Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Super Slow WMP not recognizing devices


  • Please log in to reply

#1
polling

polling

    Member

  • Member
  • PipPipPip
  • 303 posts
Computer is super slow

Takes forever to open up any item

WMP also not recognizing Devices



Thanks In adavance




OTL logfile created on: 11/27/2012 1:58:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frank\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 39.15% Memory free
3.50 Gb Paging File | 1.24 Gb Available in Paging File | 35.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.02 Gb Total Space | 365.92 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive D: | 10.64 Gb Total Space | 1.57 Gb Free Space | 14.78% Space Free | Partition Type: NTFS

Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/27 13:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2012/11/04 22:05:46 | 000,295,760 | ---- | M] (Fireleap Software LLC) -- C:\Program Files (x86)\TuneSync\TuneSync.exe
PRC - [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 21:49:39 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/08/31 15:41:18 | 007,321,600 | ---- | M] (Google Inc.) -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/19 10:12:55 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/18 13:00:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/18 04:53:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/18 04:53:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 04:53:02 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/18 04:52:51 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/18 04:52:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/18 04:52:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/18 04:52:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/18 04:52:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/18 04:52:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/18 04:52:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/18 04:51:58 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/18 04:51:50 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/18 03:51:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012/11/18 03:51:13 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012/11/18 03:50:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012/11/18 03:50:33 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012/11/18 03:50:06 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012/11/18 03:48:12 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012/11/18 03:47:53 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012/10/29 14:23:37 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 21:49:37 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/31 15:29:34 | 000,344,064 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/08/31 15:29:24 | 000,231,936 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/08/31 15:28:38 | 000,231,936 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/08/31 15:28:34 | 000,117,248 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/08/27 12:29:44 | 000,026,624 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2012/08/27 12:29:20 | 010,683,392 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2012/08/27 12:29:16 | 001,681,408 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2012/08/27 12:29:08 | 007,741,952 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2012/08/27 12:29:04 | 002,248,192 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/07 18:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/29 14:24:16 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/10/08 21:49:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BF16260-FC73-4304-85B1-F6C49835EA04}
IE:64bit: - HKLM\..\SearchScopes\{6F1B991B-98EC-4DBD-B6FD-CFF56B0B19E7}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE:64bit: - HKLM\..\SearchScopes\{9BF16260-FC73-4304-85B1-F6C49835EA04}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{6F1B991B-98EC-4DBD-B6FD-CFF56B0B19E7}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{9BF16260-FC73-4304-85B1-F6C49835EA04}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{6F1B991B-98EC-4DBD-B6FD-CFF56B0B19E7}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{89F8B001-2BEA-4AEB-934E-584FF985442E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{9BF16260-FC73-4304-85B1-F6C49835EA04}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.9.1
FF - prefs.js..extensions.enabledAddons: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}:4.9.3
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.0
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..keyword.URL: "http://feed.snap.do/...archtype=ds&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 14:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 12:16:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 14:24:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 12:16:58 | 000,000,000 | ---D | M]

[2011/02/12 21:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/10/04 13:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions
[2011/02/12 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/11/24 01:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions
[2011/06/05 21:59:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/11/22 12:02:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/20 16:23:58 | 000,234,741 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\[email protected]
[2012/09/26 20:22:37 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\[email protected]
[2012/11/22 13:53:23 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/14 10:42:12 | 000,137,717 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi
[2012/11/24 01:49:29 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/15 08:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/29 14:24:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 05:25:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/15 08:53:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [MusicManager] C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TuneSync] C:\Program Files (x86)\TuneSync\TuneSync.exe (Fireleap Software LLC)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4269DD6C-B594-4BFA-BA6C-258867599855}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5dee7509-ee23-11e1-8e57-7071bc9fc43a}\Shell - "" = AutoRun
O33 - MountPoints2\{5dee7509-ee23-11e1-8e57-7071bc9fc43a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 13:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012/11/22 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Jaran Nilsen
[2012/11/22 14:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notpod
[2012/11/22 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notpod
[2012/11/22 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\LINDA
[2012/11/20 23:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2012/11/20 23:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrintProjects
[2012/11/20 23:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/20 23:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2012/11/20 22:50:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2012/11/19 10:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/19 09:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/17 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\11-17-2012
[2012/11/13 13:30:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Whictomb Originals
[2012/11/12 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Patton
[2012/11/09 12:59:56 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Prest resized
[2012/11/09 12:13:33 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU5
[2012/11/08 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU4
[2012/11/07 11:25:31 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU2
[2012/11/06 23:56:18 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\13920 Chatham
[2012/11/06 20:24:22 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneSync
[2012/11/06 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneSync
[2012/11/05 12:56:43 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU
[2012/10/31 12:45:37 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/10/31 12:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/10/31 12:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2012/10/31 11:50:06 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2012/10/31 11:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/10/31 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[1 C:\Users\Frank\*.tmp files -> C:\Users\Frank\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/27 13:59:22 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1133253992-2123315571-3751703014-1001UA.job
[2012/11/27 13:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012/11/27 13:49:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/27 13:30:56 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 13:30:56 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 13:20:30 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1133253992-2123315571-3751703014-1001Core.job
[2012/11/27 13:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 12:11:25 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 14:52:04 | 000,041,941 | ---- | M] () -- C:\Users\Frank\Desktop\Jackson.m3u
[2012/11/22 14:45:19 | 000,280,697 | ---- | M] () -- C:\Users\Frank\Desktop\notpod-1.5.1-installer.exe
[2012/11/22 14:44:38 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/22 14:44:38 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/22 14:44:38 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/22 12:46:42 | 000,032,706 | ---- | M] () -- C:\Users\Frank\Documents\LINDA.m3u
[2012/11/22 11:53:34 | 000,005,120 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 23:17:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012/11/20 23:10:11 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/20 23:00:27 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/20 22:53:26 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/20 14:41:14 | 004,652,950 | ---- | M] () -- C:\Users\Frank\Desktop\ptttty.jpg
[2012/11/18 12:32:25 | 000,044,302 | ---- | M] () -- C:\Users\Frank\Desktop\Ptty.jpg
[2012/11/18 12:15:01 | 000,215,607 | ---- | M] () -- C:\Users\Frank\Desktop\Pony.jpg
[2012/11/18 12:13:47 | 000,057,780 | ---- | M] () -- C:\Users\Frank\Desktop\mnny.jpg
[2012/11/18 04:45:03 | 000,278,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/17 20:41:18 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/16 01:12:01 | 003,445,165 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_140857.jpg
[2012/11/16 01:11:55 | 003,336,493 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_140945.jpg
[2012/11/16 01:11:17 | 003,652,645 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_142443.jpg
[2012/11/16 01:11:11 | 004,145,061 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_142459.jpg
[2012/11/16 01:01:26 | 038,853,503 | ---- | M] () -- C:\Users\Frank\Desktop\13920 Chatham.zip
[2012/11/14 11:56:25 | 000,476,343 | ---- | M] () -- C:\Users\Frank\Desktop\contacts.csv
[2012/11/09 13:01:49 | 000,066,560 | ---- | M] () -- C:\Users\Frank\Desktop\13524439111890.jpg
[2012/11/09 13:01:43 | 000,072,889 | ---- | M] () -- C:\Users\Frank\Desktop\13524439112271.jpg
[2012/11/09 13:01:38 | 000,058,382 | ---- | M] () -- C:\Users\Frank\Desktop\13524439122333.jpg
[2012/11/09 13:01:34 | 000,056,307 | ---- | M] () -- C:\Users\Frank\Desktop\13524439120302.jpg
[2012/11/09 13:01:31 | 000,058,466 | ---- | M] () -- C:\Users\Frank\Desktop\13524439125654.jpg
[2012/11/07 18:37:57 | 000,022,736 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/11/07 18:37:36 | 000,041,240 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/11/07 18:37:34 | 000,301,264 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/11/07 18:37:31 | 000,390,392 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/11/02 15:38:48 | 000,001,120 | ---- | M] () -- C:\Users\Frank\Desktop\qrcode.png
[2012/10/30 14:49:32 | 000,028,162 | ---- | M] () -- C:\Users\Frank\Desktop\Michigan_Official_7_Day_Notice_for_Non-Payment_of_Rent.pdf
[2012/10/29 14:24:26 | 000,002,054 | ---- | M] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 C:\Users\Frank\*.tmp files -> C:\Users\Frank\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/22 14:52:03 | 000,041,941 | ---- | C] () -- C:\Users\Frank\Desktop\Jackson.m3u
[2012/11/22 14:45:03 | 000,280,697 | ---- | C] () -- C:\Users\Frank\Desktop\notpod-1.5.1-installer.exe
[2012/11/22 12:46:42 | 000,032,706 | ---- | C] () -- C:\Users\Frank\Documents\LINDA.m3u
[2012/11/20 23:10:11 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/20 23:00:27 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/20 22:53:26 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/20 14:40:58 | 004,652,950 | ---- | C] () -- C:\Users\Frank\Desktop\ptttty.jpg
[2012/11/19 09:47:48 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012/11/18 12:32:22 | 000,044,302 | ---- | C] () -- C:\Users\Frank\Desktop\Ptty.jpg
[2012/11/18 12:14:59 | 000,215,607 | ---- | C] () -- C:\Users\Frank\Desktop\Pony.jpg
[2012/11/18 12:13:41 | 000,057,780 | ---- | C] () -- C:\Users\Frank\Desktop\mnny.jpg
[2012/11/18 03:57:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/18 03:08:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/16 01:11:58 | 003,445,165 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_140857.jpg
[2012/11/16 01:11:49 | 003,336,493 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_140945.jpg
[2012/11/16 01:11:15 | 003,652,645 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_142443.jpg
[2012/11/16 01:11:04 | 004,145,061 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_142459.jpg
[2012/11/16 01:00:43 | 038,853,503 | ---- | C] () -- C:\Users\Frank\Desktop\13920 Chatham.zip
[2012/11/14 11:56:10 | 000,476,343 | ---- | C] () -- C:\Users\Frank\Desktop\contacts.csv
[2012/11/09 13:01:48 | 000,066,560 | ---- | C] () -- C:\Users\Frank\Desktop\13524439111890.jpg
[2012/11/09 13:01:43 | 000,072,889 | ---- | C] () -- C:\Users\Frank\Desktop\13524439112271.jpg
[2012/11/09 13:01:38 | 000,058,382 | ---- | C] () -- C:\Users\Frank\Desktop\13524439122333.jpg
[2012/11/09 13:01:34 | 000,056,307 | ---- | C] () -- C:\Users\Frank\Desktop\13524439120302.jpg
[2012/11/09 13:01:25 | 000,058,466 | ---- | C] () -- C:\Users\Frank\Desktop\13524439125654.jpg
[2012/11/02 15:37:03 | 000,001,120 | ---- | C] () -- C:\Users\Frank\Desktop\qrcode.png
[2012/10/30 14:49:14 | 000,028,162 | ---- | C] () -- C:\Users\Frank\Desktop\Michigan_Official_7_Day_Notice_for_Non-Payment_of_Rent.pdf
[2012/10/21 08:23:22 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/15 00:50:36 | 000,005,120 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 11:26:54 | 000,001,057 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\vso_ts_preview.xml
[2011/07/18 09:54:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/06 23:26:41 | 000,000,075 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/13 00:11:36 | 000,744,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/04/09 15:16:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AnvSoft
[2011/02/12 22:12:50 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AquaSoft
[2012/06/21 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Audacity
[2012/10/31 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2011/02/12 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Azureus
[2012/11/26 12:14:01 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2011/02/13 03:03:06 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Foxit
[2012/01/12 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Foxit Software
[2011/04/09 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Fronoh
[2011/06/19 08:51:21 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\iWin
[2012/11/22 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Jaran Nilsen
[2012/11/06 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\JRT Studio
[2011/03/31 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Juniper Networks
[2011/02/12 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mobipocket
[2011/05/20 12:29:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenCandy
[2011/05/20 12:43:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Orbit
[2011/02/16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PDF reDirect
[2011/02/12 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PictureMover
[2011/05/20 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ProgSense
[2012/10/21 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\QuickScan
[2011/02/12 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Research In Motion
[2011/05/20 12:42:09 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Sammsoft
[2012/10/18 02:04:21 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Samsung
[2012/11/21 10:46:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\SoftGrid Client
[2011/07/16 22:47:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Temp
[2011/02/12 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2011/02/13 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TP
[2012/09/03 10:42:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Vso
[2011/02/26 10:50:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Walgreens
[2011/09/29 23:01:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WinBatch
[2011/04/08 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Windows Live Writer
[2011/03/06 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\YCanPDF

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Multiple replies are OK.

Ron
  • 0

#3
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Thanks So much for Replying im doing the scans as we speak

i will have them all psoted shortly
  • 0

#4
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok i tried to do combofix i ran it for 7 hrs and it got to stage 48

So i didnt finish it

Here are the logs


MBAM Log
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: FRANK-PC [administrator]

11/30/2012 6:10:18 PM
mbam-log-2012-11-30 (18-10-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206984
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ASWMBR Log
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: FRANK-PC [administrator]

11/30/2012 6:10:18 PM
mbam-log-2012-11-30 (18-10-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206984
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

TDSSKiller LOG

17:58:16.0697 2600 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:58:17.0523 2600 ============================================================
17:58:17.0523 2600 Current date / time: 2012/11/30 17:58:17.0523
17:58:17.0523 2600 SystemInfo:
17:58:17.0523 2600
17:58:17.0523 2600 OS Version: 6.1.7601 ServicePack: 1.0
17:58:17.0523 2600 Product type: Workstation
17:58:17.0523 2600 ComputerName: FRANK-PC
17:58:17.0523 2600 UserName: Frank
17:58:17.0523 2600 Windows directory: C:\Windows
17:58:17.0523 2600 System windows directory: C:\Windows
17:58:17.0523 2600 Running under WOW64
17:58:17.0523 2600 Processor architecture: Intel x64
17:58:17.0523 2600 Number of processors: 1
17:58:17.0523 2600 Page size: 0x1000
17:58:17.0523 2600 Boot type: Normal boot
17:58:17.0523 2600 ============================================================
17:58:18.0990 2600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:58:19.0021 2600 ============================================================
17:58:19.0021 2600 \Device\Harddisk0\DR0:
17:58:19.0021 2600 MBR partitions:
17:58:19.0021 2600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:58:19.0021 2600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38E0A800
17:58:19.0021 2600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38E3D000, BlocksNum 0x1548800
17:58:19.0021 2600 ============================================================
17:58:19.0068 2600 C: <-> \Device\Harddisk0\DR0\Partition2
17:58:19.0239 2600 D: <-> \Device\Harddisk0\DR0\Partition3
17:58:19.0239 2600 ============================================================
17:58:19.0239 2600 Initialize success
17:58:19.0239 2600 ============================================================
17:58:24.0372 4176 ============================================================
17:58:24.0372 4176 Scan started
17:58:24.0372 4176 Mode: Manual; SigCheck; TDLFS;
17:58:24.0372 4176 ============================================================
17:58:25.0370 4176 ================ Scan system memory ========================
17:58:25.0370 4176 System memory - ok
17:58:25.0386 4176 ================ Scan services =============================
17:58:25.0479 4176 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:58:25.0589 4176 !SASCORE - ok
17:58:25.0760 4176 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:58:25.0807 4176 1394ohci - ok
17:58:25.0838 4176 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:58:25.0854 4176 ACPI - ok
17:58:25.0885 4176 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:58:25.0932 4176 AcpiPmi - ok
17:58:26.0041 4176 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:58:26.0057 4176 AdobeFlashPlayerUpdateSvc - ok
17:58:26.0088 4176 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:58:26.0119 4176 adp94xx - ok
17:58:26.0150 4176 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:58:26.0166 4176 adpahci - ok
17:58:26.0181 4176 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:58:26.0228 4176 adpu320 - ok
17:58:26.0259 4176 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:58:26.0337 4176 AeLookupSvc - ok
17:58:26.0400 4176 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:58:26.0447 4176 AFD - ok
17:58:26.0478 4176 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:58:26.0493 4176 agp440 - ok
17:58:26.0540 4176 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:58:26.0649 4176 ALG - ok
17:58:26.0681 4176 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:58:26.0696 4176 aliide - ok
17:58:26.0774 4176 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:58:26.0790 4176 amdide - ok
17:58:26.0821 4176 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:58:26.0883 4176 AmdK8 - ok
17:58:26.0915 4176 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:58:26.0946 4176 AmdPPM - ok
17:58:26.0977 4176 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:58:26.0993 4176 amdsata - ok
17:58:27.0008 4176 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:58:27.0055 4176 amdsbs - ok
17:58:27.0086 4176 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:58:27.0086 4176 amdxata - ok
17:58:27.0133 4176 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:58:27.0227 4176 AppID - ok
17:58:27.0242 4176 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:58:27.0320 4176 AppIDSvc - ok
17:58:27.0398 4176 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:58:27.0461 4176 Appinfo - ok
17:58:27.0570 4176 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:58:27.0585 4176 Apple Mobile Device - ok
17:58:27.0601 4176 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:58:27.0617 4176 arc - ok
17:58:27.0710 4176 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:58:27.0726 4176 arcsas - ok
17:58:27.0804 4176 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:58:27.0960 4176 AsyncMac - ok
17:58:28.0022 4176 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:58:28.0038 4176 atapi - ok
17:58:28.0085 4176 [ FCF685F3D5458121C568F268D4D90EE5 ] atashost C:\Windows\SysWOW64\atashost.exe
17:58:28.0100 4176 atashost - ok
17:58:28.0178 4176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:58:28.0537 4176 AudioEndpointBuilder - ok
17:58:28.0553 4176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:58:28.0677 4176 AudioSrv - ok
17:58:28.0740 4176 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:58:28.0833 4176 AxInstSV - ok
17:58:28.0896 4176 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:58:28.0974 4176 b06bdrv - ok
17:58:29.0021 4176 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:58:29.0083 4176 b57nd60a - ok
17:58:29.0145 4176 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:58:29.0239 4176 BDESVC - ok
17:58:29.0598 4176 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:58:29.0723 4176 Beep - ok
17:58:29.0863 4176 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:58:30.0113 4176 BFE - ok
17:58:30.0175 4176 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:58:30.0284 4176 BITS - ok
17:58:30.0300 4176 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:58:30.0456 4176 blbdrive - ok
17:58:30.0534 4176 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:58:30.0549 4176 Bonjour Service - ok
17:58:30.0596 4176 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:58:30.0627 4176 bowser - ok
17:58:30.0659 4176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:58:30.0721 4176 BrFiltLo - ok
17:58:30.0752 4176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:58:30.0815 4176 BrFiltUp - ok
17:58:30.0830 4176 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:58:30.0971 4176 BridgeMP - ok
17:58:31.0017 4176 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:58:31.0033 4176 Browser - ok
17:58:31.0064 4176 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:58:31.0111 4176 Brserid - ok
17:58:31.0127 4176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:58:31.0158 4176 BrSerWdm - ok
17:58:31.0189 4176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:58:31.0220 4176 BrUsbMdm - ok
17:58:31.0251 4176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:58:31.0329 4176 BrUsbSer - ok
17:58:31.0361 4176 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:58:31.0423 4176 BTHMODEM - ok
17:58:31.0454 4176 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:58:31.0532 4176 bthserv - ok
17:58:31.0548 4176 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:58:31.0673 4176 cdfs - ok
17:58:31.0735 4176 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:58:31.0751 4176 cdrom - ok
17:58:31.0813 4176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:58:31.0844 4176 CertPropSvc - ok
17:58:31.0969 4176 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:58:32.0016 4176 circlass - ok
17:58:32.0063 4176 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:58:32.0094 4176 CLFS - ok
17:58:32.0234 4176 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:58:32.0250 4176 clr_optimization_v2.0.50727_32 - ok
17:58:32.0297 4176 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:58:32.0312 4176 clr_optimization_v2.0.50727_64 - ok
17:58:32.0468 4176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:58:32.0484 4176 clr_optimization_v4.0.30319_32 - ok
17:58:32.0515 4176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:58:32.0531 4176 clr_optimization_v4.0.30319_64 - ok
17:58:32.0577 4176 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:58:32.0593 4176 CmBatt - ok
17:58:32.0718 4176 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
17:58:32.0874 4176 cmdAgent - ok
17:58:32.0905 4176 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
17:58:32.0952 4176 cmdGuard - ok
17:58:32.0967 4176 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
17:58:33.0030 4176 cmdHlp - ok
17:58:33.0061 4176 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:58:33.0061 4176 cmdide - ok
17:58:33.0108 4176 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:58:33.0139 4176 CNG - ok
17:58:33.0155 4176 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:58:33.0170 4176 Compbatt - ok
17:58:33.0201 4176 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:58:33.0217 4176 CompositeBus - ok
17:58:33.0233 4176 COMSysApp - ok
17:58:33.0248 4176 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:58:33.0264 4176 crcdisk - ok
17:58:33.0326 4176 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:58:33.0373 4176 CryptSvc - ok
17:58:33.0467 4176 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:58:33.0498 4176 cvhsvc - ok
17:58:33.0560 4176 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:58:33.0607 4176 dc3d - ok
17:58:33.0685 4176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:58:33.0779 4176 DcomLaunch - ok
17:58:33.0810 4176 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:58:33.0935 4176 defragsvc - ok
17:58:33.0966 4176 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:58:34.0013 4176 DfsC - ok
17:58:34.0059 4176 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:58:34.0106 4176 dg_ssudbus - ok
17:58:34.0153 4176 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:58:34.0215 4176 Dhcp - ok
17:58:34.0247 4176 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:58:34.0356 4176 discache - ok
17:58:34.0403 4176 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:58:34.0418 4176 Disk - ok
17:58:34.0449 4176 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:58:34.0496 4176 Dnscache - ok
17:58:34.0543 4176 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:58:34.0590 4176 dot3svc - ok
17:58:34.0605 4176 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:58:34.0683 4176 DPS - ok
17:58:34.0746 4176 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:58:34.0793 4176 drmkaud - ok
17:58:34.0855 4176 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:58:34.0886 4176 DXGKrnl - ok
17:58:34.0917 4176 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:58:34.0980 4176 EapHost - ok
17:58:35.0073 4176 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:58:35.0198 4176 ebdrv - ok
17:58:35.0214 4176 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:58:35.0261 4176 EFS - ok
17:58:35.0339 4176 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:58:35.0370 4176 ehRecvr - ok
17:58:35.0401 4176 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:58:35.0448 4176 ehSched - ok
17:58:35.0479 4176 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:58:35.0510 4176 elxstor - ok
17:58:35.0526 4176 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:58:35.0573 4176 ErrDev - ok
17:58:35.0619 4176 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:58:35.0682 4176 EventSystem - ok
17:58:35.0729 4176 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:58:35.0853 4176 exfat - ok
17:58:35.0947 4176 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:58:36.0041 4176 fastfat - ok
17:58:36.0103 4176 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:58:36.0150 4176 Fax - ok
17:58:36.0181 4176 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:58:36.0228 4176 fdc - ok
17:58:36.0259 4176 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:58:36.0368 4176 fdPHost - ok
17:58:36.0384 4176 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:58:36.0462 4176 FDResPub - ok
17:58:36.0493 4176 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:58:36.0509 4176 FileInfo - ok
17:58:36.0509 4176 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:58:36.0618 4176 Filetrace - ok
17:58:36.0649 4176 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:58:36.0680 4176 flpydisk - ok
17:58:36.0743 4176 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:58:36.0758 4176 FltMgr - ok
17:58:36.0836 4176 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:58:36.0867 4176 FontCache - ok
17:58:36.0961 4176 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:58:36.0977 4176 FontCache3.0.0.0 - ok
17:58:37.0008 4176 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:58:37.0008 4176 FsDepends - ok
17:58:37.0055 4176 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:58:37.0055 4176 Fs_Rec - ok
17:58:37.0117 4176 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:58:37.0133 4176 fvevol - ok
17:58:37.0179 4176 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:58:37.0195 4176 gagp30kx - ok
17:58:37.0257 4176 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:58:37.0273 4176 GamesAppService - ok
17:58:37.0351 4176 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:58:37.0351 4176 GEARAspiWDM - ok
17:58:37.0398 4176 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:58:37.0523 4176 gpsvc - ok
17:58:37.0585 4176 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:58:37.0601 4176 gusvc - ok
17:58:37.0632 4176 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:58:37.0663 4176 hcw85cir - ok
17:58:37.0710 4176 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:58:37.0741 4176 HDAudBus - ok
17:58:37.0757 4176 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:58:37.0803 4176 HidBatt - ok
17:58:37.0835 4176 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:58:37.0866 4176 HidBth - ok
17:58:37.0881 4176 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:58:37.0928 4176 HidIr - ok
17:58:37.0975 4176 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:58:38.0022 4176 hidserv - ok
17:58:38.0053 4176 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:58:38.0084 4176 HidUsb - ok
17:58:38.0131 4176 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:58:38.0240 4176 hkmsvc - ok
17:58:38.0287 4176 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:58:38.0349 4176 HomeGroupListener - ok
17:58:38.0443 4176 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:58:38.0474 4176 HomeGroupProvider - ok
17:58:38.0661 4176 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:58:38.0708 4176 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
17:58:38.0708 4176 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
17:58:38.0802 4176 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:58:38.0833 4176 hpqwmiex - ok
17:58:38.0895 4176 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:58:38.0911 4176 HpSAMD - ok
17:58:38.0958 4176 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:58:39.0051 4176 HTTP - ok
17:58:39.0098 4176 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:58:39.0098 4176 hwpolicy - ok
17:58:39.0129 4176 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:58:39.0192 4176 i8042prt - ok
17:58:39.0239 4176 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:58:39.0254 4176 iaStorV - ok
17:58:39.0317 4176 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:58:39.0332 4176 idsvc - ok
17:58:39.0379 4176 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:58:39.0379 4176 iirsp - ok
17:58:39.0488 4176 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:58:39.0582 4176 IKEEXT - ok
17:58:39.0629 4176 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
17:58:39.0660 4176 inspect - ok
17:58:39.0769 4176 [ EF75C94792187A143871FBB87611B0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:58:39.0878 4176 IntcAzAudAddService - ok
17:58:39.0909 4176 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:58:39.0925 4176 intelide - ok
17:58:39.0956 4176 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:58:40.0003 4176 intelppm - ok
17:58:40.0034 4176 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:58:40.0097 4176 IPBusEnum - ok
17:58:40.0143 4176 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:40.0237 4176 IpFilterDriver - ok
17:58:40.0284 4176 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:58:40.0346 4176 iphlpsvc - ok
17:58:40.0377 4176 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:58:40.0409 4176 IPMIDRV - ok
17:58:40.0440 4176 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:58:40.0502 4176 IPNAT - ok
17:58:40.0549 4176 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:58:40.0580 4176 iPod Service - ok
17:58:40.0596 4176 iPodDrv - ok
17:58:40.0627 4176 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:58:40.0674 4176 IRENUM - ok
17:58:40.0689 4176 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:58:40.0721 4176 isapnp - ok
17:58:40.0736 4176 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:58:40.0752 4176 iScsiPrt - ok
17:58:40.0783 4176 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:58:40.0799 4176 kbdclass - ok
17:58:40.0861 4176 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:58:40.0908 4176 kbdhid - ok
17:58:40.0923 4176 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:58:40.0970 4176 KeyIso - ok
17:58:41.0079 4176 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
17:58:41.0095 4176 Kodak AiO Network Discovery Service - ok
17:58:41.0157 4176 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
17:58:41.0173 4176 Kodak AiO Status Monitor Service - ok
17:58:41.0204 4176 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:58:41.0220 4176 KSecDD - ok
17:58:41.0313 4176 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:58:41.0329 4176 KSecPkg - ok
17:58:41.0360 4176 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:58:41.0438 4176 ksthunk - ok
17:58:41.0469 4176 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:58:41.0594 4176 KtmRm - ok
17:58:41.0641 4176 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:58:41.0735 4176 LanmanServer - ok
17:58:41.0781 4176 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:58:41.0828 4176 LanmanWorkstation - ok
17:58:41.0859 4176 Lavasoft Kernexplorer - ok
17:58:41.0906 4176 [ B1E1C8BB1392537E4D415FCDCB93B1D3 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:58:42.0015 4176 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:58:42.0015 4176 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:58:42.0047 4176 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:58:42.0109 4176 lltdio - ok
17:58:42.0140 4176 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:58:42.0187 4176 lltdsvc - ok
17:58:42.0218 4176 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:58:42.0249 4176 lmhosts - ok
17:58:42.0296 4176 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:58:42.0312 4176 LSI_FC - ok
17:58:42.0327 4176 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:58:42.0343 4176 LSI_SAS - ok
17:58:42.0374 4176 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:58:42.0405 4176 LSI_SAS2 - ok
17:58:42.0437 4176 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:58:42.0452 4176 LSI_SCSI - ok
17:58:42.0483 4176 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:58:42.0561 4176 luafv - ok
17:58:42.0624 4176 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:58:42.0686 4176 Mcx2Svc - ok
17:58:42.0702 4176 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:58:42.0702 4176 megasas - ok
17:58:42.0733 4176 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:58:42.0749 4176 MegaSR - ok
17:58:42.0764 4176 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:58:42.0889 4176 MMCSS - ok
17:58:42.0920 4176 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:58:42.0951 4176 Modem - ok
17:58:42.0998 4176 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:58:43.0092 4176 monitor - ok
17:58:43.0107 4176 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:58:43.0123 4176 mouclass - ok
17:58:43.0154 4176 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:58:43.0263 4176 mouhid - ok
17:58:43.0310 4176 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:58:43.0326 4176 mountmgr - ok
17:58:43.0373 4176 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:58:43.0373 4176 MozillaMaintenance - ok
17:58:43.0451 4176 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:58:43.0466 4176 MpFilter - ok
17:58:43.0497 4176 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:58:43.0513 4176 mpio - ok
17:58:43.0544 4176 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:58:43.0638 4176 mpsdrv - ok
17:58:43.0685 4176 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:58:43.0747 4176 MpsSvc - ok
17:58:43.0825 4176 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:58:43.0872 4176 MRxDAV - ok
17:58:43.0903 4176 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:43.0965 4176 mrxsmb - ok
17:58:44.0012 4176 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:44.0043 4176 mrxsmb10 - ok
17:58:44.0059 4176 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:44.0106 4176 mrxsmb20 - ok
17:58:44.0137 4176 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:58:44.0137 4176 msahci - ok
17:58:44.0184 4176 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:58:44.0184 4176 msdsm - ok
17:58:44.0215 4176 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:58:44.0262 4176 MSDTC - ok
17:58:44.0309 4176 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:58:44.0371 4176 Msfs - ok
17:58:44.0387 4176 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:58:44.0465 4176 mshidkmdf - ok
17:58:44.0480 4176 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:58:44.0496 4176 msisadrv - ok
17:58:44.0527 4176 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:58:44.0589 4176 MSiSCSI - ok
17:58:44.0605 4176 msiserver - ok
17:58:44.0636 4176 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:58:44.0699 4176 MSKSSRV - ok
17:58:44.0792 4176 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:58:44.0808 4176 MsMpSvc - ok
17:58:44.0823 4176 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:44.0901 4176 MSPCLOCK - ok
17:58:44.0933 4176 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:58:44.0995 4176 MSPQM - ok
17:58:45.0042 4176 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:58:45.0057 4176 MsRPC - ok
17:58:45.0089 4176 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:58:45.0104 4176 mssmbios - ok
17:58:45.0135 4176 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:58:45.0213 4176 MSTEE - ok
17:58:45.0229 4176 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:58:45.0276 4176 MTConfig - ok
17:58:45.0307 4176 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:58:45.0323 4176 Mup - ok
17:58:45.0385 4176 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:58:45.0510 4176 napagent - ok
17:58:45.0541 4176 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:58:45.0588 4176 NativeWifiP - ok
17:58:45.0822 4176 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:58:45.0837 4176 NDIS - ok
17:58:45.0900 4176 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:58:46.0009 4176 NdisCap - ok
17:58:46.0056 4176 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:46.0149 4176 NdisTapi - ok
17:58:46.0181 4176 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:46.0352 4176 Ndisuio - ok
17:58:46.0399 4176 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:46.0446 4176 NdisWan - ok
17:58:46.0493 4176 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:58:46.0586 4176 NDProxy - ok
17:58:46.0633 4176 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:58:46.0758 4176 NetBIOS - ok
17:58:46.0805 4176 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:58:46.0929 4176 NetBT - ok
17:58:46.0945 4176 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:58:47.0039 4176 Netlogon - ok
17:58:47.0117 4176 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:58:47.0226 4176 Netman - ok
17:58:47.0257 4176 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:58:47.0335 4176 netprofm - ok
17:58:47.0382 4176 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:58:47.0397 4176 NetTcpPortSharing - ok
17:58:47.0491 4176 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:58:47.0491 4176 nfrd960 - ok
17:58:47.0553 4176 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:58:47.0569 4176 NisDrv - ok
17:58:47.0585 4176 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:58:47.0616 4176 NisSrv - ok
17:58:47.0663 4176 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:58:47.0741 4176 NlaSvc - ok
17:58:47.0772 4176 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:58:47.0912 4176 Npfs - ok
17:58:47.0959 4176 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:58:48.0021 4176 nsi - ok
17:58:48.0037 4176 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:58:48.0084 4176 nsiproxy - ok
17:58:48.0318 4176 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:58:48.0365 4176 Ntfs - ok
17:58:48.0427 4176 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:58:48.0489 4176 Null - ok
17:58:49.0285 4176 [ 181B6E6F49F9F3AD05589B48E29BA167 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:58:49.0659 4176 nvlddmkm - ok
17:58:49.0706 4176 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
17:58:49.0784 4176 NVNET - ok
17:58:49.0847 4176 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:58:49.0862 4176 nvraid - ok
17:58:49.0878 4176 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:58:49.0893 4176 nvstor - ok
17:58:49.0925 4176 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
17:58:49.0956 4176 nvstor64 - ok
17:58:50.0096 4176 [ B5B5DA18380F625C34B88B93D09D7D40 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:58:50.0159 4176 nvsvc - ok
17:58:50.0205 4176 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:58:50.0205 4176 nv_agp - ok
17:58:50.0268 4176 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:58:50.0299 4176 ohci1394 - ok
17:58:50.0361 4176 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:58:50.0377 4176 ose - ok
17:58:51.0110 4176 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:58:51.0251 4176 osppsvc - ok
17:58:51.0329 4176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:58:51.0391 4176 p2pimsvc - ok
17:58:51.0438 4176 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:58:51.0500 4176 p2psvc - ok
17:58:51.0531 4176 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:58:51.0563 4176 Parport - ok
17:58:51.0609 4176 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:58:51.0609 4176 partmgr - ok
17:58:51.0687 4176 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:58:51.0719 4176 PcaSvc - ok
17:58:51.0812 4176 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:58:51.0812 4176 pci - ok
17:58:51.0859 4176 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:58:51.0875 4176 pciide - ok
17:58:51.0906 4176 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:58:51.0921 4176 pcmcia - ok
17:58:51.0953 4176 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:58:51.0968 4176 pcw - ok
17:58:52.0046 4176 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:58:52.0093 4176 PEAUTH - ok
17:58:52.0187 4176 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:58:52.0265 4176 PerfHost - ok
17:58:52.0343 4176 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:58:52.0421 4176 pla - ok
17:58:52.0483 4176 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:58:52.0545 4176 PlugPlay - ok
17:58:52.0577 4176 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:58:52.0623 4176 PNRPAutoReg - ok
17:58:52.0655 4176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:58:52.0701 4176 PNRPsvc - ok
17:58:52.0779 4176 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:58:52.0904 4176 PolicyAgent - ok
17:58:52.0982 4176 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:58:53.0045 4176 Power - ok
17:58:53.0091 4176 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:58:53.0138 4176 PptpMiniport - ok
17:58:53.0201 4176 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:58:53.0247 4176 Processor - ok
17:58:53.0325 4176 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:58:53.0357 4176 ProfSvc - ok
17:58:53.0388 4176 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:58:53.0419 4176 ProtectedStorage - ok
17:58:53.0497 4176 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:58:53.0575 4176 Psched - ok
17:58:53.0715 4176 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:58:53.0762 4176 ql2300 - ok
17:58:53.0809 4176 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:58:53.0825 4176 ql40xx - ok
17:58:53.0887 4176 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:58:53.0949 4176 QWAVE - ok
17:58:53.0965 4176 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:58:54.0027 4176 QWAVEdrv - ok
17:58:54.0043 4176 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:58:54.0168 4176 RasAcd - ok
17:58:54.0246 4176 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:58:54.0308 4176 RasAgileVpn - ok
17:58:54.0355 4176 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:58:54.0480 4176 RasAuto - ok
17:58:54.0573 4176 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:54.0667 4176 Rasl2tp - ok
17:58:54.0714 4176 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:58:54.0807 4176 RasMan - ok
17:58:54.0854 4176 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:54.0901 4176 RasPppoe - ok
17:58:54.0917 4176 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:58:54.0995 4176 RasSstp - ok
17:58:55.0041 4176 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:58:55.0088 4176 rdbss - ok
17:58:55.0135 4176 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:58:55.0197 4176 rdpbus - ok
17:58:55.0260 4176 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:55.0338 4176 RDPCDD - ok
17:58:55.0369 4176 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:58:55.0494 4176 RDPENCDD - ok
17:58:55.0525 4176 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:58:55.0619 4176 RDPREFMP - ok
17:58:55.0650 4176 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:58:55.0697 4176 RDPWD - ok
17:58:55.0775 4176 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:58:55.0790 4176 rdyboost - ok
17:58:55.0837 4176 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:58:55.0931 4176 RemoteAccess - ok
17:58:56.0040 4176 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:58:56.0118 4176 RemoteRegistry - ok
17:58:56.0149 4176 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:58:56.0211 4176 RpcEptMapper - ok
17:58:56.0274 4176 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:58:56.0336 4176 RpcLocator - ok
17:58:56.0399 4176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:58:56.0492 4176 RpcSs - ok
17:58:56.0539 4176 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:58:56.0664 4176 rspndr - ok
17:58:56.0695 4176 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:58:56.0726 4176 SamSs - ok
17:58:56.0835 4176 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:58:56.0882 4176 SASDIFSV - ok
17:58:56.0945 4176 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:58:56.0991 4176 SASKUTIL - ok
17:58:57.0038 4176 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:58:57.0054 4176 sbp2port - ok
17:58:57.0101 4176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:58:57.0241 4176 SCardSvr - ok
17:58:57.0303 4176 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:58:57.0381 4176 scfilter - ok
17:58:57.0428 4176 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:58:57.0584 4176 Schedule - ok
17:58:57.0662 4176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:58:57.0725 4176 SCPolicySvc - ok
17:58:57.0787 4176 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:58:57.0834 4176 SDRSVC - ok
17:58:57.0896 4176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:58:58.0021 4176 secdrv - ok
17:58:58.0052 4176 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:58:58.0115 4176 seclogon - ok
17:58:58.0161 4176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:58:58.0302 4176 SENS - ok
17:58:58.0364 4176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:58:58.0395 4176 SensrSvc - ok
17:58:58.0427 4176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:58:58.0427 4176 Serenum - ok
17:58:58.0473 4176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:58:58.0536 4176 Serial - ok
17:58:58.0614 4176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:58:58.0645 4176 sermouse - ok
17:58:58.0707 4176 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:58:58.0785 4176 SessionEnv - ok
17:58:58.0848 4176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:58:58.0863 4176 sffdisk - ok
17:58:58.0879 4176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:58:58.0926 4176 sffp_mmc - ok
17:58:58.0957 4176 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:58:58.0988 4176 sffp_sd - ok
17:58:59.0019 4176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:58:59.0051 4176 sfloppy - ok
17:58:59.0144 4176 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:58:59.0175 4176 Sftfs - ok
17:58:59.0331 4176 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:58:59.0347 4176 sftlist - ok
17:58:59.0441 4176 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:58:59.0456 4176 Sftplay - ok
17:58:59.0487 4176 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:58:59.0503 4176 Sftredir - ok
17:58:59.0534 4176 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:58:59.0550 4176 Sftvol - ok
17:58:59.0612 4176 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:58:59.0628 4176 sftvsa - ok
17:58:59.0721 4176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:58:59.0831 4176 SharedAccess - ok
17:58:59.0909 4176 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:58:59.0987 4176 ShellHWDetection - ok
17:59:00.0018 4176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:59:00.0033 4176 SiSRaid2 - ok
17:59:00.0065 4176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:59:00.0080 4176 SiSRaid4 - ok
17:59:00.0127 4176 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:59:00.0174 4176 Smb - ok
17:59:00.0221 4176 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:59:00.0252 4176 SNMPTRAP - ok
17:59:00.0267 4176 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:59:00.0283 4176 spldr - ok
17:59:00.0361 4176 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:59:00.0439 4176 Spooler - ok
17:59:00.0657 4176 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:59:00.0813 4176 sppsvc - ok
17:59:00.0876 4176 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:59:00.0954 4176 sppuinotify - ok
17:59:01.0032 4176 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:59:01.0079 4176 srv - ok
17:59:01.0157 4176 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:59:01.0188 4176 srv2 - ok
17:59:01.0219 4176 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:59:01.0266 4176 srvnet - ok
17:59:01.0313 4176 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:59:01.0375 4176 SSDPSRV - ok
17:59:01.0391 4176 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:59:01.0515 4176 SstpSvc - ok
17:59:01.0625 4176 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:59:01.0671 4176 ssudmdm - ok
17:59:01.0703 4176 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:59:01.0718 4176 stexstor - ok
17:59:01.0827 4176 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:59:01.0859 4176 stisvc - ok
17:59:01.0890 4176 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:59:01.0937 4176 swenum - ok
17:59:02.0077 4176 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:59:02.0139 4176 swprv - ok
17:59:02.0717 4176 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:59:02.0763 4176 SysMain - ok
17:59:02.0826 4176 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:59:02.0888 4176 TabletInputService - ok
17:59:02.0935 4176 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:59:02.0982 4176 TapiSrv - ok
17:59:03.0029 4176 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:59:03.0169 4176 TBS - ok
17:59:03.0294 4176 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:59:03.0341 4176 Tcpip - ok
17:59:03.0497 4176 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:59:03.0559 4176 TCPIP6 - ok
17:59:03.0637 4176 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:59:03.0653 4176 tcpipreg - ok
17:59:03.0684 4176 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:59:03.0715 4176 TDPIPE - ok
17:59:03.0762 4176 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:59:03.0777 4176 TDTCP - ok
17:59:03.0824 4176 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:59:03.0949 4176 tdx - ok
17:59:03.0996 4176 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:59:04.0011 4176 TermDD - ok
17:59:04.0058 4176 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:59:04.0121 4176 TermService - ok
17:59:04.0152 4176 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:59:04.0199 4176 Themes - ok
17:59:04.0214 4176 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:59:04.0292 4176 THREADORDER - ok
17:59:04.0339 4176 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:59:04.0401 4176 TrkWks - ok
17:59:04.0479 4176 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:59:04.0557 4176 TrustedInstaller - ok
17:59:04.0620 4176 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:59:04.0713 4176 tssecsrv - ok
17:59:04.0807 4176 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:59:04.0854 4176 TsUsbFlt - ok
17:59:04.0916 4176 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:59:04.0979 4176 tunnel - ok
17:59:05.0025 4176 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:59:05.0025 4176 uagp35 - ok
17:59:05.0103 4176 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:59:05.0166 4176 udfs - ok
17:59:05.0197 4176 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:59:05.0228 4176 UI0Detect - ok
17:59:05.0275 4176 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:59:05.0291 4176 uliagpkx - ok
17:59:05.0322 4176 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:59:05.0415 4176 umbus - ok
17:59:05.0462 4176 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:59:05.0571 4176 UmPass - ok
17:59:05.0618 4176 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:59:05.0805 4176 upnphost - ok
17:59:05.0883 4176 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:59:05.0961 4176 USBAAPL64 - ok
17:59:06.0008 4176 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:59:06.0102 4176 usbccgp - ok
17:59:06.0117 4176 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:59:06.0164 4176 usbcir - ok
17:59:06.0180 4176 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:59:06.0273 4176 usbehci - ok
17:59:06.0305 4176 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:59:06.0429 4176 usbhub - ok
17:59:06.0445 4176 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:59:06.0523 4176 usbohci - ok
17:59:06.0570 4176 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:59:06.0632 4176 usbprint - ok
17:59:06.0695 4176 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:59:06.0788 4176 usbscan - ok
17:59:06.0882 4176 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:59:06.0975 4176 USBSTOR - ok
17:59:06.0991 4176 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:59:07.0053 4176 usbuhci - ok
17:59:07.0100 4176 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:59:07.0272 4176 UxSms - ok
17:59:07.0287 4176 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:59:07.0334 4176 VaultSvc - ok
17:59:07.0365 4176 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:59:07.0381 4176 vdrvroot - ok
17:59:07.0428 4176 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:59:07.0506 4176 vds - ok
17:59:07.0521 4176 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:07.0631 4176 vga - ok
17:59:07.0646 4176 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:59:07.0787 4176 VgaSave - ok
17:59:07.0865 4176 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:59:07.0880 4176 vhdmp - ok
17:59:07.0896 4176 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:59:07.0911 4176 viaide - ok
17:59:07.0927 4176 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:59:07.0974 4176 volmgr - ok
17:59:08.0036 4176 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:59:08.0052 4176 volmgrx - ok
17:59:08.0099 4176 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:59:08.0114 4176 volsnap - ok
17:59:08.0130 4176 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:59:08.0145 4176 vsmraid - ok
17:59:08.0208 4176 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:59:08.0333 4176 VSS - ok
17:59:08.0364 4176 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:59:08.0442 4176 vwifibus - ok
17:59:08.0504 4176 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:59:08.0551 4176 W32Time - ok
17:59:08.0567 4176 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:59:08.0660 4176 WacomPen - ok
17:59:08.0723 4176 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:59:08.0879 4176 WANARP - ok
17:59:08.0879 4176 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:59:08.0925 4176 Wanarpv6 - ok
17:59:09.0035 4176 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:59:09.0081 4176 WatAdminSvc - ok
17:59:09.0144 4176 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:59:09.0175 4176 wbengine - ok
17:59:09.0237 4176 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:59:09.0269 4176 WbioSrvc - ok
17:59:09.0331 4176 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:59:09.0393 4176 wcncsvc - ok
17:59:09.0440 4176 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:59:09.0471 4176 WcsPlugInService - ok
17:59:09.0503 4176 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:59:09.0518 4176 Wd - ok
17:59:09.0581 4176 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:59:09.0612 4176 Wdf01000 - ok
17:59:09.0643 4176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:59:09.0799 4176 WdiServiceHost - ok
17:59:09.0815 4176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:59:09.0877 4176 WdiSystemHost - ok
17:59:09.0924 4176 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:59:09.0986 4176 WebClient - ok
17:59:10.0033 4176 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:59:10.0095 4176 Wecsvc - ok
17:59:10.0127 4176 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:59:10.0236 4176 wercplsupport - ok
17:59:10.0267 4176 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:59:10.0329 4176 WerSvc - ok
17:59:10.0361 4176 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:59:10.0423 4176 WfpLwf - ok
17:59:10.0439 4176 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:59:10.0454 4176 WIMMount - ok
17:59:10.0470 4176 WinDefend - ok
17:59:10.0485 4176 WinHttpAutoProxySvc - ok
17:59:10.0579 4176 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:59:10.0688 4176 Winmgmt - ok
17:59:10.0829 4176 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:59:11.0000 4176 WinRM - ok
17:59:11.0063 4176 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
17:59:11.0234 4176 WinUSB - ok
17:59:11.0297 4176 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:59:11.0406 4176 Wlansvc - ok
17:59:11.0515 4176 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:59:11.0671 4176 wlidsvc - ok
17:59:11.0702 4176 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:59:11.0858 4176 WmiAcpi - ok
17:59:11.0905 4176 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:59:12.0045 4176 wmiApSrv - ok
17:59:12.0092 4176 WMPNetworkSvc - ok
17:59:12.0123 4176 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:59:12.0233 4176 WPCSvc - ok
17:59:12.0264 4176 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:59:12.0404 4176 WPDBusEnum - ok
17:59:12.0435 4176 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:59:12.0545 4176 ws2ifsl - ok
17:59:12.0576 4176 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:59:12.0732 4176 wscsvc - ok
17:59:12.0747 4176 WSearch - ok
17:59:12.0919 4176 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:59:13.0044 4176 wuauserv - ok
17:59:13.0091 4176 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:59:13.0247 4176 WudfPf - ok
17:59:13.0293 4176 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:13.0465 4176 WUDFRd - ok
17:59:13.0527 4176 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:59:13.0683 4176 wudfsvc - ok
17:59:13.0761 4176 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:59:13.0871 4176 WwanSvc - ok
17:59:13.0902 4176 ================ Scan global ===============================
17:59:13.0917 4176 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:59:13.0964 4176 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:59:13.0980 4176 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:59:14.0011 4176 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:59:14.0027 4176 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:59:14.0027 4176 [Global] - ok
17:59:14.0042 4176 ================ Scan MBR ==================================
17:59:14.0042 4176 [ DA972F10EA1E893F1F161FACF142E305 ] \Device\Harddisk0\DR0
17:59:14.0307 4176 \Device\Harddisk0\DR0 - ok
17:59:14.0307 4176 ================ Scan VBR ==================================
17:59:14.0307 4176 [ 7FFBF8D1A9A21529718CA00B461481C3 ] \Device\Harddisk0\DR0\Partition1
17:59:14.0307 4176 \Device\Harddisk0\DR0\Partition1 - ok
17:59:14.0354 4176 [ A6E2988A14598816EADC725AA34A00F6 ] \Device\Harddisk0\DR0\Partition2
17:59:14.0354 4176 \Device\Harddisk0\DR0\Partition2 - ok
17:59:14.0385 4176 [ 5767F399991037553320D7CEDA952CB7 ] \Device\Harddisk0\DR0\Partition3
17:59:14.0385 4176 \Device\Harddisk0\DR0\Partition3 - ok
17:59:14.0401 4176 ============================================================
17:59:14.0401 4176 Scan finished
17:59:14.0401 4176 ============================================================
17:59:14.0417 4560 Detected object count: 2
17:59:14.0417 4560 Actual detected object count: 2
17:59:37.0817 4560 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:37.0817 4560 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:37.0832 4560 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:37.0832 4560 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#5
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
VEW Log
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/11/2012 7:38:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/11/2012 5:11:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/11/2012 7:30:48 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/11/2012 6:48:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/11/2012 5:20:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 06/11/2012 5:19:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 4:34:05 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 4:26:18 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 4:26:18 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 05/11/2012 5:16:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/10/2012 3:35:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/10/2012 11:08:03 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 8:32:08 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 18/10/2012 8:32:08 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 18/10/2012 8:09:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 6:38:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 4:51:47 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/10/2012 7:29:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 31/08/2012 4:07:14 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SAMSUNG Mobile MTP Device (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2012 12:34:38 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 12:34:38 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{4269DD6C-B594-4BFA-BA6C-258867599855} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 01/12/2012 12:34:31 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/12/2012 12:34:31 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 12:33:11 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 01/12/2012 12:33:11 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 01/12/2012 12:17:46 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 12:17:41 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 12:17:41 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 12:17:41 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{4269DD6C-B594-4BFA-BA6C-258867599855} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 01/12/2012 12:17:32 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 30/11/2012 10:50:11 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/11/2012 10:21:37 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

Log: 'System' Date/Time: 30/11/2012 10:21:37 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

Log: 'System' Date/Time: 30/11/2012 10:10:40 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Log: 'System' Date/Time: 30/11/2012 9:47:44 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

Log: 'System' Date/Time: 30/11/2012 9:47:44 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

Log: 'System' Date/Time: 30/11/2012 9:36:50 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Log: 'System' Date/Time: 30/11/2012 8:15:46 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.457.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.

Log: 'System' Date/Time: 30/11/2012 6:36:30 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2012 12:34:24 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 30/11/2012 10:50:05 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 29/11/2012 9:11:10 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 28/11/2012 6:21:21 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/11/2012 9:00:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pis.foxitsoftware.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/11/2012 5:11:37 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 24/11/2012 6:41:58 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.teen-type1-treatment-option.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2012 7:31:08 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 22/11/2012 6:48:40 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/11/2012 4:17:41 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/11/2012 2:25:23 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/11/2012 9:45:07 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/11/2012 2:20:21 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 7:34:24 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 6:40:22 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 5:20:38 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/11/2012 1:43:21 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 12/11/2012 8:56:06 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.mi.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/11/2012 3:57:09 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.mi.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/11/2012 3:57:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

System Idle Log
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
atashost.exe 1684 1,408 K 3,672 K WebEx Host for Support Center Cisco WebEx LLC (Verified) WebEx Communications Inc.
CVHSVC.EXE 2636 9,076 K 13,048 K Microsoft Office Client Virtualization Service Microsoft Corporation (Verified) Microsoft Corporation
dllhost.exe 4656 2,632 K 7,208 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 4592 1,780 K 4,548 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
EKPrinterSDK.exe 1788 4,964 K 7,084 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
EKStatusMonitor.exe 3112 6,264 K 10,956 K Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
FlashUtil32_11_4_402_287_ActiveX.exe 1308 2,676 K 7,720 K Adobe® Flash® Player Installer/Uninstaller 11.4 r402 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
hpsysdrv.exe 3680 1,180 K 3,684 K hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
hpwuschd2.exe 3732 1,240 K 3,804 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
Locator.exe 1088 1,252 K 2,652 K Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 620 3,024 K 4,452 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LSSrvc.exe 1820 1,528 K 3,968 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
MpCmdRun.exe 700 2,404 K 5,388 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 3880 3,020 K 7,668 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 1012 61,332 K 12,348 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
msntask.exe 2192 9,984 K 19,020 K MSN Task Processor Microsoft Corp. (Verified) Microsoft Corporation
msseces.exe 3332 6,080 K 11,264 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe 788 1,640 K 3,612 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
procexp.exe 516 2,688 K 7,324 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe 556 6,884 K 7,956 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
sftlist.exe 2220 8,216 K 10,180 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
sftvsa.exe 2080 1,704 K 4,660 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 300 380 K 932 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1432 10,080 K 12,996 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2100 4,336 K 6,496 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3008 2,652 K 5,040 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 828 5,220 K 8,244 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4868 1,728 K 4,808 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4100 10,080 K 13,056 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 0 K 24 K
taskhost.exe 2784 8,408 K 8,392 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
VSSVC.exe 4864 2,348 K 6,976 K Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 492 1,812 K 4,100 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 584 2,564 K 5,592 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2296 1,508 K 3,004 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WmiPrvSE.exe 3632 < 0.01 2,692 K 6,500 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1468 < 0.01 12,752 K 14,080 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 812 < 0.01 75,704 K 75,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe 3756 < 0.01 3,776 K 8,340 K iTunesHelper Apple Inc. (Verified) Apple Inc.
HPSA_Service.exe 2656 < 0.01 29,480 K 20,988 K HP Support Assistant Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
svchost.exe 1140 < 0.01 9,392 K 15,388 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 436 < 0.01 21,828 K 20,928 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HPAdvisor.exe 3716 < 0.01 60,892 K 5,340 K HP Advisor Hewlett-Packard (Verified) Hewlett-Packard Company
svchost.exe 1044 < 0.01 31,548 K 44,672 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2168 < 0.01 6,736 K 10,952 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
csrss.exe 444 0.01 1,928 K 3,656 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1644 0.01 4,340 K 9,460 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
TuneSync.exe 3500 0.01 31,208 K 26,980 K TuneSync Server Fireleap Software LLC (Verified) Highwind Software LLC
conhost.exe 3780 0.01 1,376 K 3,580 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe 1228 0.01 3,128 K 5,884 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
SASCore64.exe 1620 0.01 1,932 K 3,368 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
iexplore.exe 2724 0.01 16,364 K 29,356 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3088 0.01 13,996 K 16,476 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2364 0.01 39,620 K 32,776 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1708 0.01 2,388 K 5,140 K Bonjour Service Apple Inc. (Verified) Apple Inc.
iPodService.exe 2960 0.02 2,928 K 5,956 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
svchost.exe 984 0.02 28,368 K 29,392 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe 3588 0.02 49,168 K 22,224 K Dropbox Dropbox, Inc. (Verified) Dropbox
svchost.exe 1568 0.04 8,052 K 33,380 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
EKAiOHostService.exe 1748 0.05 29,576 K 26,104 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
cmdagent.exe 916 0.05 39,752 K 4,148 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
lsass.exe 612 0.06 5,096 K 9,912 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
SUPERANTISPYWARE.EXE 3384 0.09 514,828 K 860 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
System 4 0.11 356 K 12,196 K
explorer.exe 3000 0.15 32,252 K 52,528 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
cfp.exe 3324 0.16 18,616 K 7,828 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
iexplore.exe 4504 0.19 67,084 K 77,104 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 504 0.27 10,456 K 14,084 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
HP_Remote_Solution.exe 3696 0.29 3,608 K 6,536 K HP Remote Solution Hewlett-Packard (Unable to verify) Hewlett-Packard
svchost.exe 728 0.40 4,656 K 8,128 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 0.69 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 2952 0.88 51,444 K 45,836 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
MusicManager.exe 3436 1.04 14,268 K 23,232 K Music Manager Google Inc. (Unable to verify) Google Inc.
wmplayer.exe 4312 1.07 43,608 K 58,828 K Windows Media Player Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 4724 5.01 26,256 K 48,888 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
PresentationFontCache.exe 3908 89.27 27,728 K 18,024 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows

FSS Text Log
Farbar Service Scanner Version: 09-11-2012
Ran by Frank (administrator) on 30-11-2012 at 20:27:48
Running from "C:\Users\Frank\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-17 14:41] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

OTL Log
OTL logfile created on: 11/30/2012 7:47:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frank\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.07% Memory free
3.50 Gb Paging File | 1.46 Gb Available in Paging File | 41.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.02 Gb Total Space | 365.48 Gb Free Space | 80.32% Space Free | Partition Type: NTFS
Drive D: | 10.64 Gb Total Space | 1.57 Gb Free Space | 14.78% Space Free | Partition Type: NTFS

Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/29 14:58:29 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2012/11/27 13:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2012/11/04 22:05:46 | 000,295,760 | ---- | M] (Fireleap Software LLC) -- C:\Program Files (x86)\TuneSync\TuneSync.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 21:21:50 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/08/31 15:41:18 | 007,321,600 | ---- | M] (Google Inc.) -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/16 13:35:18 | 000,130,400 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/19 10:12:55 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/18 13:00:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/18 04:53:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/18 04:53:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 04:53:02 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/18 04:52:51 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/18 04:52:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/18 04:52:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/18 04:52:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/18 04:52:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/18 04:52:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/18 04:52:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/18 04:51:58 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/18 04:51:50 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/18 03:51:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012/11/18 03:51:13 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012/11/18 03:50:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012/11/18 03:50:33 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012/11/18 03:50:06 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012/11/18 03:48:12 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012/11/18 03:47:53 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012/08/31 15:29:34 | 000,344,064 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/08/31 15:29:24 | 000,231,936 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/08/31 15:28:38 | 000,231,936 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/08/31 15:28:34 | 000,117,248 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/08/27 12:29:44 | 000,026,624 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2012/08/27 12:29:20 | 010,683,392 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2012/08/27 12:29:16 | 001,681,408 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2012/08/27 12:29:08 | 007,741,952 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2012/08/27 12:29:04 | 002,248,192 | ---- | M] () -- C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/07 18:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/29 14:58:29 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2012/10/29 14:24:16 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/10/08 21:49:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BF16260-FC73-4304-85B1-F6C49835EA04}
IE:64bit: - HKLM\..\SearchScopes\{6F1B991B-98EC-4DBD-B6FD-CFF56B0B19E7}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE:64bit: - HKLM\..\SearchScopes\{9BF16260-FC73-4304-85B1-F6C49835EA04}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{6F1B991B-98EC-4DBD-B6FD-CFF56B0B19E7}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{9BF16260-FC73-4304-85B1-F6C49835EA04}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{6F1B991B-98EC-4DBD-B6FD-CFF56B0B19E7}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{89F8B001-2BEA-4AEB-934E-584FF985442E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{9BF16260-FC73-4304-85B1-F6C49835EA04}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.9.1
FF - prefs.js..extensions.enabledAddons: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}:4.9.3
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.0
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..keyword.URL: "http://feed.snap.do/...archtype=ds&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 14:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 12:16:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 14:24:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 12:16:58 | 000,000,000 | ---D | M]

[2011/02/12 21:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/10/04 13:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions
[2011/02/12 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/11/24 01:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions
[2011/06/05 21:59:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/11/22 12:02:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/20 16:23:58 | 000,234,741 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\[email protected]
[2012/09/26 20:22:37 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\[email protected]
[2012/11/22 13:53:23 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/14 10:42:12 | 000,137,717 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi
[2012/11/24 01:49:29 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/15 08:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/29 14:24:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 05:25:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/15 08:53:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [MusicManager] C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TuneSync] C:\Program Files (x86)\TuneSync\TuneSync.exe (Fireleap Software LLC)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex....rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4269DD6C-B594-4BFA-BA6C-258867599855}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: atashost - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 19:31:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/11/30 18:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/30 18:06:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/30 18:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/30 18:03:41 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Frank\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/30 17:51:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/30 11:56:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/30 11:56:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/30 11:56:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/30 11:55:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/30 11:54:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 11:51:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/30 11:50:31 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/11/29 15:20:47 | 000,000,000 | ---D | C] -- C:\Kodak
[2012/11/29 14:59:24 | 000,215,864 | ---- | C] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atsckernel.exe
[2012/11/29 14:59:11 | 000,133,944 | ---- | C] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atashost.exe
[2012/11/29 14:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2012/11/29 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/11/29 14:36:59 | 015,645,152 | ---- | C] (Foxit Corporation ) -- C:\Users\Frank\Desktop\FoxitReader543.0920_enu_Setup.exe
[2012/11/29 01:16:50 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Frank\Desktop\procexp.exe
[2012/11/29 01:14:09 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Frank\Desktop\tdsskiller.exe
[2012/11/29 01:12:59 | 005,009,213 | R--- | C] (Swearware) -- C:\Users\Frank\Desktop\ComboFix.exe
[2012/11/29 01:12:01 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Frank\Desktop\aswMBR.exe
[2012/11/29 00:20:23 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\GS3 Root
[2012/11/28 23:09:12 | 024,274,952 | ---- | C] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Frank\Desktop\Sprint_L710_GSIII_Samsung_USB_Driver_v1_4_6_0.exe
[2012/11/27 13:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012/11/22 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Jaran Nilsen
[2012/11/22 14:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notpod
[2012/11/22 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notpod
[2012/11/20 23:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2012/11/20 23:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrintProjects
[2012/11/20 23:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/20 23:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2012/11/20 22:50:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2012/11/19 10:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/19 09:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/18 03:56:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/18 03:56:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/18 03:19:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/18 03:19:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/18 03:19:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/18 03:18:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/18 03:18:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/18 03:18:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/18 03:18:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/18 03:18:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/18 03:18:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/18 03:18:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/18 03:18:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/18 03:18:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/18 03:18:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/18 03:18:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/18 03:18:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/18 03:08:38 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/18 03:08:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/18 03:08:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/18 03:08:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/17 14:42:11 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/17 14:42:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/17 14:41:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/17 14:41:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/17 14:41:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/17 14:41:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/17 14:41:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/17 14:41:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/17 14:41:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/17 14:41:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/17 14:41:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/17 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\11-17-2012
[2012/11/13 13:30:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Whictomb Originals
[2012/11/12 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Patton
[2012/11/09 12:59:56 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Prest resized
[2012/11/09 12:13:33 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU5
[2012/11/08 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU4
[2012/11/07 11:25:31 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU2
[2012/11/06 23:56:18 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\13920 Chatham
[2012/11/06 20:24:22 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneSync
[2012/11/06 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneSync
[2012/11/05 12:56:43 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\DCU
[1 C:\Users\Frank\*.tmp files -> C:\Users\Frank\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/30 19:59:19 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1133253992-2123315571-3751703014-1001UA.job
[2012/11/30 19:49:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 19:44:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 19:44:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 19:34:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/30 19:34:10 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 18:06:40 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/30 18:04:03 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Frank\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/30 11:50:52 | 005,009,213 | R--- | M] (Swearware) -- C:\Users\Frank\Desktop\ComboFix.exe
[2012/11/30 10:54:17 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1133253992-2123315571-3751703014-1001Core.job
[2012/11/29 16:15:25 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/29 16:15:25 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/29 16:15:25 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/29 14:58:29 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atashost.exe
[2012/11/29 14:57:58 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atsckernel.exe
[2012/11/29 14:45:10 | 000,001,120 | ---- | M] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/11/29 14:45:10 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/11/29 14:38:46 | 015,645,152 | ---- | M] (Foxit Corporation ) -- C:\Users\Frank\Desktop\FoxitReader543.0920_enu_Setup.exe
[2012/11/29 13:52:55 | 000,452,061 | ---- | M] () -- C:\Users\Frank\Desktop\TBPpdf.PDF
[2012/11/29 01:18:32 | 004,009,167 | ---- | M] () -- C:\Users\Frank\Desktop\ServicesRepair.exe
[2012/11/29 01:18:03 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Frank\Desktop\procexp.exe
[2012/11/29 01:18:03 | 000,061,440 | ---- | M] ( ) -- C:\Users\Frank\Desktop\VEW.exe
[2012/11/29 01:14:39 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Frank\Desktop\tdsskiller.exe
[2012/11/29 01:12:40 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Frank\Desktop\aswMBR.exe
[2012/11/28 23:11:28 | 001,793,973 | ---- | M] () -- C:\Users\Frank\Desktop\TeamEpic-Root-from-Recovery-v5.zip
[2012/11/28 23:10:12 | 000,467,537 | ---- | M] () -- C:\Users\Frank\Desktop\Odin3-v3.04.zip
[2012/11/28 23:09:43 | 024,274,952 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Frank\Desktop\Sprint_L710_GSIII_Samsung_USB_Driver_v1_4_6_0.exe
[2012/11/28 16:14:53 | 000,059,463 | ---- | M] () -- C:\Users\Frank\Desktop\13532227425960.jpg
[2012/11/28 16:14:36 | 000,065,135 | ---- | M] () -- C:\Users\Frank\Desktop\13532227427571.jpg
[2012/11/28 16:14:29 | 000,077,153 | ---- | M] () -- C:\Users\Frank\Desktop\13532227434523.jpg
[2012/11/28 16:14:23 | 000,075,355 | ---- | M] () -- C:\Users\Frank\Desktop\13532227438804.jpg
[2012/11/28 16:14:23 | 000,063,950 | ---- | M] () -- C:\Users\Frank\Desktop\13532227433452.jpg
[2012/11/28 16:14:23 | 000,052,104 | ---- | M] () -- C:\Users\Frank\Desktop\13532227440065.jpg
[2012/11/28 16:13:58 | 000,081,415 | ---- | M] () -- C:\Users\Frank\Desktop\13532227444086.jpg
[2012/11/28 16:13:52 | 000,057,580 | ---- | M] () -- C:\Users\Frank\Desktop\13532227445947.jpg
[2012/11/28 16:13:26 | 000,067,921 | ---- | M] () -- C:\Users\Frank\Desktop\13532227449798.jpg
[2012/11/28 16:13:14 | 000,056,891 | ---- | M] () -- C:\Users\Frank\Desktop\13532227450919.jpg
[2012/11/28 16:13:01 | 000,074,373 | ---- | M] () -- C:\Users\Frank\Desktop\13532227455430.jpg
[2012/11/28 16:12:49 | 000,068,280 | ---- | M] () -- C:\Users\Frank\Desktop\13532227460102.jpg
[2012/11/28 16:12:42 | 000,128,242 | ---- | M] () -- C:\Users\Frank\Desktop\13532227462603.jpg
[2012/11/28 16:12:30 | 000,167,022 | ---- | M] () -- C:\Users\Frank\Desktop\13532227466824.jpg
[2012/11/28 16:12:23 | 000,146,065 | ---- | M] () -- C:\Users\Frank\Desktop\13532227467655.jpg
[2012/11/27 18:48:11 | 000,033,593 | ---- | M] () -- C:\Users\Frank\Desktop\DOC112712-11272012160027.pdf
[2012/11/27 16:19:36 | 000,002,066 | ---- | M] () -- C:\Users\Frank\Desktop\prest.kaywa.com.png
[2012/11/27 16:15:02 | 003,247,669 | ---- | M] () -- C:\Users\Frank\Desktop\ptpt.jpg
[2012/11/27 13:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012/11/22 14:52:04 | 000,041,941 | ---- | M] () -- C:\Users\Frank\Desktop\Jackson.m3u
[2012/11/22 14:45:19 | 000,280,697 | ---- | M] () -- C:\Users\Frank\Desktop\notpod-1.5.1-installer.exe
[2012/11/22 12:46:42 | 000,032,706 | ---- | M] () -- C:\Users\Frank\Documents\LINDA.m3u
[2012/11/22 11:53:34 | 000,005,120 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 23:17:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012/11/20 23:00:27 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/20 14:41:14 | 004,652,950 | ---- | M] () -- C:\Users\Frank\Desktop\ptttty.jpg
[2012/11/18 12:32:25 | 000,044,302 | ---- | M] () -- C:\Users\Frank\Desktop\Ptty.jpg
[2012/11/18 12:15:01 | 000,215,607 | ---- | M] () -- C:\Users\Frank\Desktop\Pony.jpg
[2012/11/18 12:13:47 | 000,057,780 | ---- | M] () -- C:\Users\Frank\Desktop\mnny.jpg
[2012/11/18 04:45:03 | 000,278,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 01:12:01 | 003,445,165 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_140857.jpg
[2012/11/16 01:11:55 | 003,336,493 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_140945.jpg
[2012/11/16 01:11:17 | 003,652,645 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_142443.jpg
[2012/11/16 01:11:11 | 004,145,061 | ---- | M] () -- C:\Users\Frank\Desktop\20121115_142459.jpg
[2012/11/16 01:01:26 | 038,853,503 | ---- | M] () -- C:\Users\Frank\Desktop\13920 Chatham.zip
[2012/11/14 11:56:25 | 000,476,343 | ---- | M] () -- C:\Users\Frank\Desktop\contacts.csv
[2012/11/09 13:01:49 | 000,066,560 | ---- | M] () -- C:\Users\Frank\Desktop\13524439111890.jpg
[2012/11/09 13:01:43 | 000,072,889 | ---- | M] () -- C:\Users\Frank\Desktop\13524439112271.jpg
[2012/11/09 13:01:38 | 000,058,382 | ---- | M] () -- C:\Users\Frank\Desktop\13524439122333.jpg
[2012/11/09 13:01:34 | 000,056,307 | ---- | M] () -- C:\Users\Frank\Desktop\13524439120302.jpg
[2012/11/09 13:01:31 | 000,058,466 | ---- | M] () -- C:\Users\Frank\Desktop\13524439125654.jpg
[2012/11/07 18:37:57 | 000,022,736 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/11/07 18:37:36 | 000,041,240 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/11/07 18:37:34 | 000,301,264 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/11/07 18:37:31 | 000,390,392 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/11/02 15:38:48 | 000,001,120 | ---- | M] () -- C:\Users\Frank\Desktop\qrcode.png
[1 C:\Users\Frank\*.tmp files -> C:\Users\Frank\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/30 18:06:40 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/30 11:56:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/30 11:56:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/30 11:56:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/30 11:56:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/30 11:56:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/29 14:45:10 | 000,001,120 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/11/29 14:45:10 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/11/29 13:52:55 | 000,452,061 | ---- | C] () -- C:\Users\Frank\Desktop\TBPpdf.PDF
[2012/11/29 01:15:35 | 000,061,440 | ---- | C] ( ) -- C:\Users\Frank\Desktop\VEW.exe
[2012/11/29 01:15:01 | 004,009,167 | ---- | C] () -- C:\Users\Frank\Desktop\ServicesRepair.exe
[2012/11/28 23:11:05 | 001,793,973 | ---- | C] () -- C:\Users\Frank\Desktop\TeamEpic-Root-from-Recovery-v5.zip
[2012/11/28 16:14:42 | 000,059,463 | ---- | C] () -- C:\Users\Frank\Desktop\13532227425960.jpg
[2012/11/28 16:14:34 | 000,065,135 | ---- | C] () -- C:\Users\Frank\Desktop\13532227427571.jpg
[2012/11/28 16:14:26 | 000,077,153 | ---- | C] () -- C:\Users\Frank\Desktop\13532227434523.jpg
[2012/11/28 16:14:19 | 000,063,950 | ---- | C] () -- C:\Users\Frank\Desktop\13532227433452.jpg
[2012/11/28 16:14:04 | 000,075,355 | ---- | C] () -- C:\Users\Frank\Desktop\13532227438804.jpg
[2012/11/28 16:13:58 | 000,052,104 | ---- | C] () -- C:\Users\Frank\Desktop\13532227440065.jpg
[2012/11/28 16:13:48 | 000,081,415 | ---- | C] () -- C:\Users\Frank\Desktop\13532227444086.jpg
[2012/11/28 16:13:33 | 000,057,580 | ---- | C] () -- C:\Users\Frank\Desktop\13532227445947.jpg
[2012/11/28 16:13:23 | 000,067,921 | ---- | C] () -- C:\Users\Frank\Desktop\13532227449798.jpg
[2012/11/28 16:13:13 | 000,056,891 | ---- | C] () -- C:\Users\Frank\Desktop\13532227450919.jpg
[2012/11/28 16:12:56 | 000,074,373 | ---- | C] () -- C:\Users\Frank\Desktop\13532227455430.jpg
[2012/11/28 16:12:47 | 000,068,280 | ---- | C] () -- C:\Users\Frank\Desktop\13532227460102.jpg
[2012/11/28 16:12:39 | 000,128,242 | ---- | C] () -- C:\Users\Frank\Desktop\13532227462603.jpg
[2012/11/28 16:12:28 | 000,167,022 | ---- | C] () -- C:\Users\Frank\Desktop\13532227466824.jpg
[2012/11/28 16:12:07 | 000,146,065 | ---- | C] () -- C:\Users\Frank\Desktop\13532227467655.jpg
[2012/11/27 18:47:29 | 000,033,593 | ---- | C] () -- C:\Users\Frank\Desktop\DOC112712-11272012160027.pdf
[2012/11/27 16:19:34 | 000,002,066 | ---- | C] () -- C:\Users\Frank\Desktop\prest.kaywa.com.png
[2012/11/27 16:14:52 | 003,247,669 | ---- | C] () -- C:\Users\Frank\Desktop\ptpt.jpg
[2012/11/22 14:52:03 | 000,041,941 | ---- | C] () -- C:\Users\Frank\Desktop\Jackson.m3u
[2012/11/22 14:45:03 | 000,280,697 | ---- | C] () -- C:\Users\Frank\Desktop\notpod-1.5.1-installer.exe
[2012/11/22 12:46:42 | 000,032,706 | ---- | C] () -- C:\Users\Frank\Documents\LINDA.m3u
[2012/11/20 23:00:27 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/20 14:40:58 | 004,652,950 | ---- | C] () -- C:\Users\Frank\Desktop\ptttty.jpg
[2012/11/19 09:47:48 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012/11/18 12:32:22 | 000,044,302 | ---- | C] () -- C:\Users\Frank\Desktop\Ptty.jpg
[2012/11/18 12:14:59 | 000,215,607 | ---- | C] () -- C:\Users\Frank\Desktop\Pony.jpg
[2012/11/18 12:13:41 | 000,057,780 | ---- | C] () -- C:\Users\Frank\Desktop\mnny.jpg
[2012/11/18 03:57:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/18 03:08:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/16 01:11:58 | 003,445,165 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_140857.jpg
[2012/11/16 01:11:49 | 003,336,493 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_140945.jpg
[2012/11/16 01:11:15 | 003,652,645 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_142443.jpg
[2012/11/16 01:11:04 | 004,145,061 | ---- | C] () -- C:\Users\Frank\Desktop\20121115_142459.jpg
[2012/11/16 01:00:43 | 038,853,503 | ---- | C] () -- C:\Users\Frank\Desktop\13920 Chatham.zip
[2012/11/14 11:56:10 | 000,476,343 | ---- | C] () -- C:\Users\Frank\Desktop\contacts.csv
[2012/11/09 13:01:48 | 000,066,560 | ---- | C] () -- C:\Users\Frank\Desktop\13524439111890.jpg
[2012/11/09 13:01:43 | 000,072,889 | ---- | C] () -- C:\Users\Frank\Desktop\13524439112271.jpg
[2012/11/09 13:01:38 | 000,058,382 | ---- | C] () -- C:\Users\Frank\Desktop\13524439122333.jpg
[2012/11/09 13:01:34 | 000,056,307 | ---- | C] () -- C:\Users\Frank\Desktop\13524439120302.jpg
[2012/11/09 13:01:25 | 000,058,466 | ---- | C] () -- C:\Users\Frank\Desktop\13524439125654.jpg
[2012/11/02 15:37:03 | 000,001,120 | ---- | C] () -- C:\Users\Frank\Desktop\qrcode.png
[2012/10/21 08:23:22 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/15 00:50:36 | 000,005,120 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 11:26:54 | 000,001,057 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\vso_ts_preview.xml
[2011/07/18 09:54:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/06 23:26:41 | 000,000,075 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/13 00:11:36 | 000,744,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721050CLA SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: KODAK SD/MMC card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 455.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 488680456192
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/02/12 21:36:52 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe
[2011/04/09 15:16:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AnvSoft
[2012/03/27 13:42:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Apple Computer
[2011/02/12 22:12:50 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AquaSoft
[2011/02/12 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ArcSoft
[2012/06/21 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Audacity
[2012/10/31 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2011/02/12 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Azureus
[2011/02/12 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\CyberLink
[2012/11/30 19:35:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012/11/29 15:54:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Foxit Software
[2011/04/09 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Fronoh
[2011/09/18 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Hewlett-Packard
[2012/11/18 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HP Support Assistant
[2012/11/19 09:43:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\hpqLog
[2012/11/18 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HpUpdate
[2011/02/12 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities
[2011/06/19 08:51:21 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\iWin
[2012/11/22 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Jaran Nilsen
[2012/11/06 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\JRT Studio
[2011/03/31 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Juniper Networks
[2012/08/10 23:27:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\KODAK AiO Home Center273917869
[2012/09/03 06:20:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\KODAK AiO Home Center593199750
[2011/02/12 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia
[2011/02/13 00:34:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs
[2012/11/06 17:19:24 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft
[2011/02/12 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mobipocket
[2011/02/12 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla
[2011/05/20 12:29:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenCandy
[2011/05/20 12:43:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Orbit
[2011/02/16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PDF reDirect
[2011/02/12 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PictureMover
[2011/05/20 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ProgSense
[2012/10/21 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\QuickScan
[2011/02/12 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Real
[2011/02/12 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Research In Motion
[2011/05/20 12:42:09 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Sammsoft
[2012/10/18 02:04:21 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Samsung
[2012/11/30 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\SoftGrid Client
[2011/02/12 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Sun
[2011/05/18 09:35:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/16 22:47:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Temp
[2011/02/12 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2011/02/13 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TP
[2012/09/03 10:42:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Vso
[2011/02/26 10:50:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Walgreens
[2011/09/29 23:01:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WinBatch
[2011/04/08 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Windows Live Writer
[2011/03/06 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\YCanPDF

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/10/06 01:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 01:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 01:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 00:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/29 14:23:32 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/29 14:23:32 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/29 14:23:32 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/23 13:45:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/23 13:45:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/23 13:45:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/10/29 14:23:32 | 000,889,848 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/10/29 14:23:32 | 000,889,848 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/10/29 14:23:32 | 000,889,848 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/10/29 14:24:18 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/23 13:45:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/23 13:45:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/23 13:45:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
OTL Extras logfile created on: 11/30/2012 7:47:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frank\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.07% Memory free
3.50 Gb Paging File | 1.46 Gb Available in Paging File | 41.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.02 Gb Total Space | 365.48 Gb Free Space | 80.32% Space Free | Partition Type: NTFS
Drive D: | 10.64 Gb Total Space | 1.57 Gb Free Space | 14.78% Space Free | Partition Type: NTFS

Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D006E5B-D6EF-47DC-9BF2-6A902E951BC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2313078A-BF36-40DC-93FD-0AD90A314AD8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{268EB3F4-95CB-4F55-BF2E-16D81A7747A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29EBDFA2-F523-48A3-B3CA-7B9D212E402B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A83DA40-BFF6-4FE7-9773-29377CB0C2BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BAF4737-7F28-4442-A436-0E79CC54DDF5}" = lport=445 | protocol=6 | dir=in | app=system |
"{3424243D-D1C2-4C1C-9251-0EB57069835D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{3B8EC208-2D28-4D7B-BDD9-35D4FCC6F92E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{4E29855D-165F-41DD-BDB0-5EC6F11959C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{58136E78-99F2-49CF-870B-9BCD932FCCE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CB2F2E9-6438-47E7-8AB2-F3C19EBBBA5F}" = rport=138 | protocol=17 | dir=out | app=system |
"{615DC2B4-5F7F-4ABC-A52B-479411D14DF3}" = rport=445 | protocol=6 | dir=out | app=system |
"{63DB9BA3-2B26-45C3-BE60-E12A8B080CFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CF73D53-F1A0-4C3C-9D19-BA253E1478E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7505CC4E-53BA-4C34-B707-D8378AFE566C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75EA7087-38C0-46EE-BB0E-F9CC0CC5EF43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EE6B273-6E75-45EE-B98A-F8FF1D1EC125}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{913E8162-2B22-4B82-A4B3-D3EE21BD6AAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{A434DA87-B7C3-46CD-9D68-FA493291F23F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAEFEC4E-B43F-4908-AD92-8E4044FB9D77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4722988-9180-43AD-9CFD-64D993AAA2EE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C62B5D98-A97D-4735-BFE3-4E4A2D47299E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAA0BF38-BEB2-4699-94FB-370CC46F93A5}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{CC5E2B72-F9D0-41D3-9BD0-7E0F6EA5856D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1621CC1-9965-4F55-A9D5-B28FE02EEE9C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D59D275F-2848-4B2D-ADD8-B3C4D3E437AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E191F9BB-FEBE-4F90-AD64-219DD152CE6B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E5538EC1-6D5E-473E-A174-8F84D089ACD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EA83820F-A9EB-4AC3-B780-383F1F712674}" = rport=137 | protocol=17 | dir=out | app=system |
"{F4D3C460-6205-4BFF-8610-CF4E9251953E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A26D5F-B0B9-49A1-8072-1E1C8699D0F4}" = protocol=1 | dir=out | [email protected],-28544 |
"{08728803-5292-48E0-87C7-8693F6B71CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{1AA8CCFD-3D80-48C4-9635-97D3B42D5404}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{23444BA2-A94A-4F66-89CE-FC5ED4A9473A}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{265935D1-3D4A-45DF-8CA4-1F32B66882DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B9933C7-02BC-43DC-B16D-ED1DF8697FDB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3215DDEF-729F-4128-9144-857C48A36B67}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E15F192-F4F0-4FD0-AB45-1F5062D63A53}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{48A1CF33-BD46-43EC-8A19-C763717A7ECC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E930554-4353-420F-9A39-9A580D6EF6C9}" = protocol=1 | dir=in | [email protected],-28543 |
"{50ECE2B3-2B81-4724-BC80-877D74986487}" = protocol=6 | dir=in | app=c:\program files (x86)\tunesync\tunesync.exe |
"{53F21C68-B2F9-4E1F-A0FA-9F17A1A4A306}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{61C8E950-15E0-416B-9B96-CA899277E6D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{645A3775-5923-4AF4-ADA8-9570FBCCD08C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunesync\tunesync.exe |
"{647E13E9-4549-420A-AEE2-6B55A11250B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6A419A65-BC24-4E96-BD11-A28228198956}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{7C08E89A-5901-436B-82A2-390E76DA50CE}" = protocol=58 | dir=in | [email protected],-28545 |
"{7D371CF2-D9E5-4775-BC4D-B0532BE2DAE7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{80F08931-1364-4496-9C8D-CCD0CDDB8FAA}" = protocol=58 | dir=out | [email protected],-28546 |
"{819551B3-8033-4882-B4CD-11EEBEED557E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9339F1B9-CCFC-4DBD-9A2E-E49F9E05C5BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C2E50A1-4CF4-48B2-877B-37F0F5138F72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A3FCCB51-F10B-441C-8FC5-BFF54491F4CB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A4D5A605-C862-4354-A53E-73A2CDD2B56C}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{A652CB49-CB3E-4D39-B861-6B65C71E3B02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A77CE10D-112D-4802-8DB6-7144CD49F39C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A886DD23-ED40-4F75-8546-9EAF75F2410D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{AB018DBE-0CEC-4D58-B8B1-3C953D10167D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF1D1FFB-6440-47B4-A25B-415AEF011E8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1C98D34-CC72-474C-815C-25DC900034C2}" = protocol=6 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe |
"{B25A5A8B-9403-4356-9842-82F5730508CD}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{B426E690-3C35-4A72-BF99-220AF5521079}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5F609F3-825A-4570-8382-430E1BFD0FC3}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{B6D44C05-4482-4137-A0AE-509317AD9B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC6B96D1-8AE5-4949-B7DB-7CAC90C2366D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{BCEEF7EB-74ED-434B-8C84-1F3BF7FCEAFE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BD599992-BDD1-4BB9-ABE9-3A9F24F9D963}" = protocol=17 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe |
"{C39FE9D3-AE1A-4012-9825-0E1CEFFD0356}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C6B108B8-74F9-4EA0-91EA-13F60AC467FD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{DC341C06-FF30-40CC-B5DB-DEE962E0B9F7}" = protocol=6 | dir=out | app=system |
"{DF374ADE-3F53-4A15-86BD-D12C23F731A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4FD30E1-409F-46A1-9576-70C77076A283}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E93DDB8D-6F33-423F-BC12-BE48C1E56791}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F128868F-02D7-4DC5-AC0C-0C3B04250B44}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{F4FD9E69-560C-43A7-9C86-495212EB4DBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7C2CC98-5E26-4ED1-BC0C-0B2037AA8C5A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{FB1A0BF8-32D3-4A5A-A173-52986C86CE00}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA4FFFE4-0517-46AC-A19B-A8013985F766}" = Microsoft Live Search Toolbar
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.5
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Creator" = Foxit Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Free Window Registry Repair" = Free Window Registry Repair
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF reDirect" = PDF reDirect (remove only)
"Picasa 3" = Picasa 3
"PrintProjects" = PrintProjects
"SpywareBlaster_is1" = SpywareBlaster 4.6
"The Off By One Web Browser" = The Off By One Web Browser
"TuneSync Server" = TuneSync Server 2.0.25
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-c785e4f2-abd6-4498-ad64-5b7b6834f26c" = Super TextTwist
"WTA-e34956eb-42ce-4593-910e-3d62e6950702" = TextTwist 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"Juniper_Setup_Client" = Juniper Networks Setup Client
"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2012 10:30:54 AM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Frank-PC.local already in use; will try Frank-PC-2.local
instead

Error - 9/9/2012 4:31:03 PM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.122:5353 18 122.1.168.192.in-addr.arpa.
PTR Frank-PC-2.local.

Error - 9/9/2012 4:31:04 PM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 122.1.168.192.in-addr.arpa.
PTR Frank-PC.local.

Error - 9/9/2012 4:31:04 PM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.123:5353 4 frank-PC.local.
Addr 192.168.1.123

Error - 9/9/2012 4:31:04 PM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Frank-PC.local.
Addr 192.168.1.122

Error - 9/9/2012 4:31:04 PM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Frank-PC.local already in use; will try Frank-PC-2.local
instead

Error - 9/10/2012 9:59:08 AM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.106:5353 18 106.1.168.192.in-addr.arpa.
PTR Frank-PC-2.local.

Error - 9/10/2012 9:59:08 AM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 106.1.168.192.in-addr.arpa.
PTR Frank-PC.local.

Error - 9/10/2012 9:59:09 AM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.101:5353 4 frank-PC.local.
Addr 192.168.1.101

Error - 9/10/2012 9:59:09 AM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Frank-PC.local.
Addr 192.168.1.106

Error - 9/10/2012 9:59:09 AM | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Frank-PC.local already in use; will try Frank-PC-2.local
instead

[ Hewlett-Packard Events ]
Error - 7/30/2012 10:34:20 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/30/2012 10:34:25 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/30/2012 10:34:35 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/30/2012 10:35:37 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/30/2012 10:35:53 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 8/5/2012 6:02:13 PM | Computer Name = Frank-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1790 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 8/12/2012 1:35:30 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 8/12/2012 1:35:30 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 8/12/2012 1:35:41 AM | Computer Name = Frank-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 8/12/2012 1:46:09 AM | Computer Name = Frank-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1790 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

[ System Events ]
Error - 1/31/2012 2:31:58 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :20" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 1/31/2012 2:31:58 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 2:54:31 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 2:59:36 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 3:00:49 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 4:28:44 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 4:39:27 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 4:48:33 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 4:48:36 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.

Error - 2/3/2012 7:57:14 PM | Computer Name = Frank-PC | Source = NetBT | ID = 4321
Description = The name "FRANK-PC :0" could not be registered on the interface
with IP address 192.168.1.138. The computer with the IP address 192.168.1.134 did
not allow the name to be claimed by this computer.


< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
(Start) Right click on Computer and select Manage (Continue) then Services and Applications then Services. Find the Windows Presentation Foundation Font Cache 3.0.0.0 service and right click on it and select Properties. Change the Startup Type: to disabled. Stop the service.

Now copy the next line:

del /a C:\Windows\ServiceProfiles\LocalService\AppData\Local\Font*.dat


(Start), All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Now go back to services menu as before in the properties for Windows Presentation Foundation Font Cache 3.0.0.0 service change the Startup Type: to Manual then Apply. Try to Start the service. Does it start?

If so run Process Explorer again as before and post the log. If it doesn't start then Stop it and change the Startup type to Disabled, Apply then run Process Explorer.
  • 0

#7
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
I had to disable it

It got hung up on starting

Here's the log

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
PresentationFontCache.exe 3908 66.64 27,728 K 2,236 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 5552 17.28 23,088 K 45,660 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
dwm.exe 2952 4.15 53,004 K 44,444 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
EKAiOHostService.exe 1748 3.74 26,684 K 13,376 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
Interrupts n/a 1.78 0 K 0 K Hardware Interrupts and DPCs
svchost.exe 1044 1.26 31,624 K 25,420 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmplayer.exe 5816 0.89 23,792 K 39,256 K Windows Media Player Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 504 0.53 10,856 K 14,144 K (Unable to verify) (null)
explorer.exe 3000 0.48 35,668 K 45,152 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
MusicManager.exe 3436 0.46 14,768 K 14,692 K Music Manager Google Inc. (Unable to verify) Google Inc.
System 4 0.33 356 K 224 K
HP_Remote_Solution.exe 3696 0.32 3,608 K 2,324 K HP Remote Solution Hewlett-Packard (Unable to verify) Hewlett-Packard
svchost.exe 728 0.32 4,820 K 4,064 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 1012 0.29 75,892 K 55,144 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe 1432 0.28 11,136 K 14,092 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 4720 0.27 78,240 K 87,448 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
cfp.exe 3324 0.21 21,060 K 4,108 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
cmdagent.exe 916 0.17 40,264 K 2,268 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
lsass.exe 612 0.10 5,160 K 6,284 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
EKStatusMonitor.exe 3112 0.09 7,324 K 8,240 K Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
services.exe 556 0.06 7,096 K 5,524 K (Unable to verify) (null)
EKPrinterSDK.exe 1788 0.05 5,256 K 5,140 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
svchost.exe 984 0.05 28,520 K 10,868 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 4824 0.04 17,364 K 7,352 K Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
TuneSync.exe 3500 0.03 31,464 K 6,584 K TuneSync Server Fireleap Software LLC (Verified) Highwind Software LLC
svchost.exe 828 0.03 5,776 K 6,176 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SUPERANTISPYWARE.EXE 3384 0.02 514,864 K 848 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
csrss.exe 444 0.02 1,992 K 1,872 K (Unable to verify) (null)
iPodService.exe 2960 0.01 3,124 K 2,436 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
OffSpon.EXE 5252 0.01 11,320 K 25,292 K (Unable to verify) (null)
svchost.exe 436 0.01 22,476 K 12,500 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1140 0.01 9,604 K 10,756 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 2052 0.01 9,556 K 21,720 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2364 0.01 42,144 K 8,540 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1644 0.01 4,368 K 2,860 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
sftlist.exe 2220 0.01 12,532 K 12,900 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
wmpnetwk.exe 3088 0.01 14,004 K 2,752 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
SASCore64.exe 1620 0.01 1,932 K 224 K (Unable to verify) (null)
lsm.exe 620 0.01 3,076 K 1,696 K (Unable to verify) (null)
conhost.exe 3780 0.01 1,376 K 332 K (Unable to verify) (null)
nvvsvc.exe 1228 < 0.01 3,144 K 1,056 K (Unable to verify) (null)
HPAdvisor.exe 3716 < 0.01 60,900 K 11,556 K HP Advisor Hewlett-Packard (Verified) Hewlett-Packard Company
WLIDSVC.EXE 2168 < 0.01 6,736 K 3,084 K (Unable to verify) (null)
svchost.exe 1568 < 0.01 8,548 K 12,452 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4100 < 0.01 10,564 K 10,156 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mmc.exe 2228 < 0.01 51,936 K 26,116 K (Unable to verify) (null)
HPSA_Service.exe 2656 < 0.01 29,480 K 5,660 K HP Support Assistant Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
msntask.exe 5236 < 0.01 9,732 K 18,980 K MSN Task Processor Microsoft Corp. (Verified) Microsoft Corporation
iTunesHelper.exe 3756 < 0.01 3,776 K 2,508 K iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe 812 < 0.01 92,924 K 82,732 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2296 1,508 K 124 K (Unable to verify) (null)
WINWORDC.EXE 4416 25,144 K 78,896 K (Unable to verify) (null)
winlogon.exe 584 2,564 K 1,228 K (Unable to verify) (null)
wininit.exe 492 1,812 K 128 K (Unable to verify) (null)
VSSVC.exe 4864 2,320 K 1,372 K Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2784 8,412 K 2,224 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 0 K 24 K
svchost.exe 1468 13,984 K 11,092 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2100 4,584 K 3,872 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4868 1,784 K 1,040 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3008 2,688 K 2,868 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 4848 3,556 K 10,740 K Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 300 380 K 64 K (Unable to verify) (null)
sftvsa.exe 2080 1,704 K 156 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 1904 2,672 K 7,516 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OSPPSVC.EXE 5644 3,032 K 10,412 K (Unable to verify) (null)
OFFICEVIRT.EXE 5228 2,248 K 6,144 K (Verified) Microsoft Corporation
nvvsvc.exe 788 1,640 K 120 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
msseces.exe 3332 7,464 K 2,044 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 700 2,404 K 604 K (Unable to verify) (null)
MpCmdRun.exe 3880 3,100 K 2,432 K (Unable to verify) (null)
mDNSResponder.exe 1708 2,404 K 2,644 K Bonjour Service Apple Inc. (Verified) Apple Inc.
LSSrvc.exe 1820 1,528 K 152 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
Locator.exe 1088 1,252 K 112 K Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
hpwuschd2.exe 3732 1,240 K 772 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hpsysdrv.exe 3680 1,180 K 544 K hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
FlashUtil32_11_4_402_287_ActiveX.exe 5684 2,688 K 7,708 K Adobe® Flash® Player Installer/Uninstaller 11.4 r402 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
Dropbox.exe 3588 49,228 K 11,188 K Dropbox Dropbox, Inc. (Verified) Dropbox
dllhost.exe 4656 2,640 K 2,728 K (Unable to verify) (null)
CVHSVC.EXE 2636 9,080 K 3,940 K (Unable to verify) (null)
CVH.EXE 5180 7,872 K 17,220 K Microsoft Office Client Virtualization Handler Microsoft Corporation (Verified) Microsoft Corporation
conhost.exe 4328 1,840 K 6,724 K (Unable to verify) (null)
cmd.exe 5612 2,544 K 3,584 K (Unable to verify) (null)
atashost.exe 1684 1,408 K 140 K WebEx Host for Support Center Cisco WebEx LLC (Verified) WebEx Communications Inc.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

PresentationFontCache.exe 3908 66.64 27,728 K 2,236 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows


Doesn't look like it stayed disabled. See if you can Stop the service or use Process Explorer to Kill the process. That should speed up things so we can use the PC.

Apparently it uses DirectX so let's see if we can install the latest version of DirectX for Windows 7 which is DirectX 11.0.

You can get it from http://www.tomsguide...,0301-2158.html Download and Save then right click and Run As Admin (Uncheck the free Bing bar). After it installs, see if you can change the Windows Presentation Foundation Font Cache 3.0.0.0 service to Manual and Start the service now.
  • 0

#9
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok i got it to start
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Run Process Explorer as before. What CPU usage do you see for System Idle now?
  • 0

Advertisements


#11
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok i have peocess exp open where do i find system idle stats?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
If things have improved then it should be at the top of the CPU usage list but if not it may be down in the middle:

System Idle Process 0 0 K 24 K

If you don't see it just make a new proc exp log and copy and paste it.
  • 0

#13
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Heres the log

Its still running slow


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
atashost.exe 1712 1,408 K 136 K WebEx Host for Support Center Cisco WebEx LLC (Verified) WebEx Communications Inc.
audiodg.exe 5496 17,176 K 17,608 K (Unable to verify) (null)
CVHSVC.EXE 2596 7,100 K 1,840 K (Unable to verify) (null)
dllhost.exe 2872 2,656 K 2,644 K (Unable to verify) (null)
FlashUtil32_11_4_402_287_ActiveX.exe 1428 2,688 K 1,656 K Adobe® Flash® Player Installer/Uninstaller 11.4 r402 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
hpsysdrv.exe 3736 1,176 K 532 K hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
hpwuschd2.exe 3800 1,232 K 768 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
ielowutil.exe 5036 1,528 K 1,164 K Internet Low-Mic Utility Tool Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 1976 1,252 K 100 K Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 580 5,072 K 5,780 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LSSrvc.exe 1904 1,528 K 132 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
mDNSResponder.exe 1748 2,432 K 2,652 K Bonjour Service Apple Inc. (Verified) Apple Inc.
msseces.exe 3440 6,104 K 964 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 2744 20,588 K 7,052 K Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe 784 1,644 K 104 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
PresentationFontCache.exe 5008 29,200 K 300 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3756 2,676 K 7,364 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
sftlist.exe 2228 6,200 K 884 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
sftvsa.exe 1484 1,700 K 144 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 300 376 K 60 K (Unable to verify) (null)
svchost.exe 2064 4,864 K 3,396 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3004 3,068 K 3,196 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1376 14,060 K 13,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 652 93,340 K 80,216 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 444 21,096 K 12,360 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 0 K 24 K
taskeng.exe 1924 2,156 K 6,400 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 5048 1,936 K 5,572 K (Unable to verify) (null)
taskhost.exe 5332 6,232 K 11,968 K (Unable to verify) (null)
taskhost.exe 3024 8,316 K 4,900 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 488 1,836 K 112 K (Unable to verify) (null)
winlogon.exe 596 2,652 K 152 K (Unable to verify) (null)
WLIDSVCM.EXE 2328 1,512 K 104 K (Unable to verify) (null)
msntask.exe 3820 < 0.01 10,928 K 13,152 K MSN Task Processor Microsoft Corp. (Verified) Microsoft Corporation
iTunesHelper.exe 3864 < 0.01 3,804 K 2,528 K iTunesHelper Apple Inc. (Verified) Apple Inc.
WLIDSVC.EXE 2168 < 0.01 5,956 K 2,820 K (Unable to verify) (null)
HPSA_Service.exe 4668 < 0.01 29,716 K 4,652 K HP Support Assistant Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
HPAdvisor.exe 3892 < 0.01 59,952 K 4,776 K HP Advisor Hewlett-Packard (Verified) Hewlett-Packard Company
SearchIndexer.exe 3140 < 0.01 37,984 K 11,164 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 588 < 0.01 2,984 K 1,700 K (Unable to verify) (null)
svchost.exe 1028 < 0.01 30,396 K 23,500 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
EKAiOHostService.exe 1784 < 0.01 36,260 K 13,188 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
nvvsvc.exe 1304 0.01 3,152 K 988 K (Unable to verify) (null)
csrss.exe 440 0.01 2,004 K 1,012 K (Unable to verify) (null)
svchost.exe 1132 0.01 10,376 K 11,520 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1684 0.01 4,804 K 2,952 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
SASCore64.exe 1664 0.01 1,932 K 224 K (Unable to verify) (null)
iexplore.exe 4528 0.01 9,804 K 5,076 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4288 0.01 10,272 K 9,760 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3988 0.01 15,120 K 13,288 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 3900 0.02 3,084 K 2,192 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
services.exe 552 0.02 6,912 K 5,912 K (Unable to verify) (null)
cmdagent.exe 860 0.02 40,768 K 3,244 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
svchost.exe 956 0.02 30,056 K 11,424 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SUPERANTISPYWARE.EXE 3492 0.03 517,472 K 972 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
Dropbox.exe 3692 0.03 49,588 K 12,488 K Dropbox Dropbox, Inc. (Verified) Dropbox
svchost.exe 1464 0.05 8,848 K 10,216 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 1012 0.08 77,692 K 28,712 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
EKStatusMonitor.exe 2976 0.13 6,444 K 4,012 K Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
svchost.exe 824 0.13 6,040 K 5,884 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
cfp.exe 3432 0.18 19,600 K 8,680 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
iexplore.exe 4912 0.22 70,808 K 10,960 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
System 4 0.22 368 K 168 K
explorer.exe 3152 0.26 31,580 K 31,288 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 720 0.35 4,800 K 3,984 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HP_Remote_Solution.exe 3792 0.36 3,620 K 2,056 K HP Remote Solution Hewlett-Packard (Unable to verify) Hewlett-Packard
csrss.exe 500 0.47 10,572 K 2,300 K (Unable to verify) (null)
spoolsv.exe 1328 0.97 10,644 K 7,212 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
EKPrinterSDK.exe 1828 1.17 5,300 K 3,824 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
Interrupts n/a 1.75 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 3108 2.24 51,620 K 37,344 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 584 6.59 22,668 K 44,392 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
MusicManager.exe 3652 31.16 64,556 K 16,272 K Music Manager Google Inc. (Unable to verify) Google Inc.
wmplayer.exe 6032 53.44 23,676 K 38,964 K Windows Media Player Microsoft Corporation (Verified) Microsoft Windows
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [MusicManager] C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED File not found
O4 - HKCU..\Run: [TuneSync] C:\Program Files (x86)\TuneSync\TuneSync.exe (Fireleap Software LLC)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

:files
C:\Windows\SysNative\csrss.exe|C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe /replace
C:\Windows\SysNative\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe /replace

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12012012-some number.log so if you don't see it look there.

Run Process Explorer again as before and post the log.
  • 0

#15
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok heres the OTL log

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
File c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MusicManager deleted successfully.
C:\Users\Frank\AppData\Local\Programs\Google\MusicManager\MusicManager.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NortonOnlineBackupReminder deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TuneSync deleted successfully.
C:\Program Files (x86)\TuneSync\TuneSync.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
========== FILES ==========
File C:\Windows\SysNative\csrss.exe successfully replaced with C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
File C:\Windows\SysNative\services.exe successfully replaced with C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Frank
->Flash cache emptied: 4403 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Frank

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12022012_07062

Heres the procexp log

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 59.53 0 K 24 K
procexp64.exe 4760 9.89 24,980 K 46,952 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
SearchFilterHost.exe 4104 7.00 4,560 K 10,452 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 3140 1.64 50,216 K 43,740 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 1.20 0 K 0 K Hardware Interrupts and DPCs
SearchProtocolHost.exe 3112 3.51 5,516 K 8,220 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 4056 2.18 49,052 K 42,920 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 1020 1.46 75,120 K 53,036 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
System 4 0.59 188 K 908 K
csrss.exe 504 0.11 10,232 K 13,692 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
cfp.exe 3360 0.10 16,876 K 4,020 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
svchost.exe 732 0.36 4,540 K 7,816 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HP_Remote_Solution.exe 3928 0.37 3,296 K 6,224 K HP Remote Solution Hewlett-Packard (Unable to verify) Hewlett-Packard
lsass.exe 588 0.17 4,852 K 9,532 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 3164 0.37 36,908 K 61,984 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 960 0.03 2,920 K 6,004 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
Dropbox.exe 3668 < 0.01 49,328 K 26,836 K Dropbox Dropbox, Inc. (Verified) Dropbox
SUPERANTISPYWARE.EXE 3452 0.04 514,804 K 1,408 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
svchost.exe 1568 0.09 7,008 K 12,972 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 5080 0.01 9,832 K 23,912 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
services.exe 556 6,972 K 8,004 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SASCore64.exe 1608 0.01 1,932 K 3,548 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
AppleMobileDeviceService.exe 1628 0.02 4,000 K 8,180 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 1140 0.01 9,128 K 15,428 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2196 0.01 6,760 K 10,848 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
EKAiOHostService.exe 1732 10.00 32,868 K 23,092 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
nvvsvc.exe 1368 0.01 3,132 K 5,884 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
cmdagent.exe 868 0.02 39,552 K 4,028 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
svchost.exe 988 < 0.01 13,864 K 13,512 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3936 0.04 14,908 K 5,492 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 444 0.01 2,048 K 3,748 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 2304 < 0.01 67,108 K 75,500 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
HPAdvisor.exe 3300 < 0.01 60,356 K 7,532 K HP Advisor Hewlett-Packard (Verified) Hewlett-Packard Company
svchost.exe 1036 0.01 23,368 K 32,376 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HPSA_Service.exe 2824 < 0.01 29,364 K 20,640 K HP Support Assistant Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
iTunesHelper.exe 4084 < 0.01 3,760 K 8,092 K iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe 832 0.03 4,840 K 7,864 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4968 2,836 K 6,668 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2380 1,512 K 2,996 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 604 2,556 K 5,588 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 492 1,812 K 4,020 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2564 3,492 K 6,536 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 488 19,076 K 18,096 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 908 < 0.01 79,296 K 82,656 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4116 0.03 9,968 K 13,036 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1460 12,860 K 13,660 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2064 4,344 K 6,656 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1236 2,656 K 5,044 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1420 0.83 9,800 K 12,608 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 300 356 K 884 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sftvsa.exe 1520 1,704 K 4,552 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
sftlist.exe 2268 6,216 K 8,736 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 4788 2,672 K 7,468 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 4944 25,720 K 16,544 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe 792 1,640 K 3,536 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
NisSrv.exe 2976 12,448 K 5,776 K Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 3372 6,012 K 10,144 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
msiexec.exe 1836 2,312 K 5,256 K Windows® installer Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1692 2,356 K 5,116 K Bonjour Service Apple Inc. (Verified) Apple Inc.
LSSrvc.exe 1800 1,532 K 4,012 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
lsm.exe 596 2,900 K 4,284 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 1912 1,248 K 2,660 K Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
ielowutil.exe 3348 1,516 K 1,740 K Internet Low-Mic Utility Tool Microsoft Corporation (Verified) Microsoft Windows
hpwuschd2.exe 3944 1,240 K 3,864 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hpsysdrv.exe 3872 1,176 K 3,716 K hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
FlashUtil32_11_4_402_287_ActiveX.exe 2408 2,700 K 7,632 K Adobe® Flash® Player Installer/Uninstaller 11.4 r402 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
EKStatusMonitor.exe 3268 0.18 6,212 K 10,544 K Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
EKPrinterSDK.exe 1764 0.13 4,832 K 6,940 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
dllhost.exe 4552 2,640 K 7,256 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
CVHSVC.EXE 2728 5,284 K 7,776 K Microsoft Office Client Virtualization Service Microsoft Corporation (Verified) Microsoft Corporation
audiodg.exe 1092 17,724 K 17,420 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atashost.exe 1656 1,408 K 3,664 K WebEx Host for Support Center Cisco WebEx LLC (Verified) WebEx Communications Inc.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP