10.0742 2624 ================ Scan global ===============================
14:44:10.0758 2624 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:44:10.0805 2624 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:44:10.0820 2624 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:44:10.0898 2624 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:44:10.0898 2624 [Global] - ok
14:44:10.0914 2624 ================ Scan MBR ==================================
14:44:10.0930 2624 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
14:44:12.0022 2624 \Device\Harddisk0\DR0 - ok
14:44:12.0022 2624 ================ Scan VBR ==================================
14:44:12.0037 2624 [ 34334591CBB1762E0238FC8B94B2C7FC ] \Device\Harddisk0\DR0\Partition1
14:44:12.0037 2624 \Device\Harddisk0\DR0\Partition1 - ok
14:44:12.0068 2624 [ C0410E2A4DE372BE7086ACEE51705053 ] \Device\Harddisk0\DR0\Partition2
14:44:12.0068 2624 \Device\Harddisk0\DR0\Partition2 - ok
14:44:12.0068 2624 ================ Scan active images ========================
14:44:12.0084 2624 [ 36975327EF03949CC378AB01E316B574 ] C:\WINDOWS\System32\drivers\crashdmp.sys
14:44:12.0100 2624 C:\WINDOWS\System32\drivers\crashdmp.sys - ok
14:44:12.0115 2624 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] C:\WINDOWS\System32\drivers\atapi.sys
14:44:12.0115 2624 C:\WINDOWS\System32\drivers\atapi.sys - ok
14:44:12.0115 2624 [ C67EBF9C05531C406E1E079FF669A2E6 ] C:\WINDOWS\System32\drivers\Dumpata.sys
14:44:12.0115 2624 C:\WINDOWS\System32\drivers\Dumpata.sys - ok
14:44:12.0131 2624 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\WINDOWS\System32\drivers\tunnel.sys
14:44:12.0131 2624 C:\WINDOWS\System32\drivers\tunnel.sys - ok
14:44:12.0146 2624 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\WINDOWS\System32\drivers\TUNMP.SYS
14:44:12.0146 2624 C:\WINDOWS\System32\drivers\TUNMP.SYS - ok
14:44:12.0146 2624 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\WINDOWS\System32\drivers\i8042prt.sys
14:44:12.0146 2624 C:\WINDOWS\System32\drivers\i8042prt.sys - ok
14:44:12.0162 2624 [ 224191001E78C89DFA78924C3EA595FF ] C:\WINDOWS\System32\drivers\intelppm.sys
14:44:12.0162 2624 C:\WINDOWS\System32\drivers\intelppm.sys - ok
14:44:12.0178 2624 [ 5BF6A1326A335C5298477754A506D263 ] C:\WINDOWS\System32\drivers\mouclass.sys
14:44:12.0178 2624 C:\WINDOWS\System32\drivers\mouclass.sys - ok
14:44:12.0178 2624 [ CE697FEE0D479290D89BEC80DFE793B7 ] C:\WINDOWS\System32\drivers\usbohci.sys
14:44:12.0178 2624 C:\WINDOWS\System32\drivers\usbohci.sys - ok
14:44:12.0193 2624 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\WINDOWS\System32\drivers\usbport.sys
14:44:12.0193 2624 C:\WINDOWS\System32\drivers\usbport.sys - ok
14:44:12.0193 2624 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\WINDOWS\System32\drivers\usbehci.sys
14:44:12.0193 2624 C:\WINDOWS\System32\drivers\usbehci.sys - ok
14:44:12.0209 2624 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\WINDOWS\System32\drivers\hdaudbus.sys
14:44:12.0209 2624 C:\WINDOWS\System32\drivers\hdaudbus.sys - ok
14:44:12.0224 2624 [ FE440536BD98AF772130DC3A6FE1915F ] C:\WINDOWS\System32\drivers\HSXHWBS2.sys
14:44:12.0224 2624 C:\WINDOWS\System32\drivers\HSXHWBS2.sys - ok
14:44:12.0224 2624 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\WINDOWS\System32\drivers\ks.sys
14:44:12.0224 2624 C:\WINDOWS\System32\drivers\ks.sys - ok
14:44:12.0240 2624 [ 88749FBF8BEB18C90E7D6626C8C1910B ] C:\WINDOWS\System32\drivers\HSX_DP.sys
14:44:12.0240 2624 C:\WINDOWS\System32\drivers\HSX_DP.sys - ok
14:44:12.0256 2624 [ 72CC6A8CA7891031D6380DB5025C773C ] C:\WINDOWS\System32\drivers\HSX_CNXT.sys
14:44:12.0256 2624 C:\WINDOWS\System32\drivers\HSX_CNXT.sys - ok
14:44:12.0256 2624 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\WINDOWS\System32\drivers\modem.sys
14:44:12.0256 2624 C:\WINDOWS\System32\drivers\modem.sys - ok
14:44:12.0271 2624 [ 0349BE02F329F4F48F1D48097FD65974 ] C:\WINDOWS\System32\drivers\1394bus.sys
14:44:12.0271 2624 C:\WINDOWS\System32\drivers\1394bus.sys - ok
14:44:12.0271 2624 [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\WINDOWS\System32\drivers\ohci1394.sys
14:44:12.0271 2624 C:\WINDOWS\System32\drivers\ohci1394.sys - ok
14:44:12.0287 2624 [ 6B4BFFB9BECD728097024276430DB314 ] C:\WINDOWS\System32\drivers\cdrom.sys
14:44:12.0287 2624 C:\WINDOWS\System32\drivers\cdrom.sys - ok
14:44:12.0287 2624 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] C:\WINDOWS\System32\drivers\nvmfdx32.sys
14:44:12.0287 2624 C:\WINDOWS\System32\drivers\nvmfdx32.sys - ok
14:44:12.0302 2624 [ FBBA09782F2FAC5A57619DF378BA9372 ] C:\WINDOWS\System32\drivers\nvlddmkm.sys
14:44:12.0302 2624 C:\WINDOWS\System32\drivers\nvlddmkm.sys - ok
14:44:12.0302 2624 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\WINDOWS\System32\drivers\dxgkrnl.sys
14:44:12.0302 2624 C:\WINDOWS\System32\drivers\dxgkrnl.sys - ok
14:44:12.0318 2624 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\WINDOWS\System32\drivers\watchdog.sys
14:44:12.0318 2624 C:\WINDOWS\System32\drivers\watchdog.sys - ok
14:44:12.0318 2624 [ 2E7255D172DF0B8283CDFB7B433B864E ] C:\WINDOWS\System32\drivers\wmiacpi.sys
14:44:12.0318 2624 C:\WINDOWS\System32\drivers\wmiacpi.sys - ok
14:44:12.0334 2624 [ 232FA340531D940AAC623B121A595034 ] C:\WINDOWS\System32\drivers\msiscsi.sys
14:44:12.0334 2624 C:\WINDOWS\System32\drivers\msiscsi.sys - ok
14:44:12.0334 2624 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\WINDOWS\System32\drivers\Storport.sys
14:44:12.0334 2624 C:\WINDOWS\System32\drivers\Storport.sys - ok
14:44:12.0349 2624 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\WINDOWS\System32\drivers\tdi.sys
14:44:12.0349 2624 C:\WINDOWS\System32\drivers\tdi.sys - ok
14:44:12.0349 2624 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\WINDOWS\System32\drivers\rasl2tp.sys
14:44:12.0349 2624 C:\WINDOWS\System32\drivers\rasl2tp.sys - ok
14:44:12.0365 2624 [ 0E186E90404980569FB449BA7519AE61 ] C:\WINDOWS\System32\drivers\ndistapi.sys
14:44:12.0365 2624 C:\WINDOWS\System32\drivers\ndistapi.sys - ok
14:44:12.0365 2624 [ 818F648618AE34F729FDB47EC68345C3 ] C:\WINDOWS\System32\drivers\ndiswan.sys
14:44:12.0365 2624 C:\WINDOWS\System32\drivers\ndiswan.sys - ok
14:44:12.0380 2624 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\WINDOWS\System32\drivers\raspppoe.sys
14:44:12.0380 2624 C:\WINDOWS\System32\drivers\raspppoe.sys - ok
14:44:12.0380 2624 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\WINDOWS\System32\drivers\raspptp.sys
14:44:12.0380 2624 C:\WINDOWS\System32\drivers\raspptp.sys - ok
14:44:12.0396 2624 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\WINDOWS\System32\drivers\rassstp.sys
14:44:12.0396 2624 C:\WINDOWS\System32\drivers\rassstp.sys - ok
14:44:12.0412 2624 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\WINDOWS\System32\drivers\termdd.sys
14:44:12.0412 2624 C:\WINDOWS\System32\drivers\termdd.sys - ok
14:44:12.0412 2624 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\WINDOWS\System32\drivers\kbdclass.sys
14:44:12.0412 2624 C:\WINDOWS\System32\drivers\kbdclass.sys - ok
14:44:12.0427 2624 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\WINDOWS\System32\drivers\swenum.sys
14:44:12.0427 2624 C:\WINDOWS\System32\drivers\swenum.sys - ok
14:44:12.0427 2624 [ E384487CB84BE41D09711C30CA79646C ] C:\WINDOWS\System32\drivers\mssmbios.sys
14:44:12.0427 2624 C:\WINDOWS\System32\drivers\mssmbios.sys - ok
14:44:12.0443 2624 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\WINDOWS\System32\drivers\umbus.sys
14:44:12.0443 2624 C:\WINDOWS\System32\drivers\umbus.sys - ok
14:44:12.0443 2624 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\WINDOWS\System32\drivers\usbhub.sys
14:44:12.0443 2624 C:\WINDOWS\System32\drivers\usbhub.sys - ok
14:44:12.0458 2624 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\WINDOWS\System32\drivers\ndproxy.sys
14:44:12.0458 2624 C:\WINDOWS\System32\drivers\ndproxy.sys - ok
14:44:12.0458 2624 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\WINDOWS\System32\drivers\drmk.sys
14:44:12.0458 2624 C:\WINDOWS\System32\drivers\drmk.sys - ok
14:44:12.0474 2624 [ 218286724EC530FF252648369E05B090 ] C:\WINDOWS\System32\drivers\portcls.sys
14:44:12.0474 2624 C:\WINDOWS\System32\drivers\portcls.sys - ok
14:44:12.0474 2624 [ 84ED2154239F9D013BBD3220755ADA8B ] C:\WINDOWS\System32\drivers\RTKVHDA.sys
14:44:12.0474 2624 C:\WINDOWS\System32\drivers\RTKVHDA.sys - ok
14:44:12.0490 2624 [ 3AF684252780CF87DC2809F85B8F7591 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
14:44:12.0490 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys - ok
14:44:12.0490 2624 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\WINDOWS\System32\drivers\beep.sys
14:44:12.0505 2624 C:\WINDOWS\System32\drivers\beep.sys - ok
14:44:12.0505 2624 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\WINDOWS\System32\drivers\fs_rec.sys
14:44:12.0505 2624 C:\WINDOWS\System32\drivers\fs_rec.sys - ok
14:44:12.0521 2624 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\WINDOWS\System32\drivers\null.sys
14:44:12.0521 2624 C:\WINDOWS\System32\drivers\null.sys - ok
14:44:12.0521 2624 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\WINDOWS\System32\drivers\hidparse.sys
14:44:12.0521 2624 C:\WINDOWS\System32\drivers\hidparse.sys - ok
14:44:12.0536 2624 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\WINDOWS\System32\drivers\kbdhid.sys
14:44:12.0536 2624 C:\WINDOWS\System32\drivers\kbdhid.sys - ok
14:44:12.0536 2624 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\WINDOWS\System32\drivers\videoprt.sys
14:44:12.0536 2624 C:\WINDOWS\System32\drivers\videoprt.sys - ok
14:44:12.0552 2624 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\WINDOWS\System32\drivers\vga.sys
14:44:12.0552 2624 C:\WINDOWS\System32\drivers\vga.sys - ok
14:44:12.0552 2624 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\WINDOWS\System32\drivers\RDPCDD.sys
14:44:12.0552 2624 C:\WINDOWS\System32\drivers\RDPCDD.sys - ok
14:44:12.0568 2624 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\WINDOWS\System32\drivers\msfs.sys
14:44:12.0568 2624 C:\WINDOWS\System32\drivers\msfs.sys - ok
14:44:12.0568 2624 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\WINDOWS\System32\drivers\RDPENCDD.sys
14:44:12.0568 2624 C:\WINDOWS\System32\drivers\RDPENCDD.sys - ok
14:44:12.0583 2624 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\WINDOWS\System32\drivers\npfs.sys
14:44:12.0583 2624 C:\WINDOWS\System32\drivers\npfs.sys - ok
14:44:12.0583 2624 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\WINDOWS\System32\drivers\rasacd.sys
14:44:12.0583 2624 C:\WINDOWS\System32\drivers\rasacd.sys - ok
14:44:12.0599 2624 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\WINDOWS\System32\drivers\smb.sys
14:44:12.0599 2624 C:\WINDOWS\System32\drivers\smb.sys - ok
14:44:12.0599 2624 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\WINDOWS\System32\drivers\tdx.sys
14:44:12.0599 2624 C:\WINDOWS\System32\drivers\tdx.sys - ok
14:44:12.0599 2624 [ 3911B972B55FEA0478476B2E777B29FA ] C:\WINDOWS\System32\drivers\afd.sys
14:44:12.0599 2624 C:\WINDOWS\System32\drivers\afd.sys - ok
14:44:12.0614 2624 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\WINDOWS\System32\drivers\netbt.sys
14:44:12.0614 2624 C:\WINDOWS\System32\drivers\netbt.sys - ok
14:44:12.0630 2624 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\WINDOWS\System32\drivers\pacer.sys
14:44:12.0630 2624 C:\WINDOWS\System32\drivers\pacer.sys - ok
14:44:12.0630 2624 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\WINDOWS\System32\drivers\netbios.sys
14:44:12.0630 2624 C:\WINDOWS\System32\drivers\netbios.sys - ok
14:44:12.0646 2624 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\WINDOWS\System32\drivers\wanarp.sys
14:44:12.0646 2624 C:\WINDOWS\System32\drivers\wanarp.sys - ok
14:44:12.0646 2624 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\WINDOWS\System32\drivers\rdbss.sys
14:44:12.0646 2624 C:\WINDOWS\System32\drivers\rdbss.sys - ok
14:44:12.0661 2624 [ E59302E32009F38A24AB573B039D8F21 ] C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:44:12.0661 2624 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys - ok
14:44:12.0661 2624 [ 0DE51300C256DE1206EE892521764C76 ] C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:44:12.0661 2624 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys - ok
14:44:12.0677 2624 [ 609773E344A97410CE4EBF74A8914FCF ] C:\WINDOWS\System32\drivers\nsiproxy.sys
14:44:12.0677 2624 C:\WINDOWS\System32\drivers\nsiproxy.sys - ok
14:44:12.0677 2624 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\WINDOWS\System32\drivers\dfsc.sys
14:44:12.0677 2624 C:\WINDOWS\System32\drivers\dfsc.sys - ok
14:44:12.0692 2624 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\WINDOWS\System32\drivers\usbccgp.sys
14:44:12.0692 2624 C:\WINDOWS\System32\drivers\usbccgp.sys - ok
14:44:12.0692 2624 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\WINDOWS\System32\drivers\usbd.sys
14:44:12.0692 2624 C:\WINDOWS\System32\drivers\usbd.sys - ok
14:44:12.0708 2624 [ 5961CADB7CAD938368D2028725EF771D ] C:\WINDOWS\System32\drivers\hidclass.sys
14:44:12.0708 2624 C:\WINDOWS\System32\drivers\hidclass.sys - ok
14:44:12.0708 2624 [ CCA4B519B17E23A00B826C55716809CC ] C:\WINDOWS\System32\drivers\hidusb.sys
14:44:12.0708 2624 C:\WINDOWS\System32\drivers\hidusb.sys - ok
14:44:12.0724 2624 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\WINDOWS\System32\ntdll.dll
14:44:12.0724 2624 C:\WINDOWS\System32\ntdll.dll - ok
14:44:12.0724 2624 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\WINDOWS\System32\smss.exe
14:44:12.0724 2624 C:\WINDOWS\System32\smss.exe - ok
14:44:12.0739 2624 [ 10761177A6EBE45843F443E99509F5E7 ] C:\WINDOWS\System32\autochk.exe
14:44:12.0739 2624 C:\WINDOWS\System32\autochk.exe - ok
14:44:12.0739 2624 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\WINDOWS\System32\drivers\USBSTOR.SYS
14:44:12.0739 2624 C:\WINDOWS\System32\drivers\USBSTOR.SYS - ok
14:44:12.0755 2624 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\WINDOWS\System32\usp10.dll
14:44:12.0755 2624 C:\WINDOWS\System32\usp10.dll - ok
14:44:12.0755 2624 [ FC4EE980C3BD87D35816EC55007E00B5 ] C:\WINDOWS\System32\urlmon.dll
14:44:12.0755 2624 C:\WINDOWS\System32\urlmon.dll - ok
14:44:12.0770 2624 [ 50CAA7072C171B9887215C83D52069E4 ] C:\WINDOWS\System32\advapi32.dll
14:44:12.0770 2624 C:\WINDOWS\System32\advapi32.dll - ok
14:44:12.0770 2624 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\WINDOWS\System32\shlwapi.dll
14:44:12.0770 2624 C:\WINDOWS\System32\shlwapi.dll - ok
14:44:12.0786 2624 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\WINDOWS\System32\msctf.dll
14:44:12.0786 2624 C:\WINDOWS\System32\msctf.dll - ok
14:44:12.0786 2624 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\WINDOWS\System32\Wldap32.dll
14:44:12.0786 2624 C:\WINDOWS\System32\Wldap32.dll - ok
14:44:12.0802 2624 [ 9CB0D2A9A77D91D9614355EE9FF00519 ] C:\WINDOWS\System32\wininet.dll
14:44:12.0802 2624 C:\WINDOWS\System32\wininet.dll - ok
14:44:12.0802 2624 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\WINDOWS\System32\rpcrt4.dll
14:44:12.0802 2624 C:\WINDOWS\System32\rpcrt4.dll - ok
14:44:12.0817 2624 [ 3178C47DB9F1615E5334029607BD3459 ] C:\WINDOWS\System32\iertutil.dll
14:44:12.0817 2624 C:\WINDOWS\System32\iertutil.dll - ok
14:44:12.0817 2624 [ 7856E3B4594714EF89BB97375E8644EE ] C:\WINDOWS\System32\gdi32.dll
14:44:12.0817 2624 C:\WINDOWS\System32\gdi32.dll - ok
14:44:12.0833 2624 [ 574B473FACAA0E91702B86578440B525 ] C:\WINDOWS\System32\kernel32.dll
14:44:12.0833 2624 C:\WINDOWS\System32\kernel32.dll - ok
14:44:12.0833 2624 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\WINDOWS\System32\lpk.dll
14:44:12.0848 2624 C:\WINDOWS\System32\lpk.dll - ok
14:44:12.0848 2624 [ 75510147B94598407666F4802797C75A ] C:\WINDOWS\System32\user32.dll
14:44:12.0848 2624 C:\WINDOWS\System32\user32.dll - ok
14:44:12.0848 2624 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\WINDOWS\System32\ws2_32.dll
14:44:12.0848 2624 C:\WINDOWS\System32\ws2_32.dll - ok
14:44:12.0864 2624 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\WINDOWS\System32\nsi.dll
14:44:12.0864 2624 C:\WINDOWS\System32\nsi.dll - ok
14:44:12.0864 2624 [ 9586E7CB2255A8B097A7E4538202585E ] C:\WINDOWS\System32\ole32.dll
14:44:12.0864 2624 C:\WINDOWS\System32\ole32.dll - ok
14:44:12.0880 2624 [ C394079EB162E812D682C73FA96AF6E4 ] C:\WINDOWS\System32\clbcatq.dll
14:44:12.0880 2624 C:\WINDOWS\System32\clbcatq.dll - ok
14:44:12.0880 2624 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\WINDOWS\System32\oleaut32.dll
14:44:12.0880 2624 C:\WINDOWS\System32\oleaut32.dll - ok
14:44:12.0895 2624 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\WINDOWS\System32\imagehlp.dll
14:44:12.0895 2624 C:\WINDOWS\System32\imagehlp.dll - ok
14:44:12.0895 2624 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\WINDOWS\System32\comdlg32.dll
14:44:12.0895 2624 C:\WINDOWS\System32\comdlg32.dll - ok
14:44:12.0911 2624 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\WINDOWS\System32\imm32.dll
14:44:12.0911 2624 C:\WINDOWS\System32\imm32.dll - ok
14:44:12.0911 2624 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\WINDOWS\System32\setupapi.dll
14:44:12.0911 2624 C:\WINDOWS\System32\setupapi.dll - ok
14:44:12.0926 2624 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\WINDOWS\System32\shell32.dll
14:44:12.0926 2624 C:\WINDOWS\System32\shell32.dll - ok
14:44:12.0926 2624 [ 17AF64D727545F2804F6E6D998327E3F ] C:\WINDOWS\System32\msvcrt.dll
14:44:12.0926 2624 C:\WINDOWS\System32\msvcrt.dll - ok
14:44:12.0942 2624 [ 6F29236AB5926100972924BD29D9D225 ] C:\WINDOWS\System32\normaliz.dll
14:44:12.0942 2624 C:\WINDOWS\System32\normaliz.dll - ok
14:44:12.0942 2624 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\WINDOWS\System32\comctl32.dll
14:44:12.0942 2624 C:\WINDOWS\System32\comctl32.dll - ok
14:44:12.0958 2624 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\WINDOWS\System32\psapi.dll
14:44:12.0958 2624 C:\WINDOWS\System32\psapi.dll - ok
14:44:12.0958 2624 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\WINDOWS\System32\drivers\dxapi.sys
14:44:12.0958 2624 C:\WINDOWS\System32\drivers\dxapi.sys - ok
14:44:12.0973 2624 [ 8A9E46EB3A8C3AB5450B0661437BFA27 ] C:\WINDOWS\System32\win32k.sys
14:44:12.0973 2624 C:\WINDOWS\System32\win32k.sys - ok
14:44:12.0973 2624 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\WINDOWS\System32\csrsrv.dll
14:44:12.0973 2624 C:\WINDOWS\System32\csrsrv.dll - ok
14:44:12.0989 2624 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\WINDOWS\System32\csrss.exe
14:44:12.0989 2624 C:\WINDOWS\System32\csrss.exe - ok
14:44:12.0989 2624 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\WINDOWS\System32\basesrv.dll
14:44:12.0989 2624 C:\WINDOWS\System32\basesrv.dll - ok
14:44:13.0004 2624 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\WINDOWS\System32\winsrv.dll
14:44:13.0004 2624 C:\WINDOWS\System32\winsrv.dll - ok
14:44:13.0004 2624 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\WINDOWS\System32\drivers\monitor.sys
14:44:13.0004 2624 C:\WINDOWS\System32\drivers\monitor.sys - ok
14:44:13.0020 2624 [ CC21507D246861671A0BF97E75CE1B00 ] C:\WINDOWS\System32\tsddd.dll
14:44:13.0020 2624 C:\WINDOWS\System32\tsddd.dll - ok
14:44:13.0020 2624 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\WINDOWS\System32\secur32.dll
14:44:13.0020 2624 C:\WINDOWS\System32\secur32.dll - ok
14:44:13.0036 2624 [ 665417528489096BBCB8AEA46D3DA924 ] C:\WINDOWS\System32\userenv.dll
14:44:13.0036 2624 C:\WINDOWS\System32\userenv.dll - ok
14:44:13.0036 2624 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\WINDOWS\System32\wininit.exe
14:44:13.0036 2624 C:\WINDOWS\System32\wininit.exe - ok
14:44:13.0051 2624 [ 12C8D6C564702B0776512932290A3F6B ] C:\WINDOWS\System32\KBDUS.DLL
14:44:13.0051 2624 C:\WINDOWS\System32\KBDUS.DLL - ok
14:44:13.0051 2624 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\WINDOWS\System32\apphelp.dll
14:44:13.0051 2624 C:\WINDOWS\System32\apphelp.dll - ok
14:44:13.0067 2624 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\WINDOWS\System32\services.exe
14:44:13.0067 2624 C:\WINDOWS\System32\services.exe - ok
14:44:13.0067 2624 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\WINDOWS\System32\WlS0WndH.dll
14:44:13.0067 2624 C:\WINDOWS\System32\WlS0WndH.dll - ok
14:44:13.0082 2624 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\WINDOWS\System32\sxs.dll
14:44:13.0082 2624 C:\WINDOWS\System32\sxs.dll - ok
14:44:13.0082 2624 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\WINDOWS\System32\cdd.dll
14:44:13.0082 2624 C:\WINDOWS\System32\cdd.dll - ok
14:44:13.0098 2624 [ A3E186B4B935905B829219502557314E ] C:\WINDOWS\System32\lsass.exe
14:44:13.0098 2624 C:\WINDOWS\System32\lsass.exe - ok
14:44:13.0098 2624 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\WINDOWS\System32\lsm.exe
14:44:13.0098 2624 C:\WINDOWS\System32\lsm.exe - ok
14:44:13.0114 2624 [ D90911B3FA05D7B930C1286084B404DE ] C:\WINDOWS\System32\scesrv.dll
14:44:13.0114 2624 C:\WINDOWS\System32\scesrv.dll - ok
14:44:13.0114 2624 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\WINDOWS\System32\lsasrv.dll
14:44:13.0114 2624 C:\WINDOWS\System32\lsasrv.dll - ok
14:44:13.0129 2624 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\WINDOWS\System32\sysntfy.dll
14:44:13.0129 2624 C:\WINDOWS\System32\sysntfy.dll - ok
14:44:13.0129 2624 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\WINDOWS\System32\wmsgapi.dll
14:44:13.0129 2624 C:\WINDOWS\System32\wmsgapi.dll - ok
14:44:13.0145 2624 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\WINDOWS\System32\authz.dll
14:44:13.0145 2624 C:\WINDOWS\System32\authz.dll - ok
14:44:13.0145 2624 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\WINDOWS\System32\netapi32.dll
14:44:13.0145 2624 C:\WINDOWS\System32\netapi32.dll - ok
14:44:13.0160 2624 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\WINDOWS\System32\samsrv.dll
14:44:13.0160 2624 C:\WINDOWS\System32\samsrv.dll - ok
14:44:13.0160 2624 [ 459B48188494490707DCA8BAA91AA185 ] C:\WINDOWS\System32\cryptdll.dll
14:44:13.0160 2624 C:\WINDOWS\System32\cryptdll.dll - ok
14:44:13.0176 2624 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\WINDOWS\System32\dnsapi.dll
14:44:13.0176 2624 C:\WINDOWS\System32\dnsapi.dll - ok
14:44:13.0176 2624 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\WINDOWS\System32\ncobjapi.dll
14:44:13.0176 2624 C:\WINDOWS\System32\ncobjapi.dll - ok
14:44:13.0192 2624 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\WINDOWS\System32\crypt32.dll
14:44:13.0192 2624 C:\WINDOWS\System32\crypt32.dll - ok
14:44:13.0192 2624 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\WINDOWS\System32\feclient.dll
14:44:13.0192 2624 C:\WINDOWS\System32\feclient.dll - ok
14:44:13.0207 2624 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\WINDOWS\System32\mpr.dll
14:44:13.0207 2624 C:\WINDOWS\System32\mpr.dll - ok
14:44:13.0207 2624 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\WINDOWS\System32\msasn1.dll
14:44:13.0207 2624 C:\WINDOWS\System32\msasn1.dll - ok
14:44:13.0223 2624 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\WINDOWS\System32\ntdsapi.dll
14:44:13.0223 2624 C:\WINDOWS\System32\ntdsapi.dll - ok
14:44:13.0223 2624 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\WINDOWS\System32\samlib.dll
14:44:13.0223 2624 C:\WINDOWS\System32\samlib.dll - ok
14:44:13.0238 2624 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\WINDOWS\System32\aelupsvc.dll
14:44:13.0238 2624 C:\WINDOWS\System32\aelupsvc.dll - ok
14:44:13.0238 2624 [ A1545B731579895D8CC44FC0481C1192 ] C:\WINDOWS\System32\alg.exe
14:44:13.0238 2624 C:\WINDOWS\System32\alg.exe - ok
14:44:13.0254 2624 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\WINDOWS\System32\appinfo.dll
14:44:13.0254 2624 C:\WINDOWS\System32\appinfo.dll - ok
14:44:13.0254 2624 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\WINDOWS\System32\SLC.dll
14:44:13.0254 2624 C:\WINDOWS\System32\SLC.dll - ok
14:44:13.0270 2624 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\WINDOWS\System32\rascfg.dll
14:44:13.0270 2624 C:\WINDOWS\System32\rascfg.dll - ok
14:44:13.0270 2624 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\WINDOWS\System32\wevtapi.dll
14:44:13.0270 2624 C:\WINDOWS\System32\wevtapi.dll - ok
14:44:13.0285 2624 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\WINDOWS\System32\audiosrv.dll
14:44:13.0285 2624 C:\WINDOWS\System32\audiosrv.dll - ok
14:44:13.0285 2624 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\WINDOWS\System32\IPHLPAPI.DLL
14:44:13.0285 2624 C:\WINDOWS\System32\IPHLPAPI.DLL - ok
14:44:13.0301 2624 [ 9028559C132146FB75EB7ACF384B086A ] C:\WINDOWS\System32\dhcpcsvc.dll
14:44:13.0301 2624 C:\WINDOWS\System32\dhcpcsvc.dll - ok
14:44:13.0301 2624 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\WINDOWS\System32\winlogon.exe
14:44:13.0301 2624 C:\WINDOWS\System32\winlogon.exe - ok
14:44:13.0316 2624 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\WINDOWS\System32\dhcpcsvc6.dll
14:44:13.0316 2624 C:\WINDOWS\System32\dhcpcsvc6.dll - ok
14:44:13.0332 2624 [ 6B09105742C75DF80CEF21700F20F55A ] C:\WINDOWS\System32\winnsi.dll
14:44:13.0332 2624 C:\WINDOWS\System32\winnsi.dll - ok
14:44:13.0332 2624 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\WINDOWS\System32\winsta.dll
14:44:13.0332 2624 C:\WINDOWS\System32\winsta.dll - ok
14:44:13.0348 2624 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\WINDOWS\System32\BFE.DLL
14:44:13.0348 2624 C:\WINDOWS\System32\BFE.DLL - ok
14:44:13.0348 2624 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\WINDOWS\System32\cngaudit.dll
14:44:13.0348 2624 C:\WINDOWS\System32\cngaudit.dll - ok
14:44:13.0348 2624 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\WINDOWS\System32\ncrypt.dll
14:44:13.0363 2624 C:\WINDOWS\System32\ncrypt.dll - ok
14:44:13.0363 2624 [ 93952506C6D67330367F7E7934B6A02F ] C:\WINDOWS\System32\qmgr.dll
14:44:13.0363 2624 C:\WINDOWS\System32\qmgr.dll - ok
14:44:13.0379 2624 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\WINDOWS\System32\bcrypt.dll
14:44:13.0379 2624 C:\WINDOWS\System32\bcrypt.dll - ok
14:44:13.0379 2624 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\WINDOWS\System32\browser.dll
14:44:13.0379 2624 C:\WINDOWS\System32\browser.dll - ok
14:44:13.0394 2624 [ 4211249955AF9133E2E357CC92B54DFD ] C:\WINDOWS\System32\comres.dll
14:44:13.0394 2624 C:\WINDOWS\System32\comres.dll - ok
14:44:13.0394 2624 [ 26F139DDEC6407508071930D3D07337E ] C:\WINDOWS\System32\credssp.dll
14:44:13.0394 2624 C:\WINDOWS\System32\credssp.dll - ok
14:44:13.0394 2624 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\WINDOWS\System32\cryptsvc.dll
14:44:13.0394 2624 C:\WINDOWS\System32\cryptsvc.dll - ok
14:44:13.0410 2624 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\WINDOWS\System32\dfsrres.dll
14:44:13.0410 2624 C:\WINDOWS\System32\dfsrres.dll - ok
14:44:13.0410 2624 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\WINDOWS\System32\msprivs.dll
14:44:13.0410 2624 C:\WINDOWS\System32\msprivs.dll - ok
14:44:13.0426 2624 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\WINDOWS\System32\oleres.dll
14:44:13.0426 2624 C:\WINDOWS\System32\oleres.dll - ok
14:44:13.0426 2624 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\WINDOWS\System32\kerberos.dll
14:44:13.0426 2624 C:\WINDOWS\System32\kerberos.dll - ok
14:44:13.0441 2624 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\WINDOWS\System32\dot3svc.dll
14:44:13.0441 2624 C:\WINDOWS\System32\dot3svc.dll - ok
14:44:13.0441 2624 [ 22CFAEB9172F5F198048401485CD0571 ] C:\WINDOWS\System32\WSHTCPIP.DLL
14:44:13.0441 2624 C:\WINDOWS\System32\WSHTCPIP.DLL - ok
14:44:13.0457 2624 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\WINDOWS\System32\dps.dll
14:44:13.0457 2624 C:\WINDOWS\System32\dps.dll - ok
14:44:13.0457 2624 [ C0B95E40D85CD807D614E264248A45B9 ] C:\WINDOWS\System32\eapsvc.dll
14:44:13.0457 2624 C:\WINDOWS\System32\eapsvc.dll - ok
14:44:13.0472 2624 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\WINDOWS\System32\wship6.dll
14:44:13.0472 2624 C:\WINDOWS\System32\wship6.dll - ok
14:44:13.0472 2624 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\WINDOWS\System32\wshqos.dll
14:44:13.0472 2624 C:\WINDOWS\System32\wshqos.dll - ok
14:44:13.0488 2624 [ 9BE3744D295A7701EB425332014F0797 ] C:\WINDOWS\ehome\ehrecvr.exe
14:44:13.0488 2624 C:\WINDOWS\ehome\ehrecvr.exe - ok
14:44:13.0488 2624 [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\WINDOWS\ehome\ehsched.exe
14:44:13.0488 2624 C:\WINDOWS\ehome\ehsched.exe - ok
14:44:13.0504 2624 [ FC62A635063B762E1C3C60EA77279378 ] C:\WINDOWS\System32\NapiNSP.dll
14:44:13.0504 2624 C:\WINDOWS\System32\NapiNSP.dll - ok
14:44:13.0504 2624 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\WINDOWS\System32\nlasvc.dll
14:44:13.0504 2624 C:\WINDOWS\System32\nlasvc.dll - ok
14:44:13.0519 2624 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\WINDOWS\System32\pnrpnsp.dll
14:44:13.0519 2624 C:\WINDOWS\System32\pnrpnsp.dll - ok
14:44:13.0535 2624 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\WINDOWS\ehome\ehstart.dll
14:44:13.0535 2624 C:\WINDOWS\ehome\ehstart.dll - ok
14:44:13.0535 2624 [ 8617350C9B590B63E620881092751BCB ] C:\WINDOWS\System32\mswsock.dll
14:44:13.0535 2624 C:\WINDOWS\System32\mswsock.dll - ok
14:44:13.0550 2624 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\WINDOWS\System32\emdmgmt.dll
14:44:13.0550 2624 C:\WINDOWS\System32\emdmgmt.dll - ok
14:44:13.0550 2624 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\WINDOWS\System32\msv1_0.dll
14:44:13.0550 2624 C:\WINDOWS\System32\msv1_0.dll - ok
14:44:13.0566 2624 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\WINDOWS\System32\netlogon.dll
14:44:13.0566 2624 C:\WINDOWS\System32\netlogon.dll - ok
14:44:13.0566 2624 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\WINDOWS\System32\wevtsvc.dll
14:44:13.0566 2624 C:\WINDOWS\System32\wevtsvc.dll - ok
14:44:13.0582 2624 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\WINDOWS\System32\winbrand.dll
14:44:13.0582 2624 C:\WINDOWS\System32\winbrand.dll - ok
14:44:13.0582 2624 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\WINDOWS\System32\fdPHost.dll
14:44:13.0582 2624 C:\WINDOWS\System32\fdPHost.dll - ok
14:44:13.0597 2624 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\WINDOWS\System32\FDResPub.dll
14:44:13.0597 2624 C:\WINDOWS\System32\FDResPub.dll - ok
14:44:13.0597 2624 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\WINDOWS\System32\schannel.dll
14:44:13.0597 2624 C:\WINDOWS\System32\schannel.dll - ok
14:44:13.0613 2624 [ 8CE364388C8ECA59B14B539179276D44 ] C:\WINDOWS\System32\FntCache.dll
14:44:13.0613 2624 C:\WINDOWS\System32\FntCache.dll - ok
14:44:13.0613 2624 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\WINDOWS\System32\wdigest.dll
14:44:13.0613 2624 C:\WINDOWS\System32\wdigest.dll - ok
14:44:13.0628 2624 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\WINDOWS\System32\PresentationHost.exe
14:44:13.0628 2624 C:\WINDOWS\System32\PresentationHost.exe - ok
14:44:13.0628 2624 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\WINDOWS\System32\rsaenh.dll
14:44:13.0628 2624 C:\WINDOWS\System32\rsaenh.dll - ok
14:44:13.0644 2624 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\WINDOWS\System32\gpapi.dll
14:44:13.0644 2624 C:\WINDOWS\System32\gpapi.dll - ok
14:44:13.0644 2624 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\WINDOWS\System32\KMSVC.DLL
14:44:13.0644 2624 C:\WINDOWS\System32\KMSVC.DLL - ok
14:44:13.0660 2624 [ F8873D15018F411588BEC02C1725BADA ] C:\WINDOWS\System32\TSpkg.dll
14:44:13.0660 2624 C:\WINDOWS\System32\TSpkg.dll - ok
14:44:13.0660 2624 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
14:44:13.0660 2624 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
14:44:13.0675 2624 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\WINDOWS\System32\IKEEXT.DLL
14:44:13.0675 2624 C:\WINDOWS\System32\IKEEXT.DLL - ok
14:44:13.0675 2624 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\WINDOWS\System32\IPBusEnum.dll
14:44:13.0675 2624 C:\WINDOWS\System32\IPBusEnum.dll - ok
14:44:13.0691 2624 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\WINDOWS\System32\keyiso.dll
14:44:13.0691 2624 C:\WINDOWS\System32\keyiso.dll - ok
14:44:13.0706 2624 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\WINDOWS\System32\lltdres.dll
14:44:13.0706 2624 C:\WINDOWS\System32\lltdres.dll - ok
14:44:13.0706 2624 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\WINDOWS\System32\srvsvc.dll
14:44:13.0706 2624 C:\WINDOWS\System32\srvsvc.dll - ok
14:44:13.0722 2624 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\WINDOWS\System32\wkssvc.dll
14:44:13.0722 2624 C:\WINDOWS\System32\wkssvc.dll - ok
14:44:13.0722 2624 [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\WINDOWS\ehome\ehres.dll
14:44:13.0722 2624 C:\WINDOWS\ehome\ehres.dll - ok
14:44:13.0738 2624 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\WINDOWS\System32\lmhsvc.dll
14:44:13.0738 2624 C:\WINDOWS\System32\lmhsvc.dll - ok
14:44:13.0738 2624 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\WINDOWS\System32\FirewallAPI.dll
14:44:13.0738 2624 C:\WINDOWS\System32\FirewallAPI.dll - ok
14:44:13.0753 2624 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\WINDOWS\System32\mmcss.dll
14:44:13.0753 2624 C:\WINDOWS\System32\mmcss.dll - ok
14:44:13.0753 2624 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\WINDOWS\System32\msimsg.dll
14:44:13.0753 2624 C:\WINDOWS\System32\msimsg.dll - ok
14:44:13.0769 2624 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\WINDOWS\System32\QAGENTRT.DLL
14:44:13.0769 2624 C:\WINDOWS\System32\QAGENTRT.DLL - ok
14:44:13.0769 2624 [ C8052711DAECC48B982434C5116CA401 ] C:\WINDOWS\System32\netman.dll
14:44:13.0769 2624 C:\WINDOWS\System32\netman.dll - ok
14:44:13.0784 2624 [ 4EF5DF1B011B05737ECB8F0B7B171510 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
14:44:13.0784 2624 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll - ok
14:44:13.0784 2624 [ ED640F4CE585058119B824CC76591D9C ] C:\WINDOWS\System32\netprof.dll
14:44:13.0784 2624 C:\WINDOWS\System32\netprof.dll - ok
14:44:13.0800 2624 [ CA461A203EF40A98C1C23DE3CBEE68B2 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
14:44:13.0800 2624 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
14:44:13.0800 2624 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\WINDOWS\System32\nsisvc.dll
14:44:13.0800 2624 C:\WINDOWS\System32\nsisvc.dll - ok
14:44:13.0816 2624 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\WINDOWS\System32\p2psvc.dll
14:44:13.0816 2624 C:\WINDOWS\System32\p2psvc.dll - ok
14:44:13.0816 2624 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\WINDOWS\System32\pcasvc.dll
14:44:13.0816 2624 C:\WINDOWS\System32\pcasvc.dll - ok
14:44:13.0831 2624 [ B1689DF169143F57053F795390C99DB3 ] C:\WINDOWS\System32\pla.dll
14:44:13.0831 2624 C:\WINDOWS\System32\pla.dll - ok
14:44:13.0831 2624 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\WINDOWS\System32\umpnpmgr.dll
14:44:13.0831 2624 C:\WINDOWS\System32\umpnpmgr.dll - ok
14:44:13.0847 2624 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\WINDOWS\System32\polstore.dll
14:44:13.0847 2624 C:\WINDOWS\System32\polstore.dll - ok
14:44:13.0847 2624 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\WINDOWS\System32\profsvc.dll
14:44:13.0847 2624 C:\WINDOWS\System32\profsvc.dll - ok
14:44:13.0862 2624 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\WINDOWS\System32\psbase.dll
14:44:13.0862 2624 C:\WINDOWS\System32\psbase.dll - ok
14:44:13.0862 2624 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\WINDOWS\System32\qwave.dll
14:44:13.0862 2624 C:\WINDOWS\System32\qwave.dll - ok
14:44:13.0878 2624 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\WINDOWS\System32\drivers\qwavedrv.sys
14:44:13.0878 2624 C:\WINDOWS\System32\drivers\qwavedrv.sys - ok
14:44:13.0878 2624 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\WINDOWS\System32\rasauto.dll
14:44:13.0878 2624 C:\WINDOWS\System32\rasauto.dll - ok
14:44:13.0894 2624 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\WINDOWS\System32\rasmans.dll
14:44:13.0894 2624 C:\WINDOWS\System32\rasmans.dll - ok
14:44:13.0894 2624 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\WINDOWS\System32\mprdim.dll
14:44:13.0894 2624 C:\WINDOWS\System32\mprdim.dll - ok
14:44:13.0909 2624 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\WINDOWS\System32\sstpsvc.dll
14:44:13.0909 2624 C:\WINDOWS\System32\sstpsvc.dll - ok
14:44:13.0909 2624 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\WINDOWS\System32\Locator.exe
14:44:13.0909 2624 C:\WINDOWS\System32\Locator.exe - ok
14:44:13.0925 2624 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\WINDOWS\System32\schedsvc.dll
14:44:13.0925 2624 C:\WINDOWS\System32\schedsvc.dll - ok
14:44:13.0925 2624 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\WINDOWS\System32\sdrsvc.dll
14:44:13.0925 2624 C:\WINDOWS\System32\sdrsvc.dll - ok
14:44:13.0940 2624 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\WINDOWS\System32\seclogon.dll
14:44:13.0940 2624 C:\WINDOWS\System32\seclogon.dll - ok
14:44:13.0940 2624 [ A9BBAB5759771E523F55563D6CBE140F ] C:\WINDOWS\System32\Sens.dll
14:44:13.0940 2624 C:\WINDOWS\System32\Sens.dll - ok
14:44:13.0956 2624 [ D2193326F729B163125610DBF3E17D57 ] C:\WINDOWS\System32\SessEnv.dll
14:44:13.0956 2624 C:\WINDOWS\System32\SessEnv.dll - ok
14:44:13.0956 2624 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\WINDOWS\System32\ipnathlp.dll
14:44:13.0956 2624 C:\WINDOWS\System32\ipnathlp.dll - ok
14:44:13.0972 2624 [ C7230FBEE14437716701C15BE02C27B8 ] C:\WINDOWS\System32\shsvcs.dll
14:44:13.0972 2624 C:\WINDOWS\System32\shsvcs.dll - ok
14:44:13.0972 2624 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\WINDOWS\System32\SLsvc.exe
14:44:13.0972 2624 C:\WINDOWS\System32\SLsvc.exe - ok
14:44:13.0987 2624 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\WINDOWS\System32\SLUINotify.dll
14:44:13.0987 2624 C:\WINDOWS\System32\SLUINotify.dll - ok
14:44:13.0987 2624 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\WINDOWS\System32\tcpipcfg.dll
14:44:13.0987 2624 C:\WINDOWS\System32\tcpipcfg.dll - ok
14:44:14.0003 2624 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\WINDOWS\System32\spoolsv.exe
14:44:14.0003 2624 C:\WINDOWS\System32\spoolsv.exe - ok
14:44:14.0003 2624 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\WINDOWS\System32\ssdpsrv.dll
14:44:14.0003 2624 C:\WINDOWS\System32\ssdpsrv.dll - ok
14:44:14.0018 2624 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\WINDOWS\System32\swprv.dll
14:44:14.0018 2624 C:\WINDOWS\System32\swprv.dll - ok
14:44:14.0018 2624 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\WINDOWS\System32\sysmain.dll
14:44:14.0018 2624 C:\WINDOWS\System32\sysmain.dll - ok
14:44:14.0034 2624 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\WINDOWS\System32\tapisrv.dll
14:44:14.0034 2624 C:\WINDOWS\System32\tapisrv.dll - ok
14:44:14.0034 2624 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\WINDOWS\System32\termsrv.dll
14:44:14.0034 2624 C:\WINDOWS\System32\termsrv.dll - ok
14:44:14.0050 2624 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\WINDOWS\servicing\TrustedInstaller.exe
14:44:14.0050 2624 C:\WINDOWS\servicing\TrustedInstaller.exe - ok
14:44:14.0065 2624 [ ECEF404F62863755951E09C802C94AD5 ] C:\WINDOWS\System32\UI0Detect.exe
14:44:14.0065 2624 C:\WINDOWS\System32\UI0Detect.exe - ok
14:44:14.0065 2624 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\WINDOWS\System32\upnphost.dll
14:44:14.0065 2624 C:\WINDOWS\System32\upnphost.dll - ok
14:44:14.0081 2624 [ 01DD1004181FD46ECDC3628228EB269D ] C:\WINDOWS\System32\dwm.exe
14:44:14.0081 2624 C:\WINDOWS\System32\dwm.exe - ok
14:44:14.0081 2624 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\WINDOWS\System32\vds.exe
14:44:14.0081 2624 C:\WINDOWS\System32\vds.exe - ok
14:44:14.0096 2624 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\WINDOWS\System32\VSSVC.exe
14:44:14.0096 2624 C:\WINDOWS\System32\VSSVC.exe - ok
14:44:14.0096 2624 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\WINDOWS\System32\w32time.dll
14:44:14.0096 2624 C:\WINDOWS\System32\w32time.dll - ok
14:44:14.0112 2624 [ A3CD60FD826381B49F03832590E069AF ] C:\WINDOWS\System32\wcncsvc.dll
14:44:14.0112 2624 C:\WINDOWS\System32\wcncsvc.dll - ok
14:44:14.0112 2624 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\WINDOWS\System32\WcsPlugInService.dll
14:44:14.0112 2624 C:\WINDOWS\System32\WcsPlugInService.dll - ok
14:44:14.0128 2624 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\WINDOWS\System32\wdi.dll
14:44:14.0128 2624 C:\WINDOWS\System32\wdi.dll - ok
14:44:14.0128 2624 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\WINDOWS\System32\wecsvc.dll
14:44:14.0128 2624 C:\WINDOWS\System32\wecsvc.dll - ok
14:44:14.0143 2624 [ 670FF720071ED741206D69BD995EA453 ] C:\WINDOWS\System32\wercplsupport.dll
14:44:14.0143 2624 C:\WINDOWS\System32\wercplsupport.dll - ok
14:44:14.0143 2624 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\WINDOWS\System32\wersvc.dll
14:44:14.0143 2624 C:\WINDOWS\System32\wersvc.dll - ok
14:44:14.0159 2624 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll
14:44:14.0159 2624 C:\Program Files\Windows Defender\MsMpRes.dll - ok
14:44:14.0159 2624 [ C008405E4FEEB069E30DA1D823910234 ] C:\WINDOWS\System32\wlansvc.dll
14:44:14.0159 2624 C:\WINDOWS\System32\wlansvc.dll - ok
14:44:14.0174 2624 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\WINDOWS\System32\wbem\WmiApSrv.exe
14:44:14.0174 2624 C:\WINDOWS\System32\wbem\WmiApSrv.exe - ok
14:44:14.0174 2624 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
14:44:14.0174 2624 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
14:44:14.0190 2624 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\WINDOWS\System32\wpcsvc.dll
14:44:14.0190 2624 C:\WINDOWS\System32\wpcsvc.dll - ok
14:44:14.0190 2624 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:44:14.0190 2624 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
14:44:14.0190 2624 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\WINDOWS\System32\wpdbusenum.dll
14:44:14.0190 2624 C:\WINDOWS\System32\wpdbusenum.dll - ok
14:44:14.0206 2624 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\WINDOWS\System32\wscsvc.dll
14:44:14.0206 2624 C:\WINDOWS\System32\wscsvc.dll - ok
14:44:14.0206 2624 [ 8FC182167381E9915651267044105EE1 ] C:\WINDOWS\System32\scecli.dll
14:44:14.0206 2624 C:\WINDOWS\System32\scecli.dll - ok
14:44:14.0221 2624 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\WINDOWS\System32\ntmarta.dll
14:44:14.0221 2624 C:\WINDOWS\System32\ntmarta.dll - ok
14:44:14.0221 2624 [ 3794B461C45882E06856F282EEF025AF ] C:\WINDOWS\System32\svchost.exe
14:44:14.0221 2624 C:\WINDOWS\System32\svchost.exe - ok
14:44:14.0237 2624 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\WINDOWS\System32\powrprof.dll
14:44:14.0237 2624 C:\WINDOWS\System32\powrprof.dll - ok
14:44:14.0237 2624 [ 8F5C7426567798E62A3B3614965D62CC ] C:\WINDOWS\System32\drivers\luafv.sys
14:44:14.0237 2624 C:\WINDOWS\System32\drivers\luafv.sys - ok
14:44:14.0252 2624 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] C:\WINDOWS\System32\nvvsvc.exe
14:44:14.0252 2624 C:\WINDOWS\System32\nvvsvc.exe - ok
14:44:14.0252 2624 [ F42483814FC39170B3982A184EC5AAA2 ] C:\WINDOWS\System32\wtsapi32.dll
14:44:14.0252 2624 C:\WINDOWS\System32\wtsapi32.dll - ok
14:44:14.0268 2624 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
14:44:14.0268 2624 C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
14:44:14.0268 2624 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\WINDOWS\System32\rpcss.dll
14:44:14.0268 2624 C:\WINDOWS\System32\rpcss.dll - ok
14:44:14.0284 2624 [ 69827805A221C21450BA22F4326A2EE3 ] C:\WINDOWS\System32\version.dll
14:44:14.0284 2624 C:\WINDOWS\System32\version.dll - ok
14:44:14.0284 2624 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:44:14.0284 2624 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
14:44:14.0299 2624 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
14:44:14.0299 2624 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
14:44:14.0315 2624 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
14:44:14.0315 2624 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
14:44:14.0315 2624 [ 62D577288B48998FC6667BF22DC5B690 ] C:\WINDOWS\System32\LogonUI.exe
14:44:14.0315 2624 C:\WINDOWS\System32\LogonUI.exe - ok
14:44:14.0330 2624 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\WINDOWS\System32\wintrust.dll
14:44:14.0330 2624 C:\WINDOWS\System32\wintrust.dll - ok
14:44:14.0330 2624 [ 58C2521D87C494831A625202C80354AD ] C:\WINDOWS\System32\authui.dll
14:44:14.0330 2624 C:\WINDOWS\System32\authui.dll - ok
14:44:14.0346 2624 [ 4575AA12561C5648483403541D0D7F2B ] C:\Program Files\Windows Defender\MpSvc.dll
14:44:14.0346 2624 C:\Program Files\Windows Defender\MpSvc.dll - ok
14:44:14.0346 2624 [ 1BD363738B672A394EBE3B8A78EAB9D3 ] C:\Program Files\Windows Defender\MpClient.dll
14:44:14.0346 2624 C:\Program Files\Windows Defender\MpClient.dll - ok
14:44:14.0362 2624 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\WINDOWS\System32\msimg32.dll
14:44:14.0362 2624 C:\WINDOWS\System32\msimg32.dll - ok
14:44:14.0362 2624 [ 999D69DEB576C2C424294DF025891CC6 ] C:\WINDOWS\System32\uxtheme.dll
14:44:14.0362 2624 C:\WINDOWS\System32\uxtheme.dll - ok
14:44:14.0377 2624 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
14:44:14.0377 2624 C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
14:44:14.0377 2624 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\WINDOWS\System32\duser.dll
14:44:14.0377 2624 C:\WINDOWS\System32\duser.dll - ok
14:44:14.0393 2624 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\WINDOWS\System32\xmllite.dll
14:44:14.0393 2624 C:\WINDOWS\System32\xmllite.dll - ok
14:44:14.0393 2624 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\WINDOWS\System32\SmartcardCredentialProvider.dll
14:44:14.0393 2624 C:\WINDOWS\System32\SmartcardCredentialProvider.dll - ok
14:44:14.0408 2624 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\WINDOWS\System32\rasplap.dll
14:44:14.0408 2624 C:\WINDOWS\System32\rasplap.dll - ok
14:44:14.0408 2624 [ 3CB863B78642405371CB3A71C07E2382 ] C:\WINDOWS\System32\rasapi32.dll
14:44:14.0408 2624 C:\WINDOWS\System32\rasapi32.dll - ok
14:44:14.0424 2624 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\WINDOWS\System32\rasman.dll
14:44:14.0424 2624 C:\WINDOWS\System32\rasman.dll - ok
14:44:14.0424 2624 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\WINDOWS\System32\tapi32.dll
14:44:14.0424 2624 C:\WINDOWS\System32\tapi32.dll - ok
14:44:14.0440 2624 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\WINDOWS\System32\oleacc.dll
14:44:14.0440 2624 C:\WINDOWS\System32\oleacc.dll - ok
14:44:14.0440 2624 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\WINDOWS\System32\rtutils.dll
14:44:14.0440 2624 C:\WINDOWS\System32\rtutils.dll - ok
14:44:14.0440 2624 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\WINDOWS\System32\winmm.dll
14:44:14.0455 2624 C:\WINDOWS\System32\winmm.dll - ok
14:44:14.0455 2624 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\WINDOWS\System32\WinSCard.dll
14:44:14.0455 2624 C:\WINDOWS\System32\WinSCard.dll - ok
14:44:14.0455 2624 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
14:44:14.0455 2624 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
14:44:14.0471 2624 [ 4D7B30001787A7E36B899BE4693C8769 ] C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
14:44:14.0471 2624 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe - ok
14:44:14.0471 2624 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\WINDOWS\System32\shacct.dll
14:44:14.0471 2624 C:\WINDOWS\System32\shacct.dll - ok
14:44:14.0486 2624 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\WINDOWS\System32\shgina.dll
14:44:14.0486 2624 C:\WINDOWS\System32\shgina.dll - ok
14:44:14.0486 2624 [ DFCD80CA411BBFF7734F5EA6A5794C4A ] C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll
14:44:14.0486 2624 C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll - ok
14:44:14.0502 2624 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\WINDOWS\System32\propsys.dll
14:44:14.0502 2624 C:\WINDOWS\System32\propsys.dll - ok
14:44:14.0502 2624 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
14:44:14.0502 2624 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
14:44:14.0518 2624 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
14:44:14.0518 2624 C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll - ok
14:44:14.0518 2624 [ 00A0231FCA55C815853B957767E34B02 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
14:44:14.0518 2624 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
14:44:14.0533 2624 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\Program Files\Trusteer\Rapport\bin\msvcp80.dll
14:44:14.0533 2624 C:\Program Files\Trusteer\Rapport\bin\msvcp80.dll - ok
14:44:14.0533 2624 [ A9542FF2E9A82CF100E5729EC79068F0 ] C:\WINDOWS\System32\fltLib.dll
14:44:14.0533 2624 C:\WINDOWS\System32\fltLib.dll - ok
14:44:14.0549 2624 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] C:\WINDOWS\System32\drivers\MpFilter.sys
14:44:14.0549 2624 C:\WINDOWS\System32\drivers\MpFilter.sys - ok
14:44:14.0549 2624 [ 2EF4E53ACB0DF0B34091335BB26C2BC2 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
14:44:14.0549 2624 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
14:44:14.0564 2624 [ E582816A4855914DEFFC212E12B3B744 ] C:\WINDOWS\System32\wsock32.dll
14:44:14.0564 2624 C:\WINDOWS\System32\wsock32.dll - ok
14:44:14.0564 2624 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43099E4D-B766-4CB8-8086-757F242F8E70}\mpengine.dll
14:44:14.0564 2624 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43099E4D-B766-4CB8-8086-757F242F8E70}\mpengine.dll - ok
14:44:14.0580 2624 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\WINDOWS\System32\msi.dll
14:44:14.0580 2624 C:\WINDOWS\System32\msi.dll - ok
14:44:14.0580 2624 [ 244C631BE2F7F36EAD9DDAEED95AA298 ] C:\WINDOWS\System32\ntkrnlpa.exe
14:44:14.0580 2624 C:\WINDOWS\System32\ntkrnlpa.exe - ok
14:44:14.0596 2624 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
14:44:14.0596 2624 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
14:44:14.0596 2624 [ A99871BA522CB2539AE275AC18CACC8F ] C:\WINDOWS\System32\cabinet.dll
14:44:14.0596 2624 C:\WINDOWS\System32\cabinet.dll - ok
14:44:14.0611 2624 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\WINDOWS\System32\wscapi.dll
14:44:14.0611 2624 C:\WINDOWS\System32\wscapi.dll - ok
14:44:14.0611 2624 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\WINDOWS\System32\p2pcollab.dll
14:44:14.0611 2624 C:\WINDOWS\System32\p2pcollab.dll - ok
14:44:14.0627 2624 [ 135246465AA37A463FE594660E3E485A ] C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll.data
14:44:14.0627 2624 C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll.data - ok
14:44:14.0642 2624 [ 4C089FA7CE5FF366E32BE3B3AEA71ED1 ] C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
14:44:14.0642 2624 C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll - ok
14:44:14.0642 2624 [ 84EDBC10F7BFBFC70BCC57CE8583742B ] C:\Program Files\Trusteer\Rapport\bin\rookscom.dll.data
14:44:14.0642 2624 C:\Program Files\Trusteer\Rapport\bin\rookscom.dll.data - ok
14:44:14.0658 2624 [ D2385216776BD1BE4E635BF36D40870C ] C:\Program Files\Trusteer\Rapport\bin\rookscom.dll
14:44:14.0658 2624 C:\Program Files\Trusteer\Rapport\bin\rookscom.dll - ok
14:44:14.0658 2624 [ CAB0E89E61F34A76F4C506B465CAA8DF ] C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll.data
14:44:14.0658 2624 C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll.data - ok
14:44:14.0674 2624 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
14:44:14.0674 2624 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
14:44:14.0674 2624 [ EE185EFA3A499B11FDC07BD41A5A57F1 ] C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll
14:44:14.0674 2624 C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll - ok
14:44:14.0689 2624 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\WINDOWS\System32\slwga.dll
14:44:14.0689 2624 C:\WINDOWS\System32\slwga.dll - ok
14:44:14.0689 2624 [ 5DB99BBD7A50F2A45A5118D9532064C4 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
14:44:14.0689 2624 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll - ok
14:44:14.0705 2624 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll
14:44:14.0705 2624 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll - ok
14:44:14.0705 2624 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll
14:44:14.0705 2624 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll - ok
14:44:14.0720 2624 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll
14:44:14.0720 2624 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll - ok
14:44:14.0720 2624 [ 29820425D7B6407793C8C0ACB9622FF0 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
14:44:14.0720 2624 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll - ok
14:44:14.0736 2624 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll
14:44:14.0736 2624 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll - ok
14:44:14.0736 2624 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll
14:44:14.0736 2624 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll - ok
14:44:14.0752 2624 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll
14:44:14.0752 2624 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll - ok
14:44:14.0752 2624 [ 378C296F78EBC17E57C6CF96CD024D59 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll
14:44:14.0752 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll - ok
14:44:14.0767 2624 [ 630593EFBD859E48C5E180AB23DC1065 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
14:44:14.0767 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll - ok
14:44:14.0767 2624 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll
14:44:14.0767 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll - ok
14:44:14.0783 2624 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll
14:44:14.0783 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll - ok
14:44:14.0783 2624 [ 5BEB722294C6A21BBE79E816F4E933DA ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
14:44:14.0783 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll - ok
14:44:14.0798 2624 [ B7AB636643F405839CB3D1684145651C ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
14:44:14.0798 2624 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll - ok
14:44:14.0798 2624 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll
14:44:14.0798 2624 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll - ok
14:44:14.0814 2624 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll
14:44:14.0814 2624 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll - ok
14:44:14.0830 2624 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll
14:44:14.0830 2624 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll - ok
14:44:14.0830 2624 [ 56B5914070B2C243DFB3D186070DA89D ] C:\WINDOWS\System32\MMDevAPI.dll
14:44:14.0830 2624 C:\WINDOWS\System32\MMDevAPI.dll - ok
14:44:14.0845 2624 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\WINDOWS\System32\avrt.dll
14:44:14.0845 2624 C:\WINDOWS\System32\avrt.dll - ok
14:44:14.0845 2624 [ 399BB52AD0668472717498E97CF28341 ] C:\WINDOWS\System32\WUDFPlatform.dll
14:44:14.0845 2624 C:\WINDOWS\System32\WUDFPlatform.dll - ok
14:44:14.0861 2624 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\WINDOWS\System32\adtschema.dll
14:44:14.0861 2624 C:\WINDOWS\System32\adtschema.dll - ok
14:44:14.0861 2624 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\WINDOWS\System32\drivers\fltMgr.sys
14:44:14.0861 2624 C:\WINDOWS\System32\drivers\fltMgr.sys - ok
14:44:14.0876 2624 [ 57418956DDAE128D1023C508E7D07071 ] C:\WINDOWS\System32\PSHED.DLL
14:44:14.0876 2624 C:\WINDOWS\System32\PSHED.DLL - ok
14:44:14.0876 2624 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\WINDOWS\System32\audiodg.exe
14:44:14.0876 2624 C:\WINDOWS\System32\audiodg.exe - ok
14:44:14.0892 2624 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\WINDOWS\System32\ksuser.dll
14:44:14.0892 2624 C:\WINDOWS\System32\ksuser.dll - ok
14:44:14.0892 2624 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\WINDOWS\System32\wdmaud.drv
14:44:14.0892 2624 C:\WINDOWS\System32\wdmaud.drv - ok
14:44:14.0908 2624 [ 7258434974EA735725FD2D4A65C5E821 ] C:\WINDOWS\System32\AudioSes.dll
14:44:14.0908 2624 C:\WINDOWS\System32\AudioSes.dll - ok
14:44:14.0908 2624 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\WINDOWS\System32\AudioEng.dll
14:44:14.0908 2624 C:\WINDOWS\System32\AudioEng.dll - ok
14:44:14.0923 2624 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\WINDOWS\System32\gpsvc.dll
14:44:14.0923 2624 C:\WINDOWS\System32\gpsvc.dll - ok
14:44:14.0923 2624 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\WINDOWS\System32\nlaapi.dll
14:44:14.0923 2624 C:\WINDOWS\System32\nlaapi.dll - ok
14:44:14.0939 2624 [ 409F36C8BD06FCE184631EB4142B009A ] C:\WINDOWS\System32\atl.dll
14:44:14.0939 2624 C:\WINDOWS\System32\atl.dll - ok
14:44:14.0939 2624 [ BDBB449425991154135E5ED1559927E6 ] C:\WINDOWS\System32\msacm32.dll
14:44:14.0939 2624 C:\WINDOWS\System32\msacm32.dll - ok
14:44:14.0954 2624 [ 166F004D73EA2CF4AC61800CA469458D ] C:\WINDOWS\System32\msacm32.drv
14:44:14.0954 2624 C:\WINDOWS\System32\msacm32.drv - ok
14:44:14.0954 2624 [ 83199EF88D691E730B80666E29F90D58 ] C:\WINDOWS\System32\midimap.dll
14:44:14.0954 2624 C:\WINDOWS\System32\midimap.dll - ok
14:44:14.0970 2624 [ 67058C46504BC12D821F38CF99B7B28F ] C:\WINDOWS\System32\es.dll
14:44:14.0970 2624 C:\WINDOWS\System32\es.dll - ok
14:44:14.0970 2624 [ 296937202E4D930AAE98085B99D744D8 ] C:\WINDOWS\System32\AUDIOKSE.dll
14:44:14.0970 2624 C:\WINDOWS\System32\AUDIOKSE.dll - ok
14:44:14.0986 2624 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\WINDOWS\System32\drivers\spsys.sys
14:44:14.0986 2624 C:\WINDOWS\System32\drivers\spsys.sys - ok
14:44:14.0986 2624 [ C8D8B847C46EFE3496311AF5EBFB9B62 ] C:\WINDOWS\System32\RtkAPO.dll
14:44:14.0986 2624 C:\WINDOWS\System32\RtkAPO.dll - ok
14:44:15.0001 2624 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\WINDOWS\System32\uxsms.dll
14:44:15.0001 2624 C:\WINDOWS\System32\uxsms.dll - ok
14:44:15.0001 2624 [ 4B555106290BD117334E9A08761C035A ] C:\WINDOWS\System32\rundll32.exe
14:44:15.0001 2624 C:\WINDOWS\System32\rundll32.exe - ok
14:44:15.0017 2624 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\WINDOWS\System32\WindowsCodecs.dll
14:44:15.0017 2624 C:\WINDOWS\System32\WindowsCodecs.dll - ok
14:44:15.0017 2624 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\WINDOWS\System32\WMALFXGFXDSP.dll
14:44:15.0017 2624 C:\WINDOWS\System32\WMALFXGFXDSP.dll - ok
14:44:15.0032 2624 [ 575A4190D989F64732119E4114045A4F ] C:\WINDOWS\System32\WUDFSvc.dll
14:44:15.0032 2624 C:\WINDOWS\System32\WUDFSvc.dll - ok
14:44:15.0032 2624 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\WINDOWS\System32\mfplat.dll
14:44:15.0032 2624 C:\WINDOWS\System32\mfplat.dll - ok
14:44:15.0048 2624 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\WINDOWS\System32\shimeng.dll
14:44:15.0048 2624 C:\WINDOWS\System32\shimeng.dll - ok
14:44:15.0048 2624 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\WINDOWS\System32\drivers\lltdio.sys
14:44:15.0048 2624 C:\WINDOWS\System32\drivers\lltdio.sys - ok
14:44:15.0064 2624 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\WINDOWS\System32\drivers\rspndr.sys
14:44:15.0064 2624 C:\WINDOWS\System32\drivers\rspndr.sys - ok
14:44:15.0064 2624 [ D6804F089CBB6749E95124E7C4D80900 ] C:\WINDOWS\AppPatch\AcLayers.dll
14:44:15.0064 2624 C:\WINDOWS\AppPatch\AcLayers.dll - ok
14:44:15.0079 2624 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\WINDOWS\System32\hid.dll
14:44:15.0079 2624 C:\WINDOWS\System32\hid.dll - ok
14:44:15.0079 2624 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\WINDOWS\System32\winspool.drv
14:44:15.0079 2624 C:\WINDOWS\System32\winspool.drv - ok
14:44:15.0095 2624 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\WINDOWS\System32\dnsrslvr.dll
14:44:15.0095 2624 C:\WINDOWS\System32\dnsrslvr.dll - ok
14:44:15.0095 2624 [ 02A424E60C115B3F68A98083E551B3B4 ] C:\WINDOWS\System32\nvsvc.dll
14:44:15.0095 2624 C:\WINDOWS\System32\nvsvc.dll - ok
14:44:15.0110 2624 [ C0A2442BE61F72822A438DAF23BBA878 ] C:\WINDOWS\System32\nvapi.dll
14:44:15.0110 2624 C:\WINDOWS\System32\nvapi.dll - ok
14:44:15.0110 2624 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\WINDOWS\System32\dwmapi.dll
14:44:15.0110 2624 C:\WINDOWS\System32\dwmapi.dll - ok
14:44:15.0126 2624 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
14:44:15.0126 2624 C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
14:44:15.0126 2624 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\WINDOWS\System32\ktmw32.dll
14:44:15.0126 2624 C:\WINDOWS\System32\ktmw32.dll - ok
14:44:15.0142 2624 [ FB15FE55C4B02089A31EA9C63A6C260A ] C:\WINDOWS\System32\nvcpl.dll
14:44:15.0142 2624 C:\WINDOWS\System32\nvcpl.dll - ok
14:44:15.0142 2624 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\WINDOWS\System32\taskcomp.dll
14:44:15.0142 2624 C:\WINDOWS\System32\taskcomp.dll - ok
14:44:15.0157 2624 [ F870AA3E254628EBEAFE754108D664DE ] C:\WINDOWS\System32\drivers\http.sys
14:44:15.0157 2624 C:\WINDOWS\System32\drivers\http.sys - ok
14:44:15.0157 2624 [ EC760B0B76A4353DE49D66520EB2141F ] C:\WINDOWS\System32\SensApi.dll
14:44:15.0157 2624 C:\WINDOWS\System32\SensApi.dll - ok
14:44:15.0173 2624 [ 65C15783C836BE91ECC88A74742D9E18 ] C:\WINDOWS\System32\nvd3dum.dll
14:44:15.0173 2624 C:\WINDOWS\System32\nvd3dum.dll - ok
14:44:15.0173 2624 [ E79FDA8D320147FDC347C504B3487F87 ] C:\WINDOWS\System32\spoolss.dll
14:44:15.0173 2624 C:\WINDOWS\System32\spoolss.dll - ok
14:44:15.0188 2624 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\WINDOWS\System32\drivers\srvnet.sys
14:44:15.0188 2624 C:\WINDOWS\System32\drivers\srvnet.sys - ok
14:44:15.0188 2624 [ C411C80F90D6732380352B98B37BBD53 ] C:\WINDOWS\System32\winrnr.dll
14:44:15.0188 2624 C:\WINDOWS\System32\winrnr.dll - ok
14:44:15.0204 2624 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\WINDOWS\System32\FWPUCLNT.DLL
14:44:15.0204 2624 C:\WINDOWS\System32\FWPUCLNT.DLL - ok
14:44:15.0204 2624 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\WINDOWS\System32\rasadhlp.dll
14:44:15.0204 2624 C:\WINDOWS\System32\rasadhlp.dll - ok
14:44:15.0220 2624 [ 35F376253F687BDE63976CCB3F2108CA ] C:\WINDOWS\System32\drivers\bowser.sys
14:44:15.0220 2624 C:\WINDOWS\System32\drivers\bowser.sys - ok
14:44:15.0220 2624 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\WINDOWS\System32\drivers\mpsdrv.sys
14:44:15.0220 2624 C:\WINDOWS\System32\drivers\mpsdrv.sys - ok
14:44:15.0235 2624 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\WINDOWS\System32\MPSSVC.dll
14:44:15.0235 2624 C:\WINDOWS\System32\MPSSVC.dll - ok
14:44:15.0235 2624 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\WINDOWS\System32\drivers\mrxsmb.sys
14:44:15.0235 2624 C:\WINDOWS\System32\drivers\mrxsmb.sys - ok
14:44:15.0251 2624 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\WINDOWS\System32\drivers\mrxsmb10.sys
14:44:15.0251 2624 C:\WINDOWS\System32\drivers\mrxsmb10.sys - ok
14:44:15.0251 2624 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\WINDOWS\System32\drivers\mrxsmb20.sys
14:44:15.0251 2624 C:\WINDOWS\System32\drivers\mrxsmb20.sys - ok
14:44:15.0266 2624 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\WINDOWS\System32\drivers\srv2.sys
14:44:15.0266 2624 C:\WINDOWS\System32\drivers\srv2.sys - ok
14:44:15.0266 2624 [ E45051C374F845EDF3DB02A35BA13193 ] C:\WINDOWS\System32\umb.dll
14:44:15.0266 2624 C:\WINDOWS\System32\umb.dll - ok
14:44:15.0282 2624 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\WINDOWS\System32\localspl.dll
14:44:15.0282 2624 C:\WINDOWS\System32\localspl.dll - ok
14:44:15.0282 2624 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\WINDOWS\System32\sfc.dll
14:44:15.0282 2624 C:\WINDOWS\System32\sfc.dll - ok
14:44:15.0298 2624 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\WINDOWS\System32\drivers\srv.sys
14:44:15.0298 2624 C:\WINDOWS\System32\drivers\srv.sys - ok
14:44:15.0298 2624 [ 0745D6EAD386710110817FBEC03F5161 ] C:\WINDOWS\System32\wfapigp.dll
14:44:15.0298 2624 C:\WINDOWS\System32\wfapigp.dll - ok
14:44:15.0313 2624 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\WINDOWS\System32\wiarpc.dll
14:44:15.0313 2624 C:\WINDOWS\System32\wiarpc.dll - ok
14:44:15.0313 2624 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\WINDOWS\System32\snmptrap.exe
14:44:15.0313 2624 C:\WINDOWS\System32\snmptrap.exe - ok
14:44:15.0329 2624 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\WINDOWS\System32\mscms.dll
14:44:15.0329 2624 C:\WINDOWS\System32\mscms.dll - ok
14:44:15.0329 2624 [ E223D2851906B84F52E1B75EA16198F9 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
14:44:15.0329 2624 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
14:44:15.0344 2624 [ 0A0C8331E26F1EC7741CCE6A91E9167D ] C:\WINDOWS\System32\hpf3l082.dll
14:44:15.0344 2624 C:\WINDOWS\System32\hpf3l082.dll - ok
14:44:15.0344 2624 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\WINDOWS\System32\tcpmon.dll
14:44:15.0344 2624 C:\WINDOWS\System32\tcpmon.dll - ok
14:44:15.0360 2624 [ 1311171CF8F6D2954441EF2A42693035 ] C:\WINDOWS\System32\WsmRes.dll
14:44:15.0360 2624 C:\WINDOWS\System32\WsmRes.dll - ok
14:44:15.0360 2624 [ E230F3776F373F4C5E788794B53101E4 ] C:\WINDOWS\System32\plasrv.exe
14:44:15.0360 2624 C:\WINDOWS\System32\plasrv.exe - ok
14:44:15.0376 2624 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\WINDOWS\System32\snmpapi.dll
14:44:15.0376 2624 C:\WINDOWS\System32\snmpapi.dll - ok
14:44:15.0376 2624 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\WINDOWS\System32\wsnmp32.dll
14:44:15.0376 2624 C:\WINDOWS\System32\wsnmp32.dll - ok
14:44:15.0391 2624 [ 024528E25BBE8768536861EA09BE1672 ] C:\WINDOWS\System32\msxml6.dll
14:44:15.0391 2624 C:\WINDOWS\System32\msxml6.dll - ok
14:44:15.0391 2624 [ 5091452DC719281CF1DD69367E13B494 ] C:\WINDOWS\System32\tcpmib.dll
14:44:15.0391 2624 C:\WINDOWS\System32\tcpmib.dll - ok
14:44:15.0407 2624 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\WINDOWS\System32\mgmtapi.dll
14:44:15.0407 2624 C:\WINDOWS\System32\mgmtapi.dll - ok
14:44:15.0407 2624 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\WINDOWS\System32\usbmon.dll
14:44:15.0407 2624 C:\WINDOWS\System32\usbmon.dll - ok
14:44:15.0422 2624 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\WINDOWS\System32\WSDMon.dll
14:44:15.0422 2624 C:\WINDOWS\System32\WSDMon.dll - ok
14:44:15.0422 2624 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\WINDOWS\System32\WSDApi.dll
14:44:15.0422 2624 C:\WINDOWS\System32\WSDApi.dll - ok
14:44:15.0438 2624 [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\WINDOWS\System32\httpapi.dll
14:44:15.0438 2624 C:\WINDOWS\System32\httpapi.dll - ok
14:44:15.0438 2624 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\WINDOWS\System32\winhttp.dll
14:44:15.0438 2624 C:\WINDOWS\System32\winhttp.dll - ok
14:44:15.0454 2624 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\WINDOWS\System32\cfgmgr32.dll
14:44:15.0454 2624 C:\WINDOWS\System32\cfgmgr32.dll - ok
14:44:15.0454 2624 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\WINDOWS\System32\fundisc.dll
14:44:15.0454 2624 C:\WINDOWS\System32\fundisc.dll - ok
14:44:15.0469 2624 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\WINDOWS\System32\msxml3.dll
14:44:15.0469 2624 C:\WINDOWS\System32\msxml3.dll - ok
14:44:15.0469 2624 [ 73347ECA7A6D327BA43C40CB56BCA659 ] C:\WINDOWS\System32\spool\prtprocs\w32x86\hpfpp082.dll
14:44:15.0469 2624 C:\WINDOWS\System32\spool\prtprocs\w32x86\hpfpp082.dll - ok
14:44:15.0485 2624 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\WINDOWS\System32\win32spl.dll
14:44:15.0485 2624 C:\WINDOWS\System32\win32spl.dll - ok
14:44:15.0485 2624 [ 4BF053944E973C073339BE841C9ECF28 ] C:\WINDOWS\System32\netrap.dll
14:44:15.0485 2624 C:\WINDOWS\System32\netrap.dll - ok
14:44:15.0500 2624 [ E340845C8E96D107C36420065D7A5733 ] C:\WINDOWS\System32\printcom.dll
14:44:15.0500 2624 C:\WINDOWS\System32\printcom.dll - ok
14:44:15.0500 2624 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\WINDOWS\System32\inetpp.dll
14:44:15.0500 2624 C:\WINDOWS\System32\inetpp.dll - ok
14:44:15.0516 2624 [ A324D72A06C110152E7607745F39BFA1 ] C:\WINDOWS\System32\netmsg.dll
14:44:15.0516 2624 C:\WINDOWS\System32\netmsg.dll - ok
14:44:15.0516 2624 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\WINDOWS\System32\clusapi.dll
14:44:15.0516 2624 C:\WINDOWS\System32\clusapi.dll - ok
14:44:15.0516 2624 [ 452341E471D2D961229DFE0842957272 ] C:\WINDOWS\System32\sscore.dll
14:44:15.0516 2624 C:\WINDOWS\System32\sscore.dll - ok
14:44:15.0532 2624 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\WINDOWS\System32\activeds.dll
14:44:15.0532 2624 C:\WINDOWS\System32\activeds.dll - ok
14:44:15.0532 2624 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\WINDOWS\System32\adsldpc.dll
14:44:15.0532 2624 C:\WINDOWS\System32\adsldpc.dll - ok
14:44:15.0547 2624 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\WINDOWS\System32\credui.dll
14:44:15.0547 2624 C:\WINDOWS\System32\credui.dll - ok
14:44:15.0547 2624 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\WINDOWS\System32\resutils.dll
14:44:15.0547 2624 C:\WINDOWS\System32\resutils.dll - ok
14:44:15.0563 2624 [ B1EA9681502EE57F87DB71D726288A5B ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:15.0563 2624 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
14:44:15.0578 2624 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
14:44:15.0578 2624 C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
14:44:15.0578 2624 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\WINDOWS\System32\taskschd.dll
14:44:15.0578 2624 C:\WINDOWS\System32\taskschd.dll - ok
14:44:15.0594 2624 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\WINDOWS\System32\vssapi.dll
14:44:15.0594 2624 C:\WINDOWS\System32\vssapi.dll - ok
14:44:15.0594 2624 [ 9039717A906DA0AE38420918801D9AB3 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:44:15.0594 2624 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
14:44:15.0610 2624 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\WINDOWS\System32\wdscore.dll
14:44:15.0610 2624 C:\WINDOWS\System32\wdscore.dll - ok
14:44:15.0610 2624 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\WINDOWS\System32\vsstrace.dll
14:44:15.0610 2624 C:\WINDOWS\System32\vsstrace.dll - ok
14:44:15.0625 2624 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\WINDOWS\System32\cryptnet.dll
14:44:15.0625 2624 C:\WINDOWS\System32\cryptnet.dll - ok
14:44:15.0625 2624 [ 5533C95940E5B75FE89BD8CBB352189F ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
14:44:15.0625 2624 C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok
14:44:15.0641 2624 [ 832D44CA982AB483337CB6A3906E53EE ] C:\Program Files\Common Files\LightScribe\LSLog.dll
14:44:15.0641 2624 C:\Program Files\Common Files\LightScribe\LSLog.dll - ok
14:44:15.0641 2624 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
14:44:15.0641 2624 C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
14:44:15.0656 2624 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
14:44:15.0656 2624 C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
14:44:15.0656 2624 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\WINDOWS\System32\drivers\mdmxsdk.sys
14:44:15.0656 2624 C:\WINDOWS\System32\drivers\mdmxsdk.sys - ok
14:44:15.0672 2624 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] C:\WINDOWS\System32\drivers\NisDrvWFP.sys
14:44:15.0672 2624 C:\WINDOWS\System32\drivers\NisDrvWFP.sys - ok
14:44:15.0672 2624 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\WINDOWS\System32\ncsi.dll
14:44:15.0672 2624 C:\WINDOWS\System32\ncsi.dll - ok
14:44:15.0688 2624 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\WINDOWS\System32\drivers\PEAuth.sys
14:44:15.0688 2624 C:\WINDOWS\System32\drivers\PEAuth.sys - ok
14:44:15.0688 2624 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\WINDOWS\System32\drivers\secdrv.sys
14:44:15.0688 2624 C:\WINDOWS\System32\drivers\secdrv.sys - ok
14:44:15.0703 2624 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\WINDOWS\System32\drivers\tcpipreg.sys
14:44:15.0703 2624 C:\WINDOWS\System32\drivers\tcpipreg.sys - ok
14:44:15.0703 2624 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\WINDOWS\System32\ssdpapi.dll
14:44:15.0703 2624 C:\WINDOWS\System32\ssdpapi.dll - ok
14:44:15.0719 2624 [ D0494460421A03CD5225CCA0059AA146 ] C:\WINDOWS\System32\IPSECSVC.DLL
14:44:15.0719 2624 C:\WINDOWS\System32\IPSECSVC.DLL - ok
14:44:15.0719 2624 [ 0C84B6AFFA7486422235584110D7176F ] C:\WINDOWS\System32\icaapi.dll
14:44:15.0719 2624 C:\WINDOWS\System32\icaapi.dll - ok
14:44:15.0734 2624 [ DAB33CFA9DD24251AAA389FF36B64D4B ] C:\WINDOWS\System32\drivers\XAudio.sys
14:44:15.0734 2624 C:\WINDOWS\System32\drivers\XAudio.sys - ok
14:44:15.0734 2624 [ CD5F291A1161F15896D1A4D63DAFF5DF ] C:\WINDOWS\System32\drivers\XAudio.exe
14:44:15.0734 2624 C:\WINDOWS\System32\drivers\XAudio.exe - ok
14:44:15.0750 2624 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\WINDOWS\System32\FwRemoteSvr.dll
14:44:15.0750 2624 C:\WINDOWS\System32\FwRemoteSvr.dll - ok
14:44:15.0750 2624 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\WINDOWS\System32\wbem\WMIsvc.dll
14:44:15.0750 2624 C:\WINDOWS\System32\wbem\WMIsvc.dll - ok
14:44:15.0766 2624 [ 2205A220A264E8C8B86492BF3D112907 ] C:\WINDOWS\System32\PortableDeviceApi.dll
14:44:15.0766 2624 C:\WINDOWS\System32\PortableDeviceApi.dll - ok
14:44:15.0766 2624 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\WINDOWS\System32\wbemcomn.dll
14:44:15.0766 2624 C:\WINDOWS\System32\wbemcomn.dll - ok
14:44:15.0781 2624 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:44:15.0781 2624 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok
14:44:15.0781 2624 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\WINDOWS\System32\wbem\WinMgmtR.dll
14:44:15.0781 2624 C:\WINDOWS\System32\wbem\WinMgmtR.dll - ok
14:44:15.0781 2624 [ FD647CA82ACF232DBE5F20345647B948 ] C:\WINDOWS\AppPatch\AcGenral.dll
14:44:15.0781 2624 C:\WINDOWS\AppPatch\AcGenral.dll - ok
14:44:15.0797 2624 [ B53BD9E63867CD9FD853F666CA172713 ] C:\WINDOWS\System32\PortableDeviceConnectApi.dll
14:44:15.0797 2624 C:\WINDOWS\System32\PortableDeviceConnectApi.dll - ok
14:44:15.0797 2624 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\WINDOWS\System32\sfc_os.dll
14:44:15.0797 2624 C:\WINDOWS\System32\sfc_os.dll - ok
14:44:15.0812 2624 [ 13B5F255E90624A5BA0441D39CFB6BE2 ] C:\WINDOWS\System32\drivers\WUDFPf.sys
14:44:15.0812 2624 C:\WINDOWS\System32\drivers\WUDFPf.sys - ok
14:44:15.0812 2624 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] C:\WINDOWS\System32\drivers\WUDFRd.sys
14:44:15.0812 2624 C:\WINDOWS\System32\drivers\WUDFRd.sys - ok
14:44:15.0828 2624 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\WINDOWS\System32\netprofm.dll
14:44:15.0828 2624 C:\WINDOWS\System32\netprofm.dll - ok
14:44:15.0828 2624 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\WINDOWS\System32\npmproxy.dll
14:44:15.0828 2624 C:\WINDOWS\System32\npmproxy.dll - ok
14:44:15.0844 2624 [ 3B846434055F80D9E89D0742F3ADAD34 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
14:44:15.0844 2624 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
14:44:15.0844 2624 [ 4C6CA0F172E264B432666A81E4B466AB ] C:\Program Files\Microsoft Security Client\NisLog.dll
14:44:15.0844 2624 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
14:44:15.0859 2624 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\WINDOWS\System32\diagperf.dll
14:44:15.0859 2624 C:\WINDOWS\System32\diagperf.dll - ok
14:44:15.0859 2624 [ 1D6B95871DC006190964B04E5657E35F ] C:\WINDOWS\System32\rastapi.dll
14:44:15.0859 2624 C:\WINDOWS\System32\rastapi.dll - ok
14:44:15.0875 2624 [ F0062778F50838145AC46B384FFB4FA3 ] C:\WINDOWS\System32\pcadm.dll
14:44:15.0875 2624 C:\WINDOWS\System32\pcadm.dll - ok
14:44:15.0875 2624 [ 21322832C99E8DE85BD047689A2A69DB ] C:\WINDOWS\System32\pnpts.dll
14:44:15.0875 2624 C:\WINDOWS\System32\pnpts.dll - ok
14:44:15.0890 2624 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\WINDOWS\System32\unimdm.tsp
14:44:15.0890 2624 C:\WINDOWS\System32\unimdm.tsp - ok
14:44:15.0890 2624 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\WINDOWS\System32\uniplat.dll
14:44:15.0890 2624 C:\WINDOWS\System32\uniplat.dll - ok
14:44:15.0906 2624 [ 09C7859269563C240AB2AAAB574483DD ] C:\WINDOWS\System32\WUDFHost.exe
14:44:15.0906 2624 C:\WINDOWS\System32\WUDFHost.exe - ok
14:44:15.0906 2624 [ 2E837F3D406224DF131C34BC8F71621E ] C:\WINDOWS\System32\modemui.dll
14:44:15.0906 2624 C:\WINDOWS\System32\modemui.dll - ok
14:44:15.0922 2624 [ 0B71899E60D1265229BF3D080EAB573D ] C:\WINDOWS\System32\unimdmat.dll
14:44:15.0922 2624 C:\WINDOWS\System32\unimdmat.dll - ok
14:44:15.0922 2624 [ 953193A9DEA40348C1086D171F6440AE ] C:\WINDOWS\System32\kmddsp.tsp
14:44:15.0922 2624 C:\WINDOWS\System32\kmddsp.tsp - ok
14:44:15.0937 2624 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\WINDOWS\System32\ndptsp.tsp
14:44:15.0937 2624 C:\WINDOWS\System32\ndptsp.tsp - ok
14:44:15.0937 2624 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\WINDOWS\System32\hidphone.tsp
14:44:15.0937 2624 C:\WINDOWS\System32\hidphone.tsp - ok
14:44:15.0953 2624 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\WINDOWS\System32\rasppp.dll
14:44:15.0953 2624 C:\WINDOWS\System32\rasppp.dll - ok
14:44:15.0953 2624 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\WINDOWS\System32\mprapi.dll
14:44:15.0953 2624 C:\WINDOWS\System32\mprapi.dll - ok
14:44:15.0968 2624 [ 769D027B977CED05658C85E698D3C5B1 ] C:\WINDOWS\System32\QUTIL.DLL
14:44:15.0968 2624 C:\WINDOWS\System32\QUTIL.DLL - ok
14:44:15.0968 2624 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\WINDOWS\System32\rasqec.dll
14:44:15.0968 2624 C:\WINDOWS\System32\rasqec.dll - ok
14:44:15.0984 2624 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\WINDOWS\System32\raschap.dll
14:44:15.0984 2624 C:\WINDOWS\System32\raschap.dll - ok
14:44:15.0984 2624 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\WINDOWS\System32\cryptui.dll
14:44:15.0984 2624 C:\WINDOWS\System32\cryptui.dll - ok
14:44:16.0000 2624 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\WINDOWS\System32\rastls.dll
14:44:16.0000 2624 C:\WINDOWS\System32\rastls.dll - ok
14:44:16.0000 2624 [ 053ACAAE0F10C22A00C26DD10EF394BA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC1BED74-63EB-4D67-9DBB-ABAACDE2D004}\gapaengine.dll
14:44:16.0000 2624 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC1BED74-63EB-4D67-9DBB-ABAACDE2D004}\gapaengine.dll - ok
14:44:16.0015 2624 [ 4B72B5B342ADA4DE8DEEA39CCE465B58 ] C:\WINDOWS\System32\WUDFx.dll
14:44:16.0015 2624 C:\WINDOWS\System32\WUDFx.dll - ok
14:44:16.0015 2624 [ 5527767F1ADD169320020321EEBA581E ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC1BED74-63EB-4D67-9DBB-ABAACDE2D004}\nisfull.vdm
14:44:16.0015 2624 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC1BED74-63EB-4D67-9DBB-ABAACDE2D004}\nisfull.vdm - ok
14:44:16.0031 2624 [ 119A487B94FCB54D5154EBFBFA124755 ] C:\WINDOWS\System32\drivers\UMDF\WpdFs.dll
14:44:16.0031 2624 C:\WINDOWS\System32\drivers\UMDF\WpdFs.dll - ok
14:44:16.0031 2624 [ 50ABE7CDA2DAE898216121D14092C182 ] C:\WINDOWS\System32\WMVCORE.DLL
14:44:16.0046 2624 C:\WINDOWS\System32\WMVCORE.DLL - ok
14:44:16.0046 2624 [ 36CCD8A79539C4ACE3BABE09C2CFBA16 ] C:\WINDOWS\System32\WMASF.DLL
14:44:16.0046 2624 C:\WINDOWS\System32\WMASF.DLL - ok
14:44:16.0062 2624 [ B2B117BD8D1EA80536CDD91797EF4A0A ] C:\WINDOWS\System32\PortableDeviceClassExtension.dll
14:44:16.0062 2624 C:\WINDOWS\System32\PortableDeviceClassExtension.dll - ok
14:44:16.0062 2624 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\WINDOWS\System32\PortableDeviceTypes.dll
14:44:16.0062 2624 C:\WINDOWS\System32\PortableDeviceTypes.dll - ok
14:44:16.0078 2624 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\WINDOWS\System32\taskeng.exe
14:44:16.0078 2624 C:\WINDOWS\System32\taskeng.exe - ok
14:44:16.0078 2624 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\WINDOWS\System32\TSChannel.dll
14:44:16.0078 2624 C:\WINDOWS\System32\TSChannel.dll - ok
14:44:16.0093 2624 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\WINDOWS\System32\dimsjob.dll
14:44:16.0093 2624 C:\WINDOWS\System32\dimsjob.dll - ok
14:44:16.0093 2624 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\WINDOWS\System32\certcli.dll
14:44:16.0093 2624 C:\WINDOWS\System32\certcli.dll - ok
14:44:16.0109 2624 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\WINDOWS\System32\pautoenr.dll
14:44:16.0109 2624 C:\WINDOWS\System32\pautoenr.dll - ok
14:44:16.0109 2624 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\WINDOWS\System32\CertEnroll.dll
14:44:16.0109 2624 C:\WINDOWS\System32\CertEnroll.dll - ok
14:44:16.0124 2624 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\WINDOWS\System32\dllhost.exe
14:44:16.0124 2624 C:\WINDOWS\System32\dllhost.exe - ok
14:44:16.0124 2624 [ 3CD1B69551236977918E60F9543C89A2 ] C:\WINDOWS\System32\AtBroker.exe
14:44:16.0124 2624 C:\WINDOWS\System32\AtBroker.exe - ok
14:44:16.0140 2624 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\WINDOWS\System32\userinit.exe
14:44:16.0140 2624 C:\WINDOWS\System32\userinit.exe - ok
14:44:16.0140 2624 [ D80C6539C00CB4F5D59066865479C308 ] C:\WINDOWS\System32\dwmredir.dll
14:44:16.0140 2624 C:\WINDOWS\System32\dwmredir.dll - ok
14:44:16.0156 2624 [ C99403A5B641520DAED0021DDA06F272 ] C:\WINDOWS\System32\milcore.dll
14:44:16.0156 2624 C:\WINDOWS\System32\milcore.dll - ok
14:44:16.0156 2624 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\WINDOWS\System32\d3d9.dll
14:44:16.0156 2624 C:\WINDOWS\System32\d3d9.dll - ok
14:44:16.0171 2624 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\WINDOWS\System32\d3d8thk.dll
14:44:16.0171 2624 C:\WINDOWS\System32\d3d8thk.dll - ok
14:44:16.0171 2624 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\WINDOWS\System32\uDWM.dll
14:44:16.0171 2624 C:\WINDOWS\System32\uDWM.dll - ok
14:44:16.0187 2624 [ D598DDFDF2D30A0C03F95DCEC236A76E ] C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
14:44:16.0187 2624 C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe - ok
14:44:16.0187 2624 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\WINDOWS\explorer.exe
14:44:16.0187 2624 C:\WINDOWS\explorer.exe - ok
14:44:16.0202 2624 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\WINDOWS\System32\shdocvw.dll
14:44:16.0202 2624 C:\WINDOWS\System32\shdocvw.dll - ok
14:44:16.0202 2624 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
14:44:16.0202 2624 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
14:44:16.0218 2624 [ 172B7ADD2014318A5294F2BBA355C322 ] C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
14:44:16.0218 2624 C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe - ok
14:44:16.0218 2624 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\WINDOWS\System32\browseui.dll
14:44:16.0218 2624 C:\WINDOWS\System32\browseui.dll - ok
14:44:16.0234 2624 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\WINDOWS\System32\oledlg.dll
14:44:16.0234 2624 C:\WINDOWS\System32\oledlg.dll - ok
14:44:16.0234 2624 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
14:44:16.0234 2624 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
14:44:16.0249 2624 [ D922592AB65C5D9B88B30B4510A3464E ] C:\WINDOWS\System32\cscapi.dll
14:44:16.0249 2624 C:\WINDOWS\System32\cscapi.dll - ok
14:44:16.0249 2624 [ 4934241CD20AC87D78121352E3BA8318 ] C:\WINDOWS\System32\dbghelp.dll
14:44:16.0249 2624 C:\WINDOWS\System32\dbghelp.dll - ok
14:44:16.0265 2624 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\WINDOWS\System32\EhStorShell.dll
14:44:16.0265 2624 C:\WINDOWS\System32\EhStorShell.dll - ok
14:44:16.0265 2624 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\WINDOWS\System32\imageres.dll
14:44:16.0265 2624 C:\WINDOWS\System32\imageres.dll - ok
14:44:16.0280 2624 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
14:44:16.0280 2624 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
14:44:16.0280 2624 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\WINDOWS\System32\HotStartUserAgent.dll
14:44:16.0280 2624 C:\WINDOWS\System32\HotStartUserAgent.dll - ok
14:44:16.0296 2624 [ 27FDB976616E6F0363654AB16453289C ] C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
14:44:16.0296 2624 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe - ok
14:44:16.0296 2624 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\WINDOWS\System32\PlaySndSrv.dll
14:44:16.0296 2624 C:\WINDOWS\System32\PlaySndSrv.dll - ok
14:44:16.0312 2624 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\WINDOWS\System32\IconCodecService.dll
14:44:16.0312 2624 C:\WINDOWS\System32\IconCodecService.dll - ok
14:44:16.0312 2624 [ 43E1054C713C48D252A1826C5E14AACA ] C:\WINDOWS\System32\MsCtfMonitor.dll
14:44:16.0312 2624 C:\WINDOWS\System32\MsCtfMonitor.dll - ok
14:44:16.0327 2624 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\WINDOWS\System32\mstask.dll
14:44:16.0327 2624 C:\WINDOWS\System32\mstask.dll - ok
14:44:16.0327 2624 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\WINDOWS\System32\msutb.dll
14:44:16.0327 2624 C:\WINDOWS\System32\msutb.dll - ok
14:44:16.0343 2624 [ 893E0152D1EA2748E1B0772FBE8127D0 ] C:\Program Files\Trusteer\Rapport\bin\js32.dll
14:44:16.0343 2624 C:\Program Files\Trusteer\Rapport\bin\js32.dll - ok
14:44:16.0343 2624 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\WINDOWS\System32\runonce.exe
14:44:16.0343 2624 C:\WINDOWS\System32\runonce.exe - ok
14:44:16.0358 2624 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\WINDOWS\System32\cmd.exe
14:44:16.0358 2624 C:\WINDOWS\System32\cmd.exe - ok
14:44:16.0358 2624 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\WINDOWS\System32\TMM.dll
14:44:16.0358 2624 C:\WINDOWS\System32\TMM.dll - ok
14:44:16.0374 2624 [ A6B73FCB9496DB101F3066CAF5A7DA4B ] C:\WINDOWS\System32\ieframe.dll
14:44:16.0374 2624 C:\WINDOWS\System32\ieframe.dll - ok
14:44:16.0374 2624 [ 56DD8A42DBFF708D46163D65A02A38E8 ] C:\Program Files\Trusteer\Rapport\bin\RapportKoan.dll
14:44:16.0374 2624 C:\Program Files\Trusteer\Rapport\bin\RapportKoan.dll - ok
14:44:16.0390 2624 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\Program Files\Trusteer\Rapport\bin\atl80.dll
14:44:16.0390 2624 C:\Program Files\Trusteer\Rapport\bin\atl80.dll - ok
14:44:16.0390 2624 [ FF3579F13CC08B6ADDCD3CC9A0B15F3C ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan3.dll
14:44:16.0390 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan3.dll - ok
14:44:16.0405 2624 [ 6B851B6C3147D980B12649C85FF527FB ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan35.dll
14:44:16.0405 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan35.dll - ok
14:44:16.0405 2624 [ 8F20D05D5693E189DA7FCF2295667F27 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan36.dll
14:44:16.0405 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan36.dll - ok
14:44:16.0421 2624 [ 891B74518F9218D024D01C876E980234 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan9.dll
14:44:16.0421 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan9.dll - ok
14:44:16.0436 2624 [ 3323B1CC3AA914F8E93D8CBD983BDDB9 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan10.dll
14:44:16.0436 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan10.dll - ok
14:44:16.0436 2624 [ 5ECCBE6EB60F4A0CD45D98CEA135A6D8 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan11.dll
14:44:16.0436 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan11.dll - ok
14:44:16.0452 2624 [ 58DB8CCA800F10C0865942A5FACBBE66 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan12.dll
14:44:16.0452 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan12.dll - ok
14:44:16.0452 2624 [ F71CA66D1D36BF74856F6E52DA95455B ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan13.dll
14:44:16.0452 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan13.dll - ok
14:44:16.0468 2624 [ ABCCE8047215CEDCFDD9B2EDB2C086A1 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan14.dll
14:44:16.0468 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan14.dll - ok
14:44:16.0468 2624 [ 8F1BAF64D34E2BE564E336DDFAD96711 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan15.dll
14:44:16.0468 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan15.dll - ok
14:44:16.0483 2624 [ 988FCBD4D4C5E06861E2F95D72364806 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan16.dll
14:44:16.0483 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan16.dll - ok
14:44:16.0483 2624 [ D863521874B4CF738B20AEA18DE10692 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan17.dll
14:44:16.0483 2624 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan17.dll - ok
14:44:16.0499 2624 [ BADC3AB3D0B5DCDEDCEB4142DE613251 ] C:\Program Files\Trusteer\Rapport\bin\RapportNikko.dll
14:44:16.0499 2624 C:\Program Files\Trusteer\Rapport\bin\RapportNikko.dll - ok
14:44:16.0499 2624 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\WINDOWS\System32\QAGENT.DLL
14:44:16.0499 2624 C:\WINDOWS\System32\QAGENT.DLL - ok
14:44:16.0514 2624 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\djokrall\AppData\Local\Temp\B1B16E03-C16E-4D37-9F53-417F5CCC71E2.exe
14:44:16.0514 2624 C:\Users\djokrall\AppData\Local\Temp\B1B16E03-C16E-4D37-9F53-417F5CCC71E2.exe - ok
14:44:16.0514 2624 [ A7A6954E500715117B64B414AB81CB44 ] C:\Program Files\Java\jre7\bin\ssv.dll
14:44:16.0514 2624 C:\Program Files\Java\jre7\bin\ssv.dll - ok
14:44:16.0530 2624 [ EB47E405A9222CA595E5E763B4156529 ] C:\Program Files\Java\jre7\bin\jp2ssv.dll
14:44:16.0530 2624 C:\Program Files\Java\jre7\bin\jp2ssv.dll - ok
14:44:16.0530 2624 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\WINDOWS\System32\wbem\wbemprox.dll
14:44:16.0530 2624 C:\WINDOWS\System32\wbem\wbemprox.dll - ok
14:44:16.0546 2624 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\WINDOWS\System32\wbem\wbemcore.dll
14:44:16.0546 2624 C:\WINDOWS\System32\wbem\wbemcore.dll - ok
14:44:16.0561 2624 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\WINDOWS\System32\wbem\esscli.dll
14:44:16.0561 2624 C:\WINDOWS\System32\wbem\esscli.dll - ok
14:44:16.0561 2624 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\WINDOWS\System32\wbem\fastprox.dll
14:44:16.0561 2624 C:\WINDOWS\System32\wbem\fastprox.dll - ok
14:44:16.0577 2624 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\WINDOWS\System32\wbem\wbemsvc.dll
14:44:16.0577 2624 C:\WINDOWS\System32\wbem\wbemsvc.dll - ok
14:44:16.0577 2624 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\WINDOWS\System32\wbem\repdrvfs.dll
14:44:16.0577 2624 C:\WINDOWS\System32\wbem\repdrvfs.dll - ok
14:44:16.0577 2624 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\WINDOWS\System32\wbem\wmiutils.dll
14:44:16.0577 2624 C:\WINDOWS\System32\wbem\wmiutils.dll - ok
14:44:16.0592 2624 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\WINDOWS\System32\wbem\WmiPrvSD.dll
14:44:16.0592 2624 C:\WINDOWS\System32\wbem\WmiPrvSD.dll - ok
14:44:16.0592 2624 [ A609A192E98934A8D352704C99AB8577 ] C:\WINDOWS\System32\wbem\wbemess.dll
14:44:16.0592 2624 C:\WINDOWS\System32\wbem\wbemess.dll - ok
14:44:16.0608 2624 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\WINDOWS\System32\wbem\WmiPrvSE.exe
14:44:16.0608 2624 C:\WINDOWS\System32\wbem\WmiPrvSE.exe - ok
14:44:16.0608 2624 [ F723422A11CD6FA13036746272200993 ] C:\WINDOWS\System32\wbem\cimwin32.dll
14:44:16.0608 2624 C:\WINDOWS\System32\wbem\cimwin32.dll - ok
14:44:16.0624 2624 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\WINDOWS\System32\framedynos.dll
14:44:16.0624 2624 C:\WINDOWS\System32\framedynos.dll - ok
14:44:16.0624 2624 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\WINDOWS\System32\wmi.dll
14:44:16.0624 2624 C:\WINDOWS\System32\wmi.dll - ok
14:44:16.0639 2624 [ 7D1A10A1F3562CCA1FD38E9BADA8FEC0 ] C:\WINDOWS\System32\perfos.dll
14:44:16.0639 2624 C:\WINDOWS\System32\perfos.dll - ok
14:44:16.0639 2624 [ 43AEF7355D24090CA7C24C83846BD981 ] C:\WINDOWS\System32\spp.dll
14:44:16.0639 2624 C:\WINDOWS\System32\spp.dll - ok
14:44:16.0655 2624 [ BC8E5F6AAF447364A6F6A00D3F8FAF29 ] C:\WINDOWS\System32\srclient.dll
14:44:16.0655 2624 C:\WINDOWS\System32\srclient.dll - ok
14:44:16.0655 2624 [ CA21FA27DF770C209F272B74B9C2B4C4 ] C:\WINDOWS\System32\srwmi.dll
14:44:16.0655 2624 C:\WINDOWS\System32\srwmi.dll - ok
14:44:16.0670 2624 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\System32\wuapi.dll
14:44:16.0670 2624 C:\WINDOWS\System32\wuapi.dll - ok
14:44:16.0670 2624 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\System32\wups.dll
14:44:16.0670 2624 C:\WINDOWS\System32\wups.dll - ok
14:44:16.0686 2624 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\System32\wuaueng.dll
14:44:16.0686 2624 C:\WINDOWS\System32\wuaueng.dll - ok
14:44:16.0686 2624 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\WINDOWS\System32\esent.dll
14:44:16.0686 2624 C:\WINDOWS\System32\esent.dll - ok
14:44:16.0702 2624 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\WINDOWS\System32\mspatcha.dll
14:44:16.0702 2624 C:\WINDOWS\System32\mspatcha.dll - ok
14:44:16.0702 2624 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\System32\wups2.dll
14:44:16.0717 2624 C:\WINDOWS\System32\wups2.dll - ok
14:44:16.0717 2624 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\WINDOWS\System32\wer.dll
14:44:16.0717 2624 C:\WINDOWS\System32\wer.dll - ok
14:44:16.0733 2624 [ F21F255B91CA4F04E4250DECD2067CBB ] C:\WINDOWS\System32\bitsperf.dll
14:44:16.0733 2624 C:\WINDOWS\System32\bitsperf.dll - ok
14:44:16.0733 2624 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\WINDOWS\System32\shfolder.dll
14:44:16.0733 2624 C:\WINDOWS\System32\shfolder.dll - ok
14:44:16.0748 2624 [ 632557F2495931D952161465AA177B3B ] C:\WINDOWS\System32\bitsigd.dll
14:44:16.0748 2624 C:\WINDOWS\System32\bitsigd.dll - ok
14:44:16.0748 2624 [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\WINDOWS\System32\security.dll
14:44:16.0748 2624 C:\WINDOWS\System32\security.dll - ok
14:44:16.0764 2624 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\WINDOWS\System32\upnp.dll
14:44:16.0764 2624 C:\WINDOWS\System32\upnp.dll - ok
14:44:16.0764 2624 [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\WINDOWS\System32\dssenh.dll
14:44:16.0764 2624 C:\WINDOWS\System32\dssenh.dll - ok
14:44:16.0780 2624 [ 10F13FFF542FEC4A2C4FA734EEBE56B9 ] C:\WINDOWS\System32\qmgrprxy.dll
14:44:16.0780 2624 C:\WINDOWS\System32\qmgrprxy.dll - ok
14:44:16.0780 2624 [ 5FA382106B145A920E2A4F7087AF1B90 ] C:\WINDOWS\System32\wbem\wmipcima.dll
14:44:16.0780 2624 C:\WINDOWS\System32\wbem\wmipcima.dll - ok
14:44:16.0795 2624 [ F9997A74B445A6EAB6B3E7758C1DC51C ] C:\WINDOWS\System32\bitsprx5.dll
14:44:16.0795 2624 C:\WINDOWS\System32\bitsprx5.dll - ok
14:44:16.0795 2624 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\WINDOWS\System32\drivers\cdfs.sys
14:44:16.0795 2624 C:\WINDOWS\System32\drivers\cdfs.sys - ok
14:44:16.0811 2624 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
14:44:16.0811 2624 C:\Program Files\Windows Calendar\WinCal.exe - ok
14:44:16.0811 2624 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\WINDOWS\System32\ie4uinit.exe
14:44:16.0811 2624 C:\WINDOWS\System32\ie4uinit.exe - ok
14:44:16.0826 2624 [ 4B19A9A4191353007E9819A832B81186 ] C:\WINDOWS\System32\timedate.cpl
14:44:16.0826 2624 C:\WINDOWS\System32\timedate.cpl - ok
14:44:16.0826 2624 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\WINDOWS\System32\actxprxy.dll
14:44:16.0826 2624 C:\WINDOWS\System32\actxprxy.dll - ok
14:44:16.0842 2624 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\WINDOWS\System32\msshsq.dll
14:44:16.0842 2624 C:\WINDOWS\System32\msshsq.dll - ok
14:44:16.0842 2624 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\WINDOWS\System32\NaturalLanguage6.dll
14:44:16.0842 2624 C:\WINDOWS\System32\NaturalLanguage6.dll - ok
14:44:16.0858 2624 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\WINDOWS\System32\NlsData0009.dll
14:44:16.0858 2624 C:\WINDOWS\System32\NlsData0009.dll - ok
14:44:16.0858 2624 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\System32\drivers\46134817.sys
14:44:16.0858 2624 C:\WINDOWS\System32\drivers\46134817.sys - ok
14:44:16.0873 2624 [ 8629B71343F61E1140243581C63BC0C7 ] C:\WINDOWS\System32\NlsLexicons0009.dll
14:44:16.0873 2624 C:\WINDOWS\System32\NlsLexicons0009.dll - ok
14:44:16.0873 2624 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\WINDOWS\System32\riched20.dll
14:44:16.0873 2624 C:\WINDOWS\System32\riched20.dll - ok
14:44:16.0889 2624 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys
14:44:16.0889 2624 C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys - ok
14:44:16.0889 2624 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\WINDOWS\System32\linkinfo.dll
14:44:16.0889 2624 C:\WINDOWS\System32\linkinfo.dll - ok
14:44:16.0904 2624 [ 7E1B0C85B7347D9391FE60F6DADFDDF0 ] C:\Program Files\Microsoft Security Client\msseces.exe
14:44:16.0904 2624 C:\Program Files\Microsoft Security Client\msseces.exe - ok
14:44:16.0904 2624 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\WINDOWS\System32\networkexplorer.dll
14:44:16.0904 2624 C:\WINDOWS\System32\networkexplorer.dll - ok
14:44:16.0920 2624 [ 5016B8FC59AD616F03813FBE63295081 ] C:\WINDOWS\System32\thumbcache.dll
14:44:16.0920 2624 C:\WINDOWS\System32\thumbcache.dll - ok
14:44:16.0920 2624 [ D93985F5D87DF1A119E939EADB5C4B9E ] C:\WINDOWS\RtHDVCpl.exe
14:44:16.0920 2624 C:\WINDOWS\RtHDVCpl.exe - ok
14:44:16.0936 2624 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\WINDOWS\System32\control.exe
14:44:16.0936 2624 C:\WINDOWS\System32\control.exe - ok
14:44:16.0936 2624 [ B1361669BDC6ED612C35B7C67ADA2240 ] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
14:44:16.0936 2624 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe - ok
14:44:16.0951 2624 [ 009811BD21D0BD7BA5C7765565505764 ] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
14:44:16.0951 2624 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe - ok
14:44:16.0951 2624 [ CE9191729CD550E871494CBA6ADCA112 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
14:44:16.0951 2624 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
14:44:16.0967 2624 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\WINDOWS\System32\mlang.dll
14:44:16.0967 2624 C:\WINDOWS\System32\mlang.dll - ok
14:44:16.0967 2624 [ C45D74C22D4EFC3F86C9CABF9D98611F ] C:\Program Files\Online Services\quickenfc\WizLink.exe
14:44:16.0967 2624 C:\Program Files\Online Services\quickenfc\WizLink.exe - ok
14:44:16.0982 2624 [ 9A4322EE420D6FACD4D4B1FF6CB856B1 ] C:\hp\support\hpsysdrv.exe
14:44:16.0982 2624 C:\hp\support\hpsysdrv.exe - ok
14:44:16.0982 2624 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
14:44:16.0982 2624 C:\Program Files\Windows Mail\wab.exe - ok
14:44:16.0998 2624 [ 625E173870538418A3C66C18338CE358 ] C:\WINDOWS\System32\nvmctray.dll
14:44:16.0998 2624 C:\WINDOWS\System32\nvmctray.dll - ok
14:44:16.0998 2624 [ FDD4F5F7C4BAD248AB16233A1639C078 ] C:\Program Files\HP\HP Software Update\hpwuschd2.exe
14:44:16.0998 2624 C:\Program Files\HP\HP Software Update\hpwuschd2.exe - ok
14:44:17.0014 2624 [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
14:44:17.0014 2624 C:\Program Files\Movie Maker\DVDMaker.exe - ok
14:44:17.0029 2624 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\WINDOWS\System32\ntshrui.dll
14:44:17.0029 2624 C:\WINDOWS\System32\ntshrui.dll - ok
14:44:17.0029 2624 [ FE821F6FA60E9DF9FDEE69A23488BBAB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:44:17.0029 2624 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
14:44:17.0045 2624 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\WINDOWS\System32\msiltcfg.dll
14:44:17.0045 2624 C:\WINDOWS\System32\msiltcfg.dll - ok
14:44:17.0045 2624 [ 61216539E55DDF2F78E421E7EF140650 ] C:\WINDOWS\System32\ExplorerFrame.dll
14:44:17.0045 2624 C:\WINDOWS\System32\ExplorerFrame.dll - ok
14:44:17.0060 2624 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:44:17.0060 2624 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
14:44:17.0060 2624 [ B7ED332A57FC78CA29E40D3619550225 ] C:\WINDOWS\ehome\ehshell.exe
14:44:17.0060 2624 C:\WINDOWS\ehome\ehshell.exe - ok
14:44:17.0076 2624 [ A6C9085DB29CEB92FA32D9EFBAB0471D ] C:\Program Files\AC3Filter\spdif_test.exe
14:44:17.0076 2624 C:\Program Files\AC3Filter\spdif_test.exe - ok
14:44:17.0076 2624 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
14:44:17.0076 2624 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
14:44:17.0092 2624 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\WINDOWS\System32\dsound.dll
14:44:17.0092 2624 C:\WINDOWS\System32\dsound.dll - ok
14:44:17.0092 2624 [ B5950DF243837D8217F4E597919B224A ] C:\WINDOWS\System32\stobject.dll
14:44:17.0092 2624 C:\WINDOWS\System32\stobject.dll - ok
14:44:17.0107 2624 [ 3A72AB0BAF2DC1AE0BA6E1EE28FFCC0B ] C:\WINDOWS\System32\msftedit.dll
14:44:17.0107 2624 C:\WINDOWS\System32\msftedit.dll - ok
14:44:17.0107 2624 [ EC69B16644C613F41A57169F8D068F1D ] C:\WINDOWS\System32\batmeter.dll
14:44:17.0107 2624 C:\WINDOWS\System32\batmeter.dll - ok
14:44:17.0107 2624 [ F2596401DB33C35E17D7F3FA7F38EF8B ] C:\Program Files\AWS\WeatherBug\Weather.exe
14:44:17.0107 2624 C:\Program Files\AWS\WeatherBug\Weather.exe - ok
14:44:17.0123 2624 [ 9ACA98B6051AB442A3B87D0DB601900C ] C:\Program Files\AWS\WeatherBug\wxdist.dll
14:44:17.0123 2624 C:\Program Files\AWS\WeatherBug\wxdist.dll - ok
14:44:17.0138 2624 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
14:44:17.0138 2624 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
14:44:17.0138 2624 [ BF08674925F151BD4537B89A493E3E0C ] C:\WINDOWS\ehome\ehtray.exe
14:44:17.0138 2624 C:\WINDOWS\ehome\ehtray.exe - ok
14:44:17.0154 2624 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
14:44:17.0154 2624 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
14:44:17.0154 2624 [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe
14:44:17.0154 2624 C:\Program Files\Windows Sidebar\sidebar.exe - ok
14:44:17.0170 2624 [ 30F02D9C55053367E26A11482F51E255 ] C:\WINDOWS\System32\SndVolSSO.dll
14:44:17.0170 2624 C:\WINDOWS\System32\SndVolSSO.dll - ok
14:44:17.0170 2624 [ 069385484EA57B663D688894C88975C5 ] C:\WINDOWS\System32\wuapp.exe
14:44:17.0170 2624 C:\WINDOWS\System32\wuapp.exe - ok
14:44:17.0185 2624 [ 013D640EE2BA28429AE422BF20A247D3 ] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
14:44:17.0185 2624 C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe - ok
14:44:17.0185 2624 [ 313B30189557A2E2793F845DE0F0A4D5 ] C:\WINDOWS\ehome\ehSSO.dll
14:44:17.0185 2624 C:\WINDOWS\ehome\ehSSO.dll - ok
14:44:17.0201 2624 [ E98E402067978DB38282158F9E8609CA ] C:\WINDOWS\System32\netshell.dll
14:44:17.0201 2624 C:\WINDOWS\System32\netshell.dll - ok
14:44:17.0201 2624 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\WINDOWS\System32\pnidui.dll
14:44:17.0201 2624 C:\WINDOWS\System32\pnidui.dll - ok
14:44:17.0216 2624 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\WINDOWS\System32\wlanutil.dll
14:44:17.0216 2624 C:\WINDOWS\System32\wlanutil.dll - ok
14:44:17.0216 2624 [ ABAEAEE763E287BDD39094C4165E1F3F ] C:\WINDOWS\System32\fdProxy.dll
14:44:17.0216 2624 C:\WINDOWS\System32\fdProxy.dll - ok
14:44:17.0232 2624 [ 4BAEC13BCAA595639EBB5185278DEFEA ] C:\WINDOWS\System32\fdWSD.dll
14:44:17.0232 2624 C:\WINDOWS\System32\fdWSD.dll - ok
14:44:17.0232 2624 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\WINDOWS\System32\rasdlg.dll
14:44:17.0232 2624 C:\WINDOWS\System32\rasdlg.dll - ok
14:44:17.0248 2624 [ 443C5961CACD4ABC16648874AF06E4A0 ] C:\WINDOWS\System32\fdSSDP.dll
14:44:17.0248 2624 C:\WINDOWS\System32\fdSSDP.dll - ok
14:44:17.0248 2624 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
14:44:17.0248 2624 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
14:44:17.0263 2624 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\WINDOWS\System32\wlanapi.dll
14:44:17.0263 2624 C:\WINDOWS\System32\wlanapi.dll - ok
14:44:17.0263 2624 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\WINDOWS\System32\onex.dll
14:44:17.0263 2624 C:\WINDOWS\System32\onex.dll - ok
14:44:17.0279 2624 [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll
14:44:17.0279 2624 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
14:44:17.0279 2624 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\WINDOWS\System32\wbem\NCProv.dll
14:44:17.0279 2624 C:\WINDOWS\System32\wbem\NCProv.dll - ok
14:44:17.0294 2624 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\WINDOWS\System32\eappprxy.dll
14:44:17.0294 2624 C:\WINDOWS\System32\eappprxy.dll - ok
14:44:17.0294 2624 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\WINDOWS\System32\eappcfg.dll
14:44:17.0294 2624 C:\WINDOWS\System32\eappcfg.dll - ok
14:44:17.0310 2624 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\WINDOWS\System32\wbem\wbemcons.dll
14:44:17.0310 2624 C:\WINDOWS\System32\wbem\wbemcons.dll - ok
14:44:17.0310 2624 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\WINDOWS\System32\AltTab.dll
14:44:17.0310 2624 C:\WINDOWS\System32\AltTab.dll - ok
14:44:17.0326 2624 [ 648AB74D9C104FB500B6C4EEDC6A8772 ] C:\WINDOWS\System32\wmpmde.dll
14:44:17.0326 2624 C:\WINDOWS\System32\wmpmde.dll - ok
14:44:17.0326 2624 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\WINDOWS\System32\WPDShServiceObj.dll
14:44:17.0341 2624 C:\WINDOWS\System32\WPDShServiceObj.dll - ok
14:44:17.0341 2624 [ 67D16247C56C26A4F0D79D1A7F272B8F ] C:\WINDOWS\System32\mf.dll
14:44:17.0341 2624 C:\WINDOWS\System32\mf.dll - ok
14:44:17.0357 2624 [ 2495C4204C63678F8FD5D488CA7DAD26 ] C:\WINDOWS\System32\evr.dll
14:44:17.0357 2624 C:\WINDOWS\System32\evr.dll - ok
14:44:17.0357 2624 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\WINDOWS\System32\srchadmin.dll
14:44:17.0357 2624 C:\WINDOWS\System32\srchadmin.dll - ok
14:44:17.0372 2624 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\WINDOWS\System32\webcheck.dll
14:44:17.0372 2624 C:\WINDOWS\System32\webcheck.dll - ok
14:44:17.0372 2624 [ 4DF10CE50010D70152944B51E03588B0 ] C:\WINDOWS\System32\wmdrmsdk.dll
14:44:17.0372 2624 C:\WINDOWS\System32\wmdrmsdk.dll - ok
14:44:17.0372 2624 [ EFD278F8129EE12F1D4AE0250494B791 ] C:\WINDOWS\System32\dxva2.dll
14:44:17.0372 2624 C:\WINDOWS\System32\dxva2.dll - ok
14:44:17.0388 2624 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\WINDOWS\System32\SyncCenter.dll
14:44:17.0388 2624 C:\WINDOWS\System32\SyncCenter.dll - ok
14:44:17.0388 2624 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56 ] C:\WINDOWS\System32\wscntfy.dll
14:44:17.0388 2624 C:\WINDOWS\System32\wscntfy.dll - ok
14:44:17.0404 2624 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\WINDOWS\System32\imapi2.dll
14:44:17.0404 2624 C:\WINDOWS\System32\imapi2.dll - ok
14:44:17.0404 2624 [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\WINDOWS\System32\wmp.dll
14:44:17.0404 2624 C:\WINDOWS\System32\wmp.dll - ok
14:44:17.0419 2624 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\WINDOWS\System32\bthprops.cpl
14:44:17.0419 2624 C:\WINDOWS\System32\bthprops.cpl - ok
14:44:17.0419 2624 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\WINDOWS\System32\msvfw32.dll
14:44:17.0419 2624 C:\WINDOWS\System32\msvfw32.dll - ok
14:44:17.0435 2624 [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\WINDOWS\System32\wmploc.DLL
14:44:17.0435 2624 C:\WINDOWS\System32\wmploc.DLL - ok
14:44:17.0450 2624 [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\WINDOWS\System32\wmpps.dll
14:44:17.0450 2624 C:\WINDOWS\System32\wmpps.dll - ok
14:44:17.0450 2624 [ CA0C67BA7AEBA6AED5DDB852E6EEA811 ] C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
14:44:17.0450 2624 C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
14:44:17.0466 2624 [ 0F4195B9B348DE5CF9B822F81704B20E ] C:\WINDOWS\ehome\ehmsas.exe
14:44:17.0466 2624 C:\WINDOWS\ehome\ehmsas.exe - ok
14:44:17.0466 2624 [ E60E9D5F229CB8DA347D48ADD6E8DC47 ] C:\Program Files\Mozilla Firefox\firefox.exe
14:44:17.0466 2624 C:\Program Files\Mozilla Firefox\firefox.exe - ok
14:44:17.0482 2624 [ 4A938E44BEB41641B70175DACAB1BBB0 ] C:\WINDOWS\ehome\ehProxy.dll
14:44:17.0482 2624 C:\WINDOWS\ehome\ehProxy.dll - ok
14:44:17.0482 2624 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
14:44:17.0482 2624 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
14:44:17.0482 2624 ============================================================
14:44:17.0482 2624 Scan finished
14:44:17.0482 2624 ============================================================
14:44:17.0513 3144 Detected object count: 1
14:44:17.0513 3144 Actual detected object count: 1
14:44:38.0339 3144 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:38.0339 3144 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:52.0423 3420 Deinitialize success


OTL logfile created on: 11/24/2012 2:49:15 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\djokrall\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.64% Memory free
3.98 Gb Paging File | 3.05 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.48 Gb Total Space | 360.93 Gb Free Space | 79.07% Space Free | Partition Type: NTFS
Drive D: | 9.28 Gb Total Space | 1.28 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: DJOKRALL-PC | User Name: djokrall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
PRC - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/11/07 16:29:30 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/10/11 11:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2010/04/29 09:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/04/11 02:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/07/17 03:11:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll


========== Services (SafeList) ==========

SRV - [2012/11/17 17:41:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/07 16:29:50 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/11/07 16:29:48 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 04:49:47 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/17 03:11:21 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 08:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 08:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2976654
IE - HKLM\..\SearchScopes\{CF446D0F-3D66-4EC7-ADA6-CB849752F032}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{14E57420-8F0A-4479-9831-19765F4BF88D}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{20BD4B27-9490-47A9-8EF3-B07A4D634B4A}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....0120625,0,0,0,0
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{5A6CF06D-7D23-4071-A02D-A50176EC5979}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...ion=2.5.18000.3
IE - HKCU\..\SearchScopes\{5E063DB8-80C1-4FAC-A81E-46A6EFD297BC}: "URL" = http://search.yahoo....,18175,0,0,6484
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNRM_en
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupon...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{A8B6F467-0D68-48AC-9D49-BCBC5229AE24}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80291&lng=en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=DgW52S5Su3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121008104707
FF - prefs.js..keyword.URL: "http://mystart.incre...2S5Su3&search="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.iWon_5k.com/Plugin: C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/10/07 15:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WeatherBlink\bar\1.bin [2012/10/07 15:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 17:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/17 17:35:17 | 000,000,000 | ---D | M]

[2012/09/03 16:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Extensions
[2012/11/23 21:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions
[2012/11/18 12:14:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/24 14:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions
[2011/11/05 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/05 18:25:03 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012/06/26 05:57:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/19 09:44:05 | 000,000,000 | ---D | M] (ShopToWin8) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}
[2012/09/23 17:10:24 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\39ffxtbr@MapsGalaxy_39.com
[2012/08/13 14:51:57 | 000,000,000 | ---D | M] ("Game Discovery") -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/06/16 13:22:18 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/09/27 08:05:48 | 000,000,000 | ---D | M] (WeatherBlink) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2011/10/24 10:21:43 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/07/19 09:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\extensionManager
[2012/07/12 16:04:08 | 000,000,598 | ---- | M] () (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox\validators\VBExpiredValidator.js
[2012/11/17 17:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 17:02:42 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/03 14:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/16 10:15:49 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober20211941.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifcondhjchebdnckhimgoancfmfggbe\1.15.132_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (no name) - !{364ea597-e728-4ce4-bb4a-ed846ef47970} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38423836-BD19-40F9-9050-4DDC6EF47611}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 06:23:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 14:35:10 | 000,000,000 | ---D | C] -- C:\Users\djokrall\Desktop\RK_Quarantine
[2012/11/24 14:00:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\djokrall\Desktop\tdsskiller.exe
[2012/11/24 13:59:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
[2012/11/07 16:29:48 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/11/03 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanaticEI

========== Files - Modified Within 30 Days ==========

[2012/11/24 14:47:34 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/24 14:47:31 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/11/24 14:47:31 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/11/24 14:47:30 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/11/24 14:47:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 14:47:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 14:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/24 14:47:10 | 2010,267,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/24 14:46:14 | 000,640,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 14:46:14 | 000,118,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/24 14:01:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 13:56:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\djokrall\Desktop\tdsskiller.exe
[2012/11/24 13:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/24 13:54:46 | 000,752,128 | ---- | M] () -- C:\Users\djokrall\Desktop\RogueKiller.exe
[2012/11/24 11:05:42 | 000,480,125 | ---- | M] () -- C:\Users\djokrall\Desktop\adwcleaner.exe
[2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
[2012/11/23 18:00:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/11/21 07:24:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/11/18 11:07:19 | 000,000,166 | ---- | M] () -- C:\Users\djokrall\Desktop\Yahoo!.url
[2012/11/17 17:38:34 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 17:35:17 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 16:23:49 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 06:48:58 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/11/15 03:32:56 | 000,318,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 03:13:05 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/11/06 13:48:30 | 000,000,189 | ---- | M] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url

========== Files Created - No Company Name ==========

[2012/11/24 14:00:12 | 000,752,128 | ---- | C] () -- C:\Users\djokrall\Desktop\RogueKiller.exe
[2012/11/24 14:00:12 | 000,480,125 | ---- | C] () -- C:\Users\djokrall\Desktop\adwcleaner.exe
[2012/11/17 17:35:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 17:35:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/06 13:48:30 | 000,000,189 | ---- | C] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url
[2012/08/19 18:22:42 | 000,172,448 | ---- | C] () -- C:\Program Files\5zres.dll
[2012/08/19 18:21:33 | 000,172,440 | ---- | C] () -- C:\Program Files\2pres.dll
[2012/08/19 18:20:33 | 000,172,448 | ---- | C] () -- C:\Program Files\1cres.dll
[2012/08/19 18:17:35 | 000,172,464 | ---- | C] () -- C:\Program Files\20res.dll
[2012/06/23 18:32:25 | 000,172,456 | ---- | C] () -- C:\Program Files\14res.dll
[2012/04/03 13:01:19 | 000,006,144 | ---- | C] () -- C:\Users\djokrall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 16:28:41 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/02 10:03:42 | 000,011,948 | --S- | C] () -- C:\Users\djokrall\AppData\Local\p5b76gj2m278
[2011/06/02 10:03:42 | 000,011,948 | --S- | C] () -- C:\ProgramData\p5b76gj2m278
[2011/05/11 17:57:23 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/04/21 09:46:23 | 000,011,916 | --S- | C] () -- C:\Users\djokrall\AppData\Local\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3
[2011/04/21 09:46:23 | 000,011,916 | --S- | C] () -- C:\ProgramData\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3
[2011/02/19 23:22:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/19 23:21:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/19 22:20:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/19 19:07:05 | 000,103,720 | ---- | C] () -- C:\Users\djokrall\GoToAssistDownloadHelper.exe
[2011/02/19 16:26:21 | 000,000,680 | ---- | C] () -- C:\Users\djokrall\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/23 15:29:40 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Activeris
[2012/05/13 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Auslogics
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\DriverCure
[2012/08/25 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\FreeBurner
[2011/07/02 09:46:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\funkitron
[2012/06/03 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\GameCards
[2012/06/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\MusicNet
[2012/06/23 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Nuance
[2012/06/23 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Oberon Media
[2011/12/20 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\OpenOffice.org
[2012/05/27 10:00:02 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\ParetoLogic
[2012/06/01 06:15:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PC Cleaners
[2012/06/01 06:15:46 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PCPro
[2011/05/08 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Sammsoft
[2011/02/19 16:17:07 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Snapfish
[2012/06/26 06:12:34 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedMaxPc
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedyPC Software
[2012/10/27 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Systweak
[2011/04/18 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Tific
[2012/08/12 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Triplay
[2011/12/28 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WeatherBug
[2012/06/03 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WildTangent
[2011/02/27 17:27:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WinBatch
[2012/05/17 13:01:03 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\djokrall\Documents\justin romero.eml:OECustomProperty
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7D6E8689
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A64A7256
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4E85037E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C46995DA

< End of report >
  • 0

#6
Jasmyne
Posted 24 November 2012 - 04:56 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I've got some more scans/fixes for you to hopefully get what's left. :)

Step 1 Posted Image OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2976654
IE - HKLM\..\SearchScopes\{CF446D0F-3D66-4EC7-ADA6-CB849752F032}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{14E57420-8F0A-4479-9831-19765F4BF88D}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{20BD4B27-9490-47A9-8EF3-B07A4D634B4A}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....0120625,0,0,0,0
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{5A6CF06D-7D23-4071-A02D-A50176EC5979}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...ion=2.5.18000.3
IE - HKCU\..\SearchScopes\{5E063DB8-80C1-4FAC-A81E-46A6EFD297BC}: "URL" = http://search.yahoo....,18175,0,0,6484
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupon...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{A8B6F467-0D68-48AC-9D49-BCBC5229AE24}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80291&lng=en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=DgW52S5Su3
FF - HKLM\Software\MozillaPlugins\@ei.iWon_5k.com/Plugin: C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/10/07 15:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WeatherBlink\bar\1.bin [2012/10/07 15:08:17 | 000,000,000 | ---D | M]
[2012/07/19 09:44:05 | 000,000,000 | ---D | M] (ShopToWin8) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}
[2012/08/13 14:51:57 | 000,000,000 | ---D | M] ("Game Discovery") -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/09/23 17:10:24 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\39ffxtbr@MapsGalaxy_39.com
[2012/09/27 08:05:48 | 000,000,000 | ---D | M] (WeatherBlink) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2011/10/24 10:21:43 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/07/19 09:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\extensionManager
[2012/07/12 16:04:08 | 000,000,598 | ---- | M] () (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox\validators\VBExpiredValidator.js
[2012/06/16 10:15:49 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober20211941.xml
O3 - HKLM\..\Toolbar: (no name) - !{364ea597-e728-4ce4-bb4a-ed846ef47970} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
[2012/11/03 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanaticEI
[2012/11/24 14:47:30 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/11/21 07:24:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/08/19 18:22:42 | 000,172,448 | ---- | C] () -- C:\Program Files\5zres.dll
[2012/08/19 18:21:33 | 000,172,440 | ---- | C] () -- C:\Program Files\2pres.dll
[2012/08/19 18:20:33 | 000,172,448 | ---- | C] () -- C:\Program Files\1cres.dll
[2012/08/19 18:17:35 | 000,172,464 | ---- | C] () -- C:\Program Files\20res.dll
[2012/06/23 18:32:25 | 000,172,456 | ---- | C] () -- C:\Program Files\14res.dll
[2011/06/02 10:03:42 | 000,011,948 | --S- | C] () -- C:\Users\djokrall\AppData\Local\p5b76gj2m278
[2011/06/02 10:03:42 | 000,011,948 | --S- | C] () -- C:\ProgramData\p5b76gj2m278
[2011/04/21 09:46:23 | 000,011,916 | --S- | C] () -- C:\Users\djokrall\AppData\Local\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3
[2011/04/21 09:46:23 | 000,011,916 | --S- | C] () -- C:\ProgramData\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3

:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.

Step 2 Reset the FIrewall

Your Firewall needs to be reset. Note: Restoring the default settings removes all of the Windows Firewall settings that you've made for all network location types. This might cause some programs that you've previously allowed through the firewall to stop working. After resetting the firewall some programs may need permission again and it's okay to give the programs permission as long as you know what the program is.

  • Open Windows Firewall by clicking the Start buttonPosted Image, and then clicking Control Panel, clicking Security and then click Windows Firewall.
  • Click Change settings Posted Image If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the Advanced tab, and then click Restore Defaults

Step 3 Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 4 Run ESET online scan.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL Fix Log
2. New OTL Log
3. Results from Malware Bytes
4. Results from Eset Scan
  • 0

#7
jp17315
Posted 24 November 2012 - 10:23 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
here is the log files:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF446D0F-3D66-4EC7-ADA6-CB849752F032}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF446D0F-3D66-4EC7-ADA6-CB849752F032}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14E57420-8F0A-4479-9831-19765F4BF88D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14E57420-8F0A-4479-9831-19765F4BF88D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20BD4B27-9490-47A9-8EF3-B07A4D634B4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20BD4B27-9490-47A9-8EF3-B07A4D634B4A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A6CF06D-7D23-4071-A02D-A50176EC5979}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A6CF06D-7D23-4071-A02D-A50176EC5979}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E063DB8-80C1-4FAC-A81E-46A6EFD297BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E063DB8-80C1-4FAC-A81E-46A6EFD297BC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8B6F467-0D68-48AC-9D49-BCBC5229AE24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8B6F467-0D68-48AC-9D49-BCBC5229AE24}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.iWon_5k.com/Plugin\ deleted successfully.
C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin\ deleted successfully.
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\npEpicPlayDisplayHost\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\chrome folder moved successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\WeatherBlink\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\WeatherBlink\bar\1.bin\chrome folder moved successfully.
C:\Program Files\WeatherBlink\bar\1.bin folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\META-INF folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\skin folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\locale folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\modules\core\session folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\modules\core folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\modules folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox\validators folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox\actions folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\utils\crypto folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\utils\compression folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\utils folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\substitution\settings folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\substitution\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\substitution folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\settings folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\session\settings folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\session folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\overlay\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\overlay folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\monitoring folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\externalJS\utils folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\externalJS\providers folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\externalJS\parser folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\externalJS\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\externalJS folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\extensionManager folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\exceptions folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\diagnostic\testclick folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\diagnostic\statistic folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\diagnostic\pingModule folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\diagnostic\eventSending folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\diagnostic folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\utils folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\reporters folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\piirules\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\piirules folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\eventsending folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\epochtime\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\epochtime folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\dispatchers\killswitch folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\dispatchers\deadmen folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\dispatchers folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\dcaservice\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\dcaservice folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\cookies folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\clicksending\processors folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\clicksending\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\clicksending folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\ajax\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca\ajax folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\dca folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\cookies folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching\storage folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching\providers folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching\listeners folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching\downloaders folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching\dispatchers folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching\config folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\caching folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\bus folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\xhr folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\windows folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\web folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\utils\compression folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\utils folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\tabs folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\storage\preferences folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\storage\file folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\storage folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\notifications folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\logging\appenders folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\logging folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\cookies folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\content folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces\addon folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\interfaces folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\xhr folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\windows folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\web folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\utils\compression folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\utils folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\tabs folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\storage\session folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\storage\registry folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\storage\preferences folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\storage\file folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\storage folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\notifications folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\logging\appenders folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\logging folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\cookies folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\content folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox\addon folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba\firefox folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\cba folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7} folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected] folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\39ffxtbr@MapsGalaxy_39.com\chrome folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\39ffxtbr@MapsGalaxy_39.com folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected] folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\components folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected] folder moved successfully.
Folder C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\extensionManager\ not found.
File C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\voicebox\validators\VBExpiredValidator.js not found.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober20211941.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}\ deleted successfully.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
C:\Program Files\TelevisionFanaticEI\Installr\1.bin folder moved successfully.
C:\Program Files\TelevisionFanaticEI\Installr folder moved successfully.
C:\Program Files\TelevisionFanaticEI folder moved successfully.
C:\WINDOWS\Tasks\PC Optimizer Pro startups.job moved successfully.
C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job moved successfully.
C:\Program Files\5zres.dll moved successfully.
C:\Program Files\2pres.dll moved successfully.
C:\Program Files\1cres.dll moved successfully.
C:\Program Files\20res.dll moved successfully.
C:\Program Files\14res.dll moved successfully.
C:\Users\djokrall\AppData\Local\p5b76gj2m278 moved successfully.
C:\ProgramData\p5b76gj2m278 moved successfully.
C:\Users\djokrall\AppData\Local\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3 moved successfully.
C:\ProgramData\yqh10c338a560kpki4mc6jlbtvgn1175jip75674x6vpg3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: djokrall
->Temp folder emptied: 11708432 bytes
->Temporary Internet Files folder emptied: 16110368 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104018930 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1223 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24943294 bytes
RecycleBin emptied: 3521957 bytes

Total Files Cleaned = 153.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11242012_182352

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 11/24/2012 6:28:42 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\djokrall\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 58.31% Memory free
3.98 Gb Paging File | 3.24 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.48 Gb Total Space | 359.37 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive D: | 9.28 Gb Total Space | 1.28 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: DJOKRALL-PC | User Name: djokrall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
PRC - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/11/07 16:29:30 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/10/11 11:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2010/04/29 09:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/04/11 02:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/07/17 03:11:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll


========== Services (SafeList) ==========

SRV - [2012/11/17 17:41:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/07 16:29:50 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/11/07 16:29:48 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 04:49:47 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/17 03:11:21 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 08:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 08:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNRM_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121008104707
FF - prefs.js..keyword.URL: "http://mystart.incre...2S5Su3&search="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 17:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/17 17:35:17 | 000,000,000 | ---D | M]

[2012/09/03 16:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Extensions
[2012/11/23 21:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions
[2012/11/18 12:14:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/24 18:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions
[2011/11/05 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/05 18:25:03 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012/06/26 05:57:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/16 13:22:18 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/11/17 17:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 17:02:42 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/03 14:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifcondhjchebdnckhimgoancfmfggbe\1.15.132_0\

O1 HOSTS File: ([2012/11/24 15:01:41 | 000,197,924 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 yourfiledownloader.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 stp.babylon.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 protectorlb-1556088852.us-east-1.elb.amazonaws.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cmp.online-hd.tv # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 data.downloadstarter.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 softingo.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 installer.betterinstaller.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.bisrv.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 qwe.goforfiles.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.softologic.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 illyx.co # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.tiptopsoft.org # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ads.hooqy.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 antivirus.nouvelle-version.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.download-free.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdneu.bestflvplayer.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.bigspeedpro.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 dt3j8jg8ei6zr.cloudfront.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 downloadcdn.betterinstaller.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 installer.filebulldog.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 download.fr.filewin.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 gimp.soft32.fr # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 widgets.wizebar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 mntr.babcdn.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.montiera.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 3561 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38423836-BD19-40F9-9050-4DDC6EF47611}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 06:23:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 18:23:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/24 15:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012/11/24 14:35:10 | 000,000,000 | ---D | C] -- C:\Users\djokrall\Desktop\RK_Quarantine
[2012/11/24 14:00:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\djokrall\Desktop\tdsskiller.exe
[2012/11/24 13:59:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
[2012/11/07 16:29:48 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2012/11/24 18:27:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/24 18:27:03 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/11/24 18:27:03 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/11/24 18:26:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 18:26:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 18:26:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/24 18:26:38 | 2010,284,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/24 18:01:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 18:00:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/11/24 17:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/24 15:01:41 | 000,197,924 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/24 14:54:30 | 000,640,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 14:54:30 | 000,118,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/24 13:56:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\djokrall\Desktop\tdsskiller.exe
[2012/11/24 13:54:46 | 000,752,128 | ---- | M] () -- C:\Users\djokrall\Desktop\RogueKiller.exe
[2012/11/24 11:05:42 | 000,480,125 | ---- | M] () -- C:\Users\djokrall\Desktop\adwcleaner.exe
[2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
[2012/11/18 11:07:19 | 000,000,166 | ---- | M] () -- C:\Users\djokrall\Desktop\Yahoo!.url
[2012/11/17 17:38:34 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 17:35:17 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 16:23:49 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 06:48:58 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/11/15 03:32:56 | 000,318,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 03:13:05 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/11/06 13:48:30 | 000,000,189 | ---- | M] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url

========== Files Created - No Company Name ==========

[2012/11/24 14:00:12 | 000,752,128 | ---- | C] () -- C:\Users\djokrall\Desktop\RogueKiller.exe
[2012/11/24 14:00:12 | 000,480,125 | ---- | C] () -- C:\Users\djokrall\Desktop\adwcleaner.exe
[2012/11/17 17:35:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 17:35:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/06 13:48:30 | 000,000,189 | ---- | C] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url
[2012/04/03 13:01:19 | 000,006,144 | ---- | C] () -- C:\Users\djokrall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 16:28:41 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/05/11 17:57:23 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/19 23:22:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/19 23:21:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/19 22:20:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/19 19:07:05 | 000,103,720 | ---- | C] () -- C:\Users\djokrall\GoToAssistDownloadHelper.exe
[2011/02/19 16:26:21 | 000,000,680 | ---- | C] () -- C:\Users\djokrall\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/23 15:29:40 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Activeris
[2012/05/13 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Auslogics
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\DriverCure
[2012/08/25 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\FreeBurner
[2011/07/02 09:46:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\funkitron
[2012/06/03 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\GameCards
[2012/06/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\MusicNet
[2012/06/23 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Nuance
[2012/06/23 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Oberon Media
[2011/12/20 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\OpenOffice.org
[2012/05/27 10:00:02 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\ParetoLogic
[2012/06/01 06:15:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PC Cleaners
[2012/06/01 06:15:46 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PCPro
[2011/05/08 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Sammsoft
[2011/02/19 16:17:07 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Snapfish
[2012/06/26 06:12:34 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedMaxPc
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedyPC Software
[2012/10/27 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Systweak
[2011/04/18 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Tific
[2012/08/12 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Triplay
[2011/12/28 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WeatherBug
[2012/06/03 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WildTangent
[2011/02/27 17:27:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WinBatch
[2012/05/17 13:01:03 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\djokrall\Documents\justin romero.eml:OECustomProperty
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7D6E8689
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A64A7256
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4E85037E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C46995DA

< End of report >


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.24.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
djokrall :: DJOKRALL-PC [administrator]

11/24/2012 6:39:00 PM
mbam-log-2012-11-24 (18-39-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191154
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEZSETP.dll Win32/Toolbar.MyWebSearch.Q application
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\NP2pEISb.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-jewelquestmysteriestrailofthemidnightheart_gamehouse_.exe Win32/OpenCandy application
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-supergamehousesolitaire_gamehouse_.exe Win32/OpenCandy application
C:\Program Files\RealArcade\Installer\GameHouse-Installer_amg-texttwist2_gamehouse_.exe Win32/OpenCandy application
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application
C:\Users\djokrall\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\012F47CE.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\djokrall\Downloads\ArcadeWebSetup.exe a variant of Win32/Adware.Gamevance.CF application
C:\Users\djokrall\Downloads\GameHouse-Installer_am-bejeweled2deluxe_gamehouse_.exe Win32/OpenCandy application
C:\Users\djokrall\Downloads\PlayFizzSetup.exe Win32/OpenCandy application
C:\Users\djokrall\Downloads\RegAlive.zip MSIL/Adware.RegAlive application
C:\Users\djokrall\Downloads\TotalRecipeSearchSetup2.3.99.33.YKman000.exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\_OTL\MovedFiles\11242012_182352\C_Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\11242012_182352\C_Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\_OTL\MovedFiles\11242012_182352\C_Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll Win32/Toolbar.MyWebSearch application


Internet explorer still takes a considerable amount of time to load home page and subsequent pages. Thought you should know.
  • 0

#8
Jasmyne
Posted 25 November 2012 - 10:11 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
We still have a few more left, and then we'll work on getting IE running better. :)

Step 1Posted Image OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found

:Files
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEIPlug.dll
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEZSETP.dll
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\NP2pEISb.dll
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEIPlug.dll
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEZSETP.dll
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-jewelquestmysteriestrailofthemidnightheart_gamehouse_.exe
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-supergamehousesolitaire_gamehouse_.exe
C:\Program Files\RealArcade\Installer\GameHouse-Installer_amg-texttwist2_gamehouse_.exe
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll
C:\Users\djokrall\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\012F47CE.exe
C:\Users\djokrall\Downloads\ArcadeWebSetup.exe
C:\Users\djokrall\Downloads\GameHouse-Installer_am-bejeweled2deluxe_gamehouse_.exe
C:\Users\djokrall\Downloads\PlayFizzSetup.exe
C:\Users\djokrall\Downloads\RegAlive.zip
C:\Users\djokrall\Downloads\TotalRecipeSearchSetup2.3.99.33.YKman000.exe

:Commands
[emptytemp]
[CREATERESTOREPOINT]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.

Step 2 Troubleshooting Internet Explorer

One of the things that can cause IE to run slowly is bad or incompatible extenions and/or add-ons. We can check this by starting IE without them to see if the speed is better.

  • Click Start -> All Programs -> Accessories -> System Tools, and then click Internet Explorer (No Add-ons).
    If it appears to be working properly then we have an extension or add-on issue. Follow the next steps to determine which one it is.

To determine which one is causing problems we need to isolate it:
  • Open IE -> Click Tools -> Internet Options.
  • Click the Programs tab, then Manage add-ons:
    Note: The Manage Add-ons option under Tools is disabled in No Add-ons mode so you must go to Internet Options, Programs, Manage add-ons to manually enable/disable add-ons.

    Posted Image
  • Select an add-on in the Name list, and then click Disable

    Posted Image

    Posted Image
  • Click OK, OK again, OK again and then close IE.
  • Restart IE normally and see if your problem is resolved.

  • If it is, you should uninstall the specific add-on via Control Panel’s Add/Remove Programs or the applications own uninstaller.
  • If the problem persists, you will need to repeat the steps until you have identified the specific add-on causing the problem.

Step 3 Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL Fix
2. New OTL Log
3. Does IE work properly without addon-ons? If so were you able to isolate the add-on causing the problem?
4. Security Check
  • 0

#9
jp17315
Posted 25 November 2012 - 12:08 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
IE ran ok without addons. I will start checking which one or ones are causing a problem. there are about 32 addons and extensions for me to check so I hopefully will have an answer on your next reply.

Here are the log files:

All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
========== FILES ==========
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEIPlug.dll moved successfully.
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEZSETP.dll moved successfully.
C:\Program Files\CouponAlert_2pEI\Installr\2.bin\NP2pEISb.dll moved successfully.
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEIPlug.dll moved successfully.
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEZSETP.dll moved successfully.
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-jewelquestmysteriestrailofthemidnightheart_gamehouse_.exe moved successfully.
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-supergamehousesolitaire_gamehouse_.exe moved successfully.
C:\Program Files\RealArcade\Installer\GameHouse-Installer_amg-texttwist2_gamehouse_.exe moved successfully.
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll moved successfully.
C:\Users\djokrall\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\012F47CE.exe moved successfully.
C:\Users\djokrall\Downloads\ArcadeWebSetup.exe moved successfully.
C:\Users\djokrall\Downloads\GameHouse-Installer_am-bejeweled2deluxe_gamehouse_.exe moved successfully.
C:\Users\djokrall\Downloads\PlayFizzSetup.exe moved successfully.
C:\Users\djokrall\Downloads\RegAlive.zip moved successfully.
C:\Users\djokrall\Downloads\TotalRecipeSearchSetup2.3.99.33.YKman000.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: djokrall
->Temp folder emptied: 150068359 bytes
->Temporary Internet Files folder emptied: 10551518 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64422893 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 815 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3292 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 215.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11252012_122820

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 11/25/2012 12:40:18 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\djokrall\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.41% Memory free
3.98 Gb Paging File | 3.19 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.48 Gb Total Space | 361.47 Gb Free Space | 79.19% Space Free | Partition Type: NTFS
Drive D: | 9.28 Gb Total Space | 1.28 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: DJOKRALL-PC | User Name: djokrall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
PRC - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/11/07 16:29:30 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/10/11 11:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2010/04/29 09:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/04/11 02:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/07/17 03:11:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll


========== Services (SafeList) ==========

SRV - [2012/11/17 17:41:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/07 16:29:50 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/11/07 16:29:48 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 04:49:47 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/17 03:11:21 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 08:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 08:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNRM_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121008104707
FF - prefs.js..keyword.URL: "http://mystart.incre...2S5Su3&search="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 17:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/17 17:35:17 | 000,000,000 | ---D | M]

[2012/09/03 16:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Extensions
[2012/11/23 21:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions
[2012/11/18 12:14:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\bhxmi1za.default-1349642571038\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/24 18:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions
[2011/11/05 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/05 18:25:03 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012/06/26 05:57:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/16 13:22:18 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\jljb0gkm.default\extensions\[email protected]
[2012/11/17 17:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 17:02:42 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/03 14:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifcondhjchebdnckhimgoancfmfggbe\1.15.132_0\

O1 HOSTS File: ([2012/11/24 15:01:41 | 000,197,924 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 yourfiledownloader.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 stp.babylon.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 protectorlb-1556088852.us-east-1.elb.amazonaws.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cmp.online-hd.tv # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 data.downloadstarter.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 softingo.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 installer.betterinstaller.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.bisrv.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 qwe.goforfiles.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.softologic.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 illyx.co # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.tiptopsoft.org # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ads.hooqy.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 antivirus.nouvelle-version.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.download-free.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdneu.bestflvplayer.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.bigspeedpro.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 dt3j8jg8ei6zr.cloudfront.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 downloadcdn.betterinstaller.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 installer.filebulldog.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 download.fr.filewin.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 gimp.soft32.fr # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 widgets.wizebar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 mntr.babcdn.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.montiera.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 3561 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38423836-BD19-40F9-9050-4DDC6EF47611}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 06:23:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 19:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/24 18:37:40 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\djokrall\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/24 18:23:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/24 15:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012/11/24 14:35:10 | 000,000,000 | ---D | C] -- C:\Users\djokrall\Desktop\RK_Quarantine
[2012/11/24 14:00:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\djokrall\Desktop\tdsskiller.exe
[2012/11/24 13:59:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
[2012/11/07 16:29:48 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2012/11/25 12:39:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 12:39:12 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/11/25 12:39:12 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/11/25 12:34:56 | 000,640,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/25 12:34:56 | 000,118,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/25 12:30:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 12:30:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 12:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 12:30:26 | 2010,214,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 12:26:27 | 000,856,731 | ---- | M] () -- C:\Users\djokrall\Desktop\SecurityCheck.exe
[2012/11/24 23:01:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 22:56:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/24 18:38:21 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/24 18:20:01 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\djokrall\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/24 18:00:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/11/24 15:01:41 | 000,197,924 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/24 13:56:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\djokrall\Desktop\tdsskiller.exe
[2012/11/24 13:54:46 | 000,752,128 | ---- | M] () -- C:\Users\djokrall\Desktop\RogueKiller.exe
[2012/11/24 11:05:42 | 000,480,125 | ---- | M] () -- C:\Users\djokrall\Desktop\adwcleaner.exe
[2012/11/23 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\djokrall\Desktop\OTL.exe
[2012/11/18 11:07:19 | 000,000,166 | ---- | M] () -- C:\Users\djokrall\Desktop\Yahoo!.url
[2012/11/17 17:38:34 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 17:35:17 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 06:48:58 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/11/15 03:32:56 | 000,318,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 03:13:05 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/11/06 13:48:30 | 000,000,189 | ---- | M] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url

========== Files Created - No Company Name ==========

[2012/11/25 12:27:06 | 000,856,731 | ---- | C] () -- C:\Users\djokrall\Desktop\SecurityCheck.exe
[2012/11/24 14:00:12 | 000,752,128 | ---- | C] () -- C:\Users\djokrall\Desktop\RogueKiller.exe
[2012/11/24 14:00:12 | 000,480,125 | ---- | C] () -- C:\Users\djokrall\Desktop\adwcleaner.exe
[2012/11/17 17:35:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/17 17:35:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/06 13:48:30 | 000,000,189 | ---- | C] () -- C:\Users\djokrall\Desktop\Express Scripts Members Start Home Delivery, Order Refills, Order Prescriptions.url
[2012/04/03 13:01:19 | 000,006,144 | ---- | C] () -- C:\Users\djokrall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 16:28:41 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/05/11 17:57:23 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/19 23:22:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/19 23:21:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/19 22:20:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/19 19:07:05 | 000,103,720 | ---- | C] () -- C:\Users\djokrall\GoToAssistDownloadHelper.exe
[2011/02/19 16:26:21 | 000,000,680 | ---- | C] () -- C:\Users\djokrall\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/23 15:29:40 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Activeris
[2012/05/13 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Auslogics
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\DriverCure
[2012/08/25 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\FreeBurner
[2011/07/02 09:46:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\funkitron
[2012/06/03 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\GameCards
[2012/06/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\MusicNet
[2012/06/23 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Nuance
[2012/06/23 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Oberon Media
[2011/12/20 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\OpenOffice.org
[2012/05/27 10:00:02 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\ParetoLogic
[2012/06/01 06:15:44 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PC Cleaners
[2012/06/01 06:15:46 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\PCPro
[2011/05/08 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Sammsoft
[2011/02/19 16:17:07 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Snapfish
[2012/06/26 06:12:34 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedMaxPc
[2012/04/28 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\SpeedyPC Software
[2012/10/27 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Systweak
[2011/04/18 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Tific
[2012/08/12 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Triplay
[2011/12/28 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WeatherBug
[2012/06/03 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WildTangent
[2011/02/27 17:27:04 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\WinBatch
[2012/05/17 13:01:03 | 000,000,000 | ---D | M] -- C:\Users\djokrall\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\djokrall\Documents\justin romero.eml:OECustomProperty
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7D6E8689
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A64A7256
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4E85037E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C46995DA

< End of report >


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
JavaFX 2.0.3
Java™ 6 Update 25
Java 7 Update 9
Java™ SE Runtime Environment 6 Update 1
Adobe Flash Player 11.5.502.110
Adobe Reader XI
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#10
jp17315
Posted 25 November 2012 - 02:28 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
I found the addon that is causing IE problems. Lucky for me it was the first one I checked. Shockwave Flash Object was the addon.
  • 0

#11
Jasmyne
Posted 25 November 2012 - 04:01 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
That's great! It can be tedious with that many add-ons. I personally only have a handful. There's few little things that needs to go with OTL. By the way...good call on the new hosts file for this computer. :thumbsup:

Step 1 One more OTL Fix (hopefully the last)

Open OTL one more time.

Copy this code and click Run Fix.

:OTL
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com//?loc=ff_address_bar&a=DgW52S5Su3&search="
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
:Commands
[emptytemp]

Post the new fix log in your next reply.

Step 2 Update Firefox.

You can download the newest version of Firefox here

Step 3 Remove HijackThis.

The version of HijackThis is out of date, and HijackThis isn't commonly used anymore as malware can hide from it so it can be removed.
All you need to do is delete it.

Step 4 Defragment your hard drive.

  • Open Disk Defragmenter by clicking the Start button Posted Image, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter. Posted Image If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click Defragment Now.

Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.
  • 0

#12
jp17315
Posted 25 November 2012 - 06:00 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
I updated Firefox, deleted HijackThis and defragged the hard drive. here is the OTL fix log:

All processes killed
========== OTL ==========
Prefs.js: "http://mystart.incre...2S5Su3&search=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F92A9FE4-2850-4198-B9D5-279880E49B16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: djokrall
->Temp folder emptied: 5746852 bytes
->Temporary Internet Files folder emptied: 32289283 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28033732 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12248 bytes
RecycleBin emptied: 216 bytes

Total Files Cleaned = 63.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11252012_171314

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#13
Jasmyne
Posted 26 November 2012 - 08:09 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Congratulations and Good Work, It looks like your log is clean. :thumbsup:

Now for some final "housekeeping" procedures.

1. Clear Old Restore Points

Follow instructions here to clear the old restore points that could be infected and create a new clean restore point.

2. OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~


MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

SUPERAntiSpyware Is another great Anti-Malware product that scans your computer for known Spyware, Adware, Malware, Trojans, and many other types of threats, and allows you to remove or quarantine them. It offers daily (manual) definition updates, as well as home page hijack protection and customizable scan options.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials, Anti-Vir or Avast! Antivirus all three FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~


Like antivirus, if for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~


Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~


Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place?

Happy surfing! :wave:
  • 0

#14
Essexboy
Posted 03 January 2013 - 07:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP