Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Alureon-AXW trojan and Win32:Malware-gen


  • Please log in to reply

#1
beejee

beejee

    Member

  • Member
  • PipPip
  • 48 posts
Three days ago I had a totally black screen with a movable cursor. My OS is Vista Home Premium and I have an HP Pavilion dv4 notebook PC. I did a restore in which I was able to boot to my desktop but then the next day the black screen was back and restore did not work. I was able to open in Safe Mode where I ran SuperAntiSpyware and Avast. I can't remember what all I did, but Avast found Win32:Alureon-AXW trojan and Win32:Malware-gen which I deleted from the virus chest. It started running fine again for a day. Then I downloaded EMET and added all apps. When I did a restart, the black screen was back again. I ran Avast, SuperAntiSpyware and Spybot a few times in Safe Mode but haven't found anything. I also deleted all the apps out of EMET and tried to uninstall but it wouldn't uninstall in Safe Mode. It also takes longer for Safe Mode to load. I think this trojan may still be lurking about and that I may have caused more problems by downloading EMET. Thanks for your help.

OTL from three days ago follows:

OTL logfile created on: 1/13/2013 8:42:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeannene\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 77.24% Memory free
7.98 Gb Paging File | 7.19 Gb Available in Paging File | 90.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 156.62 Gb Free Space | 54.69% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Computer Name: LAPTOP2 | User Name: Jeannene | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/13 08:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeannene\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/01/28 07:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 13:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 08:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/27 15:05:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/08 02:40:28 | 000,152,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecmdm.sys -- (ssecmdm)
DRV:64bit: - [2009/09/08 02:40:28 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecbus.sys -- (ssecbus)
DRV:64bit: - [2009/09/08 02:40:28 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecmdfl.sys -- (ssecmdfl)
DRV:64bit: - [2009/06/27 14:42:27 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/25 07:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/02/17 11:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/01/28 07:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/30 06:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 07:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 11:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/28 03:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 11:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 17:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003/09/15 10:57:35 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys -- (ElbyCDIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C8512D14-B450-422A-A5E5-EB7C11AE2469}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C8512D14-B450-422A-A5E5-EB7C11AE2469}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.condui...&ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {6191A68B-9AAA-455B-917F-55BBD3342B58}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{018FD540-75AB-4000-A206-65664BBD9E54}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3730E888-30A1-43FA-A6D2-509427C0CB46}: "URL" = http://www.amazon.co...y={searchTerms}
IE - HKCU\..\SearchScopes\{6191A68B-9AAA-455B-917F-55BBD3342B58}: "URL" = http://search.condui...&ctid=CT3227980
IE - HKCU\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT1419405.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Power Karaoke Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..extensions.enabledAddons: {3303e956-2a3a-48e0-be39-2e0ef11a2f44}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {f34c9277-6577-4dff-b2d7-7d58092f272f}:1.0.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/01 00:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/18 19:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/23 19:32:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/01 19:37:13 | 000,000,000 | ---D | M]

[2012/12/28 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Extensions
[2012/12/25 17:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions
[2011/09/22 14:00:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/24 16:17:26 | 000,000,000 | ---D | M] (Power Karaoke) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}
[2012/12/25 17:39:27 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2011/09/22 13:59:50 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\[email protected]
[2012/08/27 15:00:02 | 000,463,542 | ---- | M] () (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\abb-install.xpi
[2013/01/04 16:05:43 | 000,001,026 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\searchplugins\power-karaoke-customized-web-search.xml
[2012/12/25 17:39:17 | 000,002,687 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\searchplugins\Search_Results.xml
[2012/12/28 22:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/25 17:39:33 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/12/23 19:32:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/09 07:09:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/25 17:39:17 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/03/09 07:09:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - Extension: No name found = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmaeahhdjjcpionggajmbcinfikbial\10.11.21.5_0\
CHR - Extension: No name found = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmaeahhdjjcpionggajmbcinfikbial\10.13.20.300_0\
CHR - Extension: No name found = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/09/05 23:08:57 | 000,327,720 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11213 more lines...
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0CC09160-108C-4759-BAB1-5C12C216E005} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: amazon.com ([payments] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E75DF6-6745-4FA5-953C-181729413414}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7054C4-04E4-4870-8ED3-5CC837DC262C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jeannene\Pictures\lonnieandme\IMG_4154.JPG
O24 - Desktop BackupWallPaper: C:\Users\Jeannene\Pictures\lonnieandme\IMG_4154.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4479eee2-b071-11de-9d41-00235aaf021e}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{9bb5170f-33a6-11df-85f1-00235aaf021e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bb5170f-33a6-11df-85f1-00235aaf021e}\Shell\AutoRun\command - "" = F:\VividShare.exe
O33 - MountPoints2\{9bb51749-33a6-11df-85f1-00235aaf021e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bb51749-33a6-11df-85f1-00235aaf021e}\Shell\AutoRun\command - "" = F:\VividShare.exe
O33 - MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
O33 - MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\Shell\explore\command - "" = \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
O33 - MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\Shell\Open\command - "" = \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
O33 - MountPoints2\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VividShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\MFAData
[2013/01/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\Avg2013
[2012/12/27 06:21:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/12/25 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/12/25 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2012/12/25 17:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/12/25 17:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2012/12/25 17:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\iLivid
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/13 08:35:51 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/13 08:35:51 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 08:35:51 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 08:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/11 21:14:37 | 000,313,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/11 17:11:51 | 000,000,732 | ---- | M] () -- C:\Users\Jeannene\AppData\Local\d3d9caps64.dat
[2013/01/10 03:00:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 03:00:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 21:19:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000UA.job
[2013/01/09 14:04:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000Core.job
[2013/01/07 21:29:06 | 000,010,258 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\wklnhst.dat
[2013/01/04 18:33:25 | 000,000,449 | ---- | M] () -- C:\Users\Jeannene\Desktop\leapftp.ini
[2013/01/04 18:33:25 | 000,000,039 | ---- | M] () -- C:\Users\Jeannene\Desktop\sites.ini
[2013/01/04 08:43:52 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeannene.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/11 17:11:51 | 000,000,732 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\d3d9caps64.dat
[2012/12/30 22:23:00 | 000,000,039 | ---- | C] () -- C:\Users\Jeannene\Desktop\sites.ini
[2012/12/29 18:18:45 | 000,000,449 | ---- | C] () -- C:\Users\Jeannene\Desktop\leapftp.ini
[2012/12/25 17:42:59 | 000,000,848 | ---- | C] () -- C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012/08/27 15:38:00 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/17 23:03:21 | 000,010,258 | ---- | C] () -- C:\Users\Jeannene\AppData\Roaming\wklnhst.dat
[2009/08/23 18:17:12 | 003,110,453 | ---- | C] () -- C:\Users\Jeannene\Burning CDGs From Any Drive.zip
[2009/08/17 23:22:08 | 000,006,756 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\d3d9caps.dat
[2009/07/26 14:34:25 | 000,020,480 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/12/02 10:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\AVG10
[2009/09/27 11:49:35 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\avidemux
[2009/10/09 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/27 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\DAEMON Tools Lite
[2012/08/27 15:53:22 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Doblon
[2010/02/04 12:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\DriverCure
[2009/09/27 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\GetRightToGo
[2009/07/31 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\gtk-2.0
[2009/10/14 08:55:15 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\muvee Technologies
[2011/01/06 22:29:26 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Netscape
[2010/10/17 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Registry Mechanic
[2010/08/16 17:16:00 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Template
[2009/09/28 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Uniblue
[2011/11/04 11:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\webex
[2010/12/19 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:727F0DFB807522E6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:13D63198
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C8512D14-B450-422A-A5E5-EB7C11AE2469}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C8512D14-B450-422A-A5E5-EB7C11AE2469}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.condui...&ctid=CT3227980
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {6191A68B-9AAA-455B-917F-55BBD3342B58}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{6191A68B-9AAA-455B-917F-55BBD3342B58}: "URL" = http://search.condui...&ctid=CT3227980
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
FF - prefs.js..CT1419405.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Power Karaoke Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..extensions.enabledAddons: {3303e956-2a3a-48e0-be39-2e0ef11a2f44}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {f34c9277-6577-4dff-b2d7-7d58092f272f}:1.0.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2442000223144104&o=APN10645&q="
[2012/12/24 16:17:26 | 000,000,000 | ---D | M] (Power Karaoke) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}
[2012/12/25 17:39:27 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2011/09/22 13:59:50 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\[email protected]
[2012/08/27 15:00:02 | 000,463,542 | ---- | M] () (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\abb-install.xpi
[2013/01/04 16:05:43 | 000,001,026 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\searchplugins\power-karaoke-customized-web-search.xml
[2012/12/25 17:39:17 | 000,002,687 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\searchplugins\Search_Results.xml
[2012/12/25 17:39:33 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/12/25 17:39:17 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0CC09160-108C-4759-BAB1-5C12C216E005} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O33 - MountPoints2\{4479eee2-b071-11de-9d41-00235aaf021e}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{9bb5170f-33a6-11df-85f1-00235aaf021e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bb5170f-33a6-11df-85f1-00235aaf021e}\Shell\AutoRun\command - "" = F:\VividShare.exe
O33 - MountPoints2\{9bb51749-33a6-11df-85f1-00235aaf021e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bb51749-33a6-11df-85f1-00235aaf021e}\Shell\AutoRun\command - "" = F:\VividShare.exe
O33 - MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
O33 - MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\Shell\explore\command - "" = \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
O33 - MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\Shell\Open\command - "" = \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
O33 - MountPoints2\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VividShare.exe

:files
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe
C:\RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01172013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



Does this complete without complaining?


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL log:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8512D14-B450-422A-A5E5-EB7C11AE2469}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8512D14-B450-422A-A5E5-EB7C11AE2469}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8512D14-B450-422A-A5E5-EB7C11AE2469}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8512D14-B450-422A-A5E5-EB7C11AE2469}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0cc09160-108c-4759-bab1-5c12c216e005} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6191A68B-9AAA-455B-917F-55BBD3342B58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6191A68B-9AAA-455B-917F-55BBD3342B58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: true removed from CT1419405.browser.search.defaultthis.engineName
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Power Karaoke Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: [email protected]:1.2 removed from extensions.enabledAddons
Prefs.js: {3303e956-2a3a-48e0-be39-2e0ef11a2f44}:10.13.40.15 removed from extensions.enabledAddons
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledAddons
Prefs.js: {f34c9277-6577-4dff-b2d7-7d58092f272f}:1.0.0.12 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.2 removed from extensions.enabledItems
Prefs.js: "http://dts.search-re...&o=APN10645&q=" removed from keyword.URL
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\Plugins folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\modules folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\META-INF folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\lib folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\defaults\preferences folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\defaults folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\sl folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\lib folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\core folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa\404 folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\wa folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\menu folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\gf folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ui folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\sp\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\sp folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\options\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\options\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\options\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\options folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\msd folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\features\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\features folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\api folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ac\res folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ac\img folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ac\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\ac folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al\aboutBox folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb\al folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content\tb folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405\content folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome\CT1419405 folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}\chrome folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{3303e956-2a3a-48e0-be39-2e0ef11a2f44} folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\components folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\searchbar folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\options folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\debugbar folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale\toolbar folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale\lib folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data\weather folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data\search folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\modules folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\lib folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\[email protected] folder moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\abb-install.xpi moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\searchplugins\power-karaoke-customized-web-search.xml moved successfully.
C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\searchplugins\Search_Results.xml moved successfully.
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
File c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ not found.
File C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0CC09160-108C-4759-BAB1-5C12C216E005} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~3\Wincert\WIN64C~1.DLL deleted successfully.
C:\ProgramData\Wincert\win64cert.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~3\Wincert\WIN32C~1.DLL deleted successfully.
C:\ProgramData\Wincert\win32cert.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4479eee2-b071-11de-9d41-00235aaf021e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4479eee2-b071-11de-9d41-00235aaf021e}\ not found.
File F:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb5170f-33a6-11df-85f1-00235aaf021e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb5170f-33a6-11df-85f1-00235aaf021e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb5170f-33a6-11df-85f1-00235aaf021e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb5170f-33a6-11df-85f1-00235aaf021e}\ not found.
File F:\VividShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb51749-33a6-11df-85f1-00235aaf021e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb51749-33a6-11df-85f1-00235aaf021e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb51749-33a6-11df-85f1-00235aaf021e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb51749-33a6-11df-85f1-00235aaf021e}\ not found.
File F:\VividShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5ad4b62-e79b-11df-b832-00235aaf021e}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5ad4b62-e79b-11df-b832-00235aaf021e}\ not found.
File \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5ad4b62-e79b-11df-b832-00235aaf021e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5ad4b62-e79b-11df-b832-00235aaf021e}\ not found.
File \RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\ not found.
File F:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc8f4edf-cf1a-11de-aba7-00235aaf021e}\ not found.
File F:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\VividShare.exe not found.
========== FILES ==========
< at /c >
The service has not been started.
C:\Users\Jeannene\Downloads\cmd.bat deleted successfully.
C:\Users\Jeannene\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
File\Folder C:\Windows\assembly\GAC\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522\eWEJOMiA.exe not found.
Folder C:\RECYCLER\S-1-6-76-2238681671-3338750476-860565611-7522 not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Jeannene
->Flash cache emptied: 2001402 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Jeannene
->Java cache emptied: 67209936 bytes

User: Public

Total Java Files Cleaned = 64.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01182013_150814
  • 0

#4
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ron,

The aswMBR.exe scan was interrupted before it finished scanning and tried to reboot. I immediately went to safe mode because I didn't know what was happening. It only gave me a few seconds to select f8. It never reached the option to press the enabled Fix button or a not enabled Fix button to save the log. I am waiting for your assistance before proceeding.

Thanx
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Just go on with the other scans. If something doesn't work, skip it and go on.
  • 0

#6
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ComboFix 13-01-17.04 - Jeannene 01/18/2013 17:08:07.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2381 [GMT -6:00]
Running from: c:\users\Jeannene\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.2480.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
.
.
2013-01-18 23:15 . 2013-01-18 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 21:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FF5BD13-5E9A-404E-9175-1A6F2AC12F5C}\mpengine.dll
2013-01-18 21:08 . 2013-01-18 21:08 -------- d-----w- C:\_OTL
2013-01-18 20:00 . 2013-01-18 20:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-18 20:00 . 2013-01-18 20:00 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-01-18 19:59 . 2013-01-18 19:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-01-18 19:59 . 2013-01-18 19:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-01-18 19:59 . 2013-01-18 19:59 192728 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-01-18 19:59 . 2013-01-18 19:59 115168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-01-18 19:59 . 2013-01-18 19:59 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-01-18 19:59 . 2013-01-18 19:59 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-01-17 01:20 . 2013-01-17 01:20 -------- d-----w- c:\program files (x86)\EMET
2013-01-16 21:45 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-13 22:33 . 2013-01-13 22:33 -------- d-----w- c:\users\Jeannene\AppData\Roaming\SUPERAntiSpyware.com
2013-01-13 22:33 . 2013-01-13 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-13 18:06 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-13 18:06 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-13 18:06 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-13 18:06 . 2012-10-30 23:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-13 18:06 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-13 18:06 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-13 18:06 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-13 18:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-13 18:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-13 18:05 . 2013-01-13 18:05 -------- d-----w- c:\programdata\AVAST Software
2013-01-13 18:05 . 2013-01-13 18:05 -------- d-----w- c:\program files\AVAST Software
2013-01-12 03:33 . 2013-01-12 03:33 -------- d-----w- c:\users\Jeannene\AppData\Local\MFAData
2013-01-12 03:33 . 2013-01-12 03:33 -------- d-----w- c:\users\Jeannene\AppData\Local\Avg2013
2012-12-27 12:21 . 2012-12-27 12:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-27 12:21 . 2012-12-27 12:21 -------- d-----w- c:\windows\system32\Macromed
2012-12-26 02:06 . 2012-12-26 02:06 -------- d-----w- c:\programdata\Browser Manager
2012-12-25 23:42 . 2012-06-27 19:26 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-12-25 23:39 . 2013-01-18 21:08 -------- d-----w- c:\programdata\Wincert
2012-12-25 23:39 . 2012-12-25 23:39 -------- d-----w- c:\programdata\boost_interprocess
2012-12-25 23:39 . 2012-12-25 23:39 -------- d-----w- c:\program files (x86)\Search Results Toolbar
2012-12-25 23:38 . 2012-12-25 23:42 -------- d-----w- c:\users\Jeannene\AppData\Local\iLivid
2012-12-24 01:32 . 2013-01-18 19:59 4220896 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-12-24 01:32 . 2013-01-18 19:59 124896 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-12-21 09:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 09:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 12:21 . 2011-11-20 15:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 09:04 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-11-28 21:15 . 2012-11-28 21:17 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A4E3B2A-1C95-4E00-8F17-2B844D2205DF}\gapaengine.dll
2012-11-14 07:06 . 2012-12-13 09:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:55 . 2012-12-12 12:43 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:45 . 2012-12-12 12:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 12:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 12:43 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 12:43 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 12:43 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 12:43 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 12:43 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-02-11 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [2008-11-17 88576]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000Core.job
- c:\users\Jeannene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 16:52]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000UA.job
- c:\users\Jeannene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 16:52]
.
2009-08-24 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 01:17]
.
2013-01-18 c:\windows\Tasks\HPCeeScheduleForJeannene.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-12-19 247808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 170496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startpage.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: amazon.com\payments
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1419405&SearchSource=13
FF - ExtSQL: 2013-01-13 12:06; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.AMAZONNEW_NS_PH.associateid.oem - downloads-com-abb
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-18 17:19:28
ComboFix-quarantined-files.txt 2013-01-18 23:19
.
Pre-Run: 163,585,839,104 bytes free
Post-Run: 163,460,825,088 bytes free
.
- - End Of File - - 5413CB02BC0DACA7520AA582F6D32404
  • 0

#7
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
17:24:06.0943 4116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:24:08.0956 4116 ============================================================
17:24:08.0956 4116 Current date / time: 2013/01/18 17:24:08.0956
17:24:08.0956 4116 SystemInfo:
17:24:08.0956 4116
17:24:08.0956 4116 OS Version: 6.0.6002 ServicePack: 2.0
17:24:08.0956 4116 Product type: Workstation
17:24:08.0956 4116 ComputerName: LAPTOP2
17:24:08.0956 4116 UserName: Jeannene
17:24:08.0956 4116 Windows directory: C:\Windows
17:24:08.0956 4116 System windows directory: C:\Windows
17:24:08.0956 4116 Running under WOW64
17:24:08.0956 4116 Processor architecture: Intel x64
17:24:08.0956 4116 Number of processors: 2
17:24:08.0956 4116 Page size: 0x1000
17:24:08.0956 4116 Boot type: Normal boot
17:24:08.0956 4116 ============================================================
17:24:11.0545 4116 Drive \Device\Harddisk1\DR1 - Size: 0xEBE00000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:24:11.0561 4116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:11.0670 4116 Drive \Device\Harddisk1\DR1 - Size: 0xEBE00000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:24:11.0733 4116 ============================================================
17:24:11.0733 4116 \Device\Harddisk1\DR1:
17:24:11.0733 4116 MBR partitions:
17:24:11.0733 4116 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x75D000
17:24:11.0733 4116 \Device\Harddisk0\DR0:
17:24:11.0733 4116 MBR partitions:
17:24:11.0733 4116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23CCF800
17:24:11.0733 4116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23CD0000, BlocksNum 0x175D000
17:24:11.0733 4116 \Device\Harddisk1\DR1:
17:24:11.0733 4116 MBR partitions:
17:24:11.0733 4116 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x75D000
17:24:11.0733 4116 ============================================================
17:24:11.0764 4116 C: <-> \Device\Harddisk0\DR0\Partition1
17:24:11.0826 4116 D: <-> \Device\Harddisk0\DR0\Partition2
17:24:11.0826 4116 ============================================================
17:24:11.0826 4116 Initialize success
17:24:11.0826 4116 ============================================================
17:24:39.0875 3576 ============================================================
17:24:39.0875 3576 Scan started
17:24:39.0875 3576 Mode: Manual;
17:24:39.0875 3576 ============================================================
17:24:40.0593 3576 ================ Scan system memory ========================
17:24:40.0593 3576 System memory - ok
17:24:40.0593 3576 ================ Scan services =============================
17:24:40.0671 3576 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:24:40.0686 3576 !SASCORE - ok
17:24:40.0858 3576 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
17:24:40.0858 3576 Accelerometer - ok
17:24:40.0905 3576 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:24:40.0920 3576 ACPI - ok
17:24:41.0045 3576 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:24:41.0045 3576 AdobeARMservice - ok
17:24:41.0123 3576 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:24:41.0139 3576 adp94xx - ok
17:24:41.0185 3576 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:24:41.0185 3576 adpahci - ok
17:24:41.0201 3576 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:24:41.0217 3576 adpu160m - ok
17:24:41.0217 3576 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:24:41.0232 3576 adpu320 - ok
17:24:41.0279 3576 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:24:41.0279 3576 AeLookupSvc - ok
17:24:41.0404 3576 [ 9CAC9E19D71E4AF99920FCC3ECA0E3F1 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
17:24:41.0404 3576 AESTFilters - ok
17:24:41.0466 3576 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:24:41.0482 3576 AFD - ok
17:24:41.0529 3576 [ 734088CB57AEA704CA716C1C6BC5E0E6 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
17:24:41.0529 3576 AgereModemAudio - ok
17:24:41.0591 3576 [ 70E15CDA25E151DFC60636EF73F5A7BE ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:24:41.0622 3576 AgereSoftModem - ok
17:24:41.0700 3576 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:24:41.0700 3576 agp440 - ok
17:24:41.0731 3576 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:24:41.0747 3576 aic78xx - ok
17:24:41.0778 3576 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:24:41.0778 3576 ALG - ok
17:24:41.0809 3576 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
17:24:41.0809 3576 aliide - ok
17:24:41.0809 3576 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
17:24:41.0825 3576 amdide - ok
17:24:41.0856 3576 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:24:41.0856 3576 AmdK8 - ok
17:24:41.0903 3576 [ 69D882157E5E4D17D32E30182F945046 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
17:24:41.0919 3576 ApfiltrService - ok
17:24:41.0965 3576 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:24:41.0965 3576 Appinfo - ok
17:24:42.0028 3576 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:24:42.0043 3576 Apple Mobile Device - ok
17:24:42.0106 3576 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:24:42.0106 3576 arc - ok
17:24:42.0121 3576 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:24:42.0137 3576 arcsas - ok
17:24:42.0184 3576 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:24:42.0184 3576 aswFsBlk - ok
17:24:42.0246 3576 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:24:42.0246 3576 aswMonFlt - ok
17:24:42.0262 3576 [ A4096B90F21BBD2973AFAB8EEE01CD25 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
17:24:42.0262 3576 AswRdr - ok
17:24:42.0309 3576 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:24:42.0340 3576 aswSnx - ok
17:24:42.0371 3576 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:24:42.0387 3576 aswSP - ok
17:24:42.0402 3576 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:24:42.0402 3576 aswTdi - ok
17:24:42.0433 3576 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:24:42.0433 3576 AsyncMac - ok
17:24:42.0496 3576 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:24:42.0496 3576 atapi - ok
17:24:42.0558 3576 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:24:42.0574 3576 AudioEndpointBuilder - ok
17:24:42.0589 3576 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:24:42.0605 3576 AudioSrv - ok
17:24:42.0699 3576 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:24:42.0699 3576 avast! Antivirus - ok
17:24:42.0808 3576 [ 2C91205C43EA45CFE14E9E14E05601AE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:24:42.0886 3576 BCM43XX - ok
17:24:42.0901 3576 Beep - ok
17:24:42.0979 3576 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:24:42.0995 3576 BFE - ok
17:24:43.0089 3576 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
17:24:43.0135 3576 BITS - ok
17:24:43.0167 3576 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:24:43.0167 3576 blbdrive - ok
17:24:43.0260 3576 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:24:43.0260 3576 Bonjour Service - ok
17:24:43.0307 3576 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:24:43.0307 3576 bowser - ok
17:24:43.0354 3576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:24:43.0354 3576 BrFiltLo - ok
17:24:43.0369 3576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:24:43.0369 3576 BrFiltUp - ok
17:24:43.0401 3576 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:24:43.0416 3576 Browser - ok
17:24:43.0447 3576 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:24:43.0447 3576 Brserid - ok
17:24:43.0479 3576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:24:43.0479 3576 BrSerWdm - ok
17:24:43.0494 3576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:24:43.0494 3576 BrUsbMdm - ok
17:24:43.0510 3576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:24:43.0510 3576 BrUsbSer - ok
17:24:43.0557 3576 [ 471FF09330A53177BBE9FD6DDF8A8259 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
17:24:43.0557 3576 BthEnum - ok
17:24:43.0588 3576 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:24:43.0588 3576 BTHMODEM - ok
17:24:43.0635 3576 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:24:43.0635 3576 BthPan - ok
17:24:43.0713 3576 [ 7D104F22C04A76F0D2F96F789AC07FCB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:24:43.0728 3576 BTHPORT - ok
17:24:43.0791 3576 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
17:24:43.0791 3576 BthServ - ok
17:24:43.0806 3576 [ D9324F0C142267961CE900BFC3798BB1 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:24:43.0822 3576 BTHUSB - ok
17:24:43.0869 3576 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:24:43.0884 3576 BVRPMPR5a64 - ok
17:24:43.0884 3576 catchme - ok
17:24:43.0915 3576 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:24:43.0915 3576 cdfs - ok
17:24:43.0978 3576 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:24:43.0978 3576 cdrom - ok
17:24:44.0040 3576 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:24:44.0040 3576 CertPropSvc - ok
17:24:44.0056 3576 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:24:44.0056 3576 circlass - ok
17:24:44.0118 3576 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:24:44.0134 3576 CLFS - ok
17:24:44.0196 3576 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:24:44.0212 3576 clr_optimization_v2.0.50727_32 - ok
17:24:44.0259 3576 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:24:44.0274 3576 clr_optimization_v2.0.50727_64 - ok
17:24:44.0305 3576 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:24:44.0305 3576 CmBatt - ok
17:24:44.0305 3576 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:24:44.0305 3576 cmdide - ok
17:24:44.0383 3576 [ 2F27104F5D6ED63FDAC38CACB9D19DFD ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:24:44.0383 3576 Com4QLBEx - ok
17:24:44.0399 3576 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:24:44.0399 3576 Compbatt - ok
17:24:44.0415 3576 COMSysApp - ok
17:24:44.0415 3576 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:24:44.0430 3576 crcdisk - ok
17:24:44.0477 3576 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:24:44.0493 3576 CryptSvc - ok
17:24:44.0571 3576 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:24:44.0602 3576 DcomLaunch - ok
17:24:44.0649 3576 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:24:44.0664 3576 DfsC - ok
17:24:44.0805 3576 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:24:44.0851 3576 DFSR - ok
17:24:44.0914 3576 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:24:44.0929 3576 Dhcp - ok
17:24:44.0976 3576 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:24:44.0976 3576 disk - ok
17:24:45.0039 3576 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:24:45.0054 3576 Dnscache - ok
17:24:45.0085 3576 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:24:45.0085 3576 dot3svc - ok
17:24:45.0132 3576 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:24:45.0132 3576 DPS - ok
17:24:45.0179 3576 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:24:45.0179 3576 drmkaud - ok
17:24:45.0241 3576 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:24:45.0257 3576 dtsoftbus01 - ok
17:24:45.0319 3576 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:24:45.0335 3576 DXGKrnl - ok
17:24:45.0397 3576 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:24:45.0397 3576 E1G60 - ok
17:24:45.0413 3576 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:24:45.0413 3576 EapHost - ok
17:24:45.0444 3576 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:24:45.0460 3576 Ecache - ok
17:24:45.0507 3576 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:24:45.0522 3576 ehRecvr - ok
17:24:45.0553 3576 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:24:45.0553 3576 ehSched - ok
17:24:45.0600 3576 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:24:45.0600 3576 ehstart - ok
17:24:45.0631 3576 [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
17:24:45.0647 3576 ElbyCDFL - ok
17:24:45.0678 3576 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
17:24:45.0678 3576 ElbyCDIO - ok
17:24:45.0709 3576 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:24:45.0709 3576 elxstor - ok
17:24:45.0787 3576 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:24:45.0787 3576 EMDMgmt - ok
17:24:45.0819 3576 [ CD0C80E5E9A9BF8DD145F43713D77993 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
17:24:45.0834 3576 enecir - ok
17:24:45.0850 3576 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:24:45.0850 3576 ErrDev - ok
17:24:45.0912 3576 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:24:45.0912 3576 EventSystem - ok
17:24:45.0959 3576 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:24:45.0959 3576 exfat - ok
17:24:46.0006 3576 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:24:46.0006 3576 fastfat - ok
17:24:46.0053 3576 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:24:46.0053 3576 fdc - ok
17:24:46.0084 3576 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:24:46.0084 3576 fdPHost - ok
17:24:46.0099 3576 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:24:46.0099 3576 FDResPub - ok
17:24:46.0115 3576 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:24:46.0115 3576 FileInfo - ok
17:24:46.0146 3576 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:24:46.0146 3576 Filetrace - ok
17:24:46.0162 3576 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:24:46.0162 3576 flpydisk - ok
17:24:46.0224 3576 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:24:46.0224 3576 FltMgr - ok
17:24:46.0318 3576 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
17:24:46.0333 3576 FontCache - ok
17:24:46.0396 3576 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:24:46.0396 3576 FontCache3.0.0.0 - ok
17:24:46.0443 3576 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:24:46.0443 3576 Fs_Rec - ok
17:24:46.0474 3576 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:24:46.0474 3576 gagp30kx - ok
17:24:46.0505 3576 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:24:46.0505 3576 GEARAspiWDM - ok
17:24:46.0567 3576 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:24:46.0599 3576 gpsvc - ok
17:24:46.0645 3576 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:24:46.0661 3576 HdAudAddService - ok
17:24:46.0739 3576 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:24:46.0770 3576 HDAudBus - ok
17:24:46.0786 3576 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:24:46.0786 3576 HidBth - ok
17:24:46.0833 3576 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:24:46.0833 3576 HidIr - ok
17:24:46.0879 3576 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
17:24:46.0879 3576 hidserv - ok
17:24:46.0895 3576 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:24:46.0895 3576 HidUsb - ok
17:24:46.0926 3576 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:24:46.0926 3576 hkmsvc - ok
17:24:46.0957 3576 [ 158DDAC4AA0DFCF2E33B4F53CB5A20B9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:24:46.0957 3576 HP Health Check Service - ok
17:24:46.0989 3576 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:24:46.0989 3576 HpCISSs - ok
17:24:47.0020 3576 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
17:24:47.0020 3576 hpdskflt - ok
17:24:47.0035 3576 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:24:47.0035 3576 HpqKbFiltr - ok
17:24:47.0098 3576 [ 3E1CB5C4AFFA06B4B29E8FF12544CF23 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:24:47.0098 3576 hpqwmiex - ok
17:24:47.0113 3576 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe
17:24:47.0113 3576 hpsrv - ok
17:24:47.0191 3576 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:24:47.0207 3576 HTTP - ok
17:24:47.0223 3576 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:24:47.0223 3576 i2omp - ok
17:24:47.0269 3576 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:24:47.0269 3576 i8042prt - ok
17:24:47.0316 3576 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:24:47.0332 3576 iaStorV - ok
17:24:47.0363 3576 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:24:47.0363 3576 IDriverT - ok
17:24:47.0472 3576 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:24:47.0503 3576 idsvc - ok
17:24:47.0753 3576 [ 7B0A679638E9380C0D8D42C7D43F8169 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:24:47.0831 3576 igfx - ok
17:24:47.0847 3576 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:24:47.0862 3576 iirsp - ok
17:24:47.0909 3576 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:24:47.0909 3576 IKEEXT - ok
17:24:47.0971 3576 [ C7C9720A5B0FD2B974FC4F72E405204B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
17:24:47.0971 3576 IntcHdmiAddService - ok
17:24:48.0018 3576 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
17:24:48.0018 3576 intelide - ok
17:24:48.0034 3576 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:24:48.0034 3576 intelppm - ok
17:24:48.0065 3576 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:24:48.0065 3576 IPBusEnum - ok
17:24:48.0112 3576 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:24:48.0112 3576 IpFilterDriver - ok
17:24:48.0159 3576 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:24:48.0159 3576 iphlpsvc - ok
17:24:48.0159 3576 IpInIp - ok
17:24:48.0190 3576 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:24:48.0190 3576 IPMIDRV - ok
17:24:48.0221 3576 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:24:48.0221 3576 IPNAT - ok
17:24:48.0268 3576 [ 056AB99A00E2023A24AB4F067880CC3E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:24:48.0283 3576 iPod Service - ok
17:24:48.0299 3576 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:24:48.0299 3576 IRENUM - ok
17:24:48.0346 3576 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:24:48.0346 3576 isapnp - ok
17:24:48.0393 3576 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:24:48.0408 3576 iScsiPrt - ok
17:24:48.0424 3576 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:24:48.0424 3576 iteatapi - ok
17:24:48.0455 3576 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:24:48.0455 3576 iteraid - ok
17:24:48.0502 3576 [ B33736B29D70DBD275B099BCD4F5C1BA ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:24:48.0502 3576 JMCR - ok
17:24:48.0517 3576 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:24:48.0517 3576 kbdclass - ok
17:24:48.0564 3576 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:24:48.0564 3576 kbdhid - ok
17:24:48.0580 3576 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:24:48.0580 3576 KeyIso - ok
17:24:48.0658 3576 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:24:48.0673 3576 KSecDD - ok
17:24:48.0705 3576 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:24:48.0705 3576 ksthunk - ok
17:24:48.0767 3576 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:24:48.0783 3576 KtmRm - ok
17:24:48.0861 3576 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:24:48.0876 3576 LanmanServer - ok
17:24:48.0939 3576 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:24:48.0939 3576 LanmanWorkstation - ok
17:24:48.0954 3576 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:24:48.0954 3576 lltdio - ok
17:24:48.0985 3576 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:24:49.0001 3576 lltdsvc - ok
17:24:49.0017 3576 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:24:49.0017 3576 lmhosts - ok
17:24:49.0048 3576 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:24:49.0063 3576 LSI_FC - ok
17:24:49.0079 3576 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:24:49.0079 3576 LSI_SAS - ok
17:24:49.0079 3576 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:24:49.0095 3576 LSI_SCSI - ok
17:24:49.0110 3576 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:24:49.0110 3576 luafv - ok
17:24:49.0126 3576 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:24:49.0126 3576 Mcx2Svc - ok
17:24:49.0141 3576 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:24:49.0141 3576 megasas - ok
17:24:49.0173 3576 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:24:49.0188 3576 MegaSR - ok
17:24:49.0204 3576 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:24:49.0204 3576 MMCSS - ok
17:24:49.0219 3576 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:24:49.0235 3576 Modem - ok
17:24:49.0297 3576 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:24:49.0329 3576 monitor - ok
17:24:49.0344 3576 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:24:49.0344 3576 mouclass - ok
17:24:49.0360 3576 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:24:49.0360 3576 mouhid - ok
17:24:49.0375 3576 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:24:49.0375 3576 MountMgr - ok
17:24:49.0469 3576 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:24:49.0469 3576 MozillaMaintenance - ok
17:24:49.0516 3576 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:24:49.0531 3576 MpFilter - ok
17:24:49.0547 3576 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:24:49.0547 3576 mpio - ok
17:24:49.0563 3576 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:24:49.0563 3576 mpsdrv - ok
17:24:49.0656 3576 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:24:49.0672 3576 MpsSvc - ok
17:24:49.0687 3576 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:24:49.0687 3576 Mraid35x - ok
17:24:49.0750 3576 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:24:49.0750 3576 MRxDAV - ok
17:24:49.0812 3576 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:24:49.0828 3576 mrxsmb - ok
17:24:49.0875 3576 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:24:49.0890 3576 mrxsmb10 - ok
17:24:49.0890 3576 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:24:49.0890 3576 mrxsmb20 - ok
17:24:49.0953 3576 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
17:24:49.0953 3576 msahci - ok
17:24:49.0968 3576 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:24:49.0968 3576 msdsm - ok
17:24:49.0999 3576 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:24:49.0999 3576 MSDTC - ok
17:24:50.0031 3576 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:24:50.0031 3576 Msfs - ok
17:24:50.0062 3576 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:24:50.0062 3576 msisadrv - ok
17:24:50.0077 3576 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:24:50.0077 3576 MSiSCSI - ok
17:24:50.0093 3576 msiserver - ok
17:24:50.0140 3576 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:24:50.0140 3576 MSKSSRV - ok
17:24:50.0265 3576 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:24:50.0265 3576 MsMpSvc - ok
17:24:50.0296 3576 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:24:50.0296 3576 MSPCLOCK - ok
17:24:50.0327 3576 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:24:50.0327 3576 MSPQM - ok
17:24:50.0374 3576 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:24:50.0389 3576 MsRPC - ok
17:24:50.0421 3576 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:24:50.0421 3576 mssmbios - ok
17:24:50.0421 3576 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:24:50.0436 3576 MSTEE - ok
17:24:50.0452 3576 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:24:50.0452 3576 Mup - ok
17:24:50.0514 3576 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:24:50.0545 3576 napagent - ok
17:24:50.0608 3576 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:24:50.0608 3576 NativeWifiP - ok
17:24:50.0717 3576 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:24:50.0717 3576 NDIS - ok
17:24:50.0826 3576 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:24:50.0826 3576 NdisTapi - ok
17:24:50.0826 3576 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:24:50.0842 3576 Ndisuio - ok
17:24:50.0904 3576 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:24:50.0920 3576 NdisWan - ok
17:24:50.0935 3576 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:24:50.0935 3576 NDProxy - ok
17:24:50.0951 3576 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:24:50.0951 3576 NetBIOS - ok
17:24:50.0998 3576 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:24:51.0013 3576 netbt - ok
17:24:51.0029 3576 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:24:51.0029 3576 Netlogon - ok
17:24:51.0060 3576 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:24:51.0076 3576 Netman - ok
17:24:51.0138 3576 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:24:51.0138 3576 netprofm - ok
17:24:51.0247 3576 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:24:51.0247 3576 NetTcpPortSharing - ok
17:24:51.0388 3576 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
17:24:51.0497 3576 NETw3v64 - ok
17:24:51.0513 3576 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:24:51.0528 3576 nfrd960 - ok
17:24:51.0591 3576 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:24:51.0591 3576 NisDrv - ok
17:24:51.0653 3576 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:24:51.0653 3576 NisSrv - ok
17:24:51.0700 3576 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:24:51.0700 3576 NlaSvc - ok
17:24:51.0731 3576 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:24:51.0731 3576 Npfs - ok
17:24:51.0778 3576 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:24:51.0793 3576 nsi - ok
17:24:51.0809 3576 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:24:51.0809 3576 nsiproxy - ok
17:24:51.0934 3576 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:24:52.0012 3576 Ntfs - ok
17:24:52.0059 3576 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:24:52.0059 3576 NuidFltr - ok
17:24:52.0074 3576 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:24:52.0074 3576 Null - ok
17:24:52.0105 3576 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:24:52.0105 3576 nvraid - ok
17:24:52.0121 3576 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:24:52.0121 3576 nvstor - ok
17:24:52.0152 3576 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:24:52.0168 3576 nv_agp - ok
17:24:52.0168 3576 NwlnkFlt - ok
17:24:52.0183 3576 NwlnkFwd - ok
17:24:52.0308 3576 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:24:52.0324 3576 odserv - ok
17:24:52.0339 3576 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:24:52.0339 3576 ohci1394 - ok
17:24:52.0371 3576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:24:52.0371 3576 ose - ok
17:24:52.0433 3576 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:24:52.0464 3576 p2pimsvc - ok
17:24:52.0495 3576 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:24:52.0511 3576 p2psvc - ok
17:24:52.0527 3576 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:24:52.0542 3576 Parport - ok
17:24:52.0573 3576 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:24:52.0589 3576 partmgr - ok
17:24:52.0605 3576 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:24:52.0620 3576 PcaSvc - ok
17:24:52.0667 3576 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:24:52.0683 3576 pci - ok
17:24:52.0683 3576 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
17:24:52.0698 3576 pciide - ok
17:24:52.0714 3576 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:24:52.0714 3576 pcmcia - ok
17:24:52.0761 3576 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:24:52.0776 3576 PEAUTH - ok
17:24:52.0901 3576 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:24:52.0901 3576 PerfHost - ok
17:24:52.0979 3576 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:24:53.0041 3576 pla - ok
17:24:53.0104 3576 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:24:53.0119 3576 PlugPlay - ok
17:24:53.0151 3576 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:24:53.0166 3576 PNRPAutoReg - ok
17:24:53.0213 3576 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:24:53.0229 3576 PNRPsvc - ok
17:24:53.0275 3576 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:24:53.0369 3576 PolicyAgent - ok
17:24:53.0431 3576 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:24:53.0447 3576 PptpMiniport - ok
17:24:53.0478 3576 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:24:53.0478 3576 Processor - ok
17:24:53.0541 3576 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:24:53.0556 3576 ProfSvc - ok
17:24:53.0587 3576 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:24:53.0587 3576 ProtectedStorage - ok
17:24:53.0650 3576 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:24:53.0650 3576 PSched - ok
17:24:53.0728 3576 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:24:53.0759 3576 ql2300 - ok
17:24:53.0821 3576 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:24:53.0821 3576 ql40xx - ok
17:24:53.0853 3576 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:24:53.0868 3576 QWAVE - ok
17:24:53.0931 3576 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:24:53.0931 3576 QWAVEdrv - ok
17:24:53.0946 3576 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:24:53.0946 3576 RasAcd - ok
17:24:53.0977 3576 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:24:53.0977 3576 RasAuto - ok
17:24:54.0024 3576 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:24:54.0024 3576 Rasl2tp - ok
17:24:54.0071 3576 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:24:54.0133 3576 RasMan - ok
17:24:54.0180 3576 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:24:54.0180 3576 RasPppoe - ok
17:24:54.0227 3576 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:24:54.0243 3576 RasSstp - ok
17:24:54.0305 3576 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:24:54.0305 3576 rdbss - ok
17:24:54.0336 3576 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:24:54.0336 3576 RDPCDD - ok
17:24:54.0383 3576 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:24:54.0399 3576 rdpdr - ok
17:24:54.0399 3576 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:24:54.0399 3576 RDPENCDD - ok
17:24:54.0461 3576 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:24:54.0477 3576 RDPWD - ok
17:24:54.0508 3576 [ 6266D28705BC3F99E8BAC1F864C14E91 ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
17:24:54.0523 3576 Recovery Service for Windows - ok
17:24:54.0539 3576 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:24:54.0555 3576 RemoteAccess - ok
17:24:54.0586 3576 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:24:54.0601 3576 RemoteRegistry - ok
17:24:54.0664 3576 [ 72C35598BA591ABDDC37FCE7D26FE1C4 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:24:54.0664 3576 RFCOMM - ok
17:24:54.0742 3576 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:24:54.0742 3576 RichVideo - ok
17:24:54.0773 3576 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:24:54.0773 3576 RpcLocator - ok
17:24:54.0835 3576 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
17:24:54.0851 3576 RpcSs - ok
17:24:54.0898 3576 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:24:54.0898 3576 rspndr - ok
17:24:54.0945 3576 [ 390482953C63E81BAE52F20386394421 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:24:54.0945 3576 RTL8169 - ok
17:24:54.0960 3576 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:24:54.0960 3576 SamSs - ok
17:24:55.0038 3576 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:24:55.0038 3576 SASDIFSV - ok
17:24:55.0085 3576 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:24:55.0085 3576 SASKUTIL - ok
17:24:55.0101 3576 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:24:55.0101 3576 sbp2port - ok
17:24:55.0179 3576 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:24:55.0225 3576 SBSDWSCService - ok
17:24:55.0272 3576 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:24:55.0288 3576 SCardSvr - ok
17:24:55.0335 3576 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:24:55.0381 3576 Schedule - ok
17:24:55.0413 3576 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:24:55.0428 3576 SCPolicySvc - ok
17:24:55.0459 3576 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:24:55.0459 3576 sdbus - ok
17:24:55.0491 3576 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:24:55.0491 3576 SDRSVC - ok
17:24:55.0506 3576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:24:55.0506 3576 secdrv - ok
17:24:55.0522 3576 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:24:55.0522 3576 seclogon - ok
17:24:55.0537 3576 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
17:24:55.0537 3576 SENS - ok
17:24:55.0569 3576 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:24:55.0569 3576 Serenum - ok
17:24:55.0600 3576 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:24:55.0600 3576 Serial - ok
17:24:55.0615 3576 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:24:55.0615 3576 sermouse - ok
17:24:55.0662 3576 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:24:55.0662 3576 SessionEnv - ok
17:24:55.0678 3576 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:24:55.0693 3576 sffdisk - ok
17:24:55.0693 3576 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:24:55.0693 3576 sffp_mmc - ok
17:24:55.0709 3576 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:24:55.0709 3576 sffp_sd - ok
17:24:55.0725 3576 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:24:55.0725 3576 sfloppy - ok
17:24:55.0771 3576 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:24:55.0771 3576 SharedAccess - ok
17:24:55.0849 3576 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:24:55.0865 3576 ShellHWDetection - ok
17:24:55.0865 3576 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:24:55.0865 3576 SiSRaid2 - ok
17:24:55.0881 3576 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:24:55.0881 3576 SiSRaid4 - ok
17:24:55.0990 3576 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:24:56.0083 3576 slsvc - ok
17:24:56.0115 3576 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:24:56.0130 3576 SLUINotify - ok
17:24:56.0177 3576 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:24:56.0193 3576 Smb - ok
17:24:56.0224 3576 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:24:56.0224 3576 SNMPTRAP - ok
17:24:56.0286 3576 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:24:56.0286 3576 spldr - ok
17:24:56.0317 3576 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:24:56.0333 3576 Spooler - ok
17:24:56.0395 3576 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:24:56.0411 3576 srv - ok
17:24:56.0489 3576 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:24:56.0489 3576 srv2 - ok
17:24:56.0536 3576 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:24:56.0551 3576 srvnet - ok
17:24:56.0567 3576 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:24:56.0567 3576 SSDPSRV - ok
17:24:56.0614 3576 [ 78A4D20187B5C241C70AA8E9573B3A6C ] ssecbus C:\Windows\system32\DRIVERS\ssecbus.sys
17:24:56.0629 3576 ssecbus - ok
17:24:56.0692 3576 [ 6F65FFE86D515014E29FFF44DBBFA49A ] ssecmdfl C:\Windows\system32\DRIVERS\ssecmdfl.sys
17:24:56.0692 3576 ssecmdfl - ok
17:24:56.0770 3576 [ F4DB6272044F0023C5BA1E17DCC4BD5A ] ssecmdm C:\Windows\system32\DRIVERS\ssecmdm.sys
17:24:56.0770 3576 ssecmdm - ok
17:24:56.0801 3576 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:24:56.0817 3576 SstpSvc - ok
17:24:56.0926 3576 [ 60706B595C63B595DE05BA1B6EA008F8 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe
17:24:56.0941 3576 STacSV - ok
17:24:57.0004 3576 [ AA408EC8F77D3F5E745F5F7E5B133D8E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:24:57.0019 3576 STHDA - ok
17:24:57.0097 3576 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:24:57.0113 3576 stisvc - ok
17:24:57.0160 3576 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:24:57.0160 3576 swenum - ok
17:24:57.0207 3576 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:24:57.0238 3576 swprv - ok
17:24:57.0269 3576 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:24:57.0269 3576 Symc8xx - ok
17:24:57.0285 3576 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:24:57.0285 3576 Sym_hi - ok
17:24:57.0300 3576 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:24:57.0300 3576 Sym_u3 - ok
17:24:57.0363 3576 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:24:57.0394 3576 SysMain - ok
17:24:57.0456 3576 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:24:57.0472 3576 TabletInputService - ok
17:24:57.0519 3576 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:24:57.0550 3576 TapiSrv - ok
17:24:57.0565 3576 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:24:57.0581 3576 TBS - ok
17:24:57.0659 3576 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:24:57.0690 3576 Tcpip - ok
17:24:57.0737 3576 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:24:57.0753 3576 Tcpip6 - ok
17:24:57.0768 3576 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:24:57.0784 3576 tcpipreg - ok
17:24:57.0815 3576 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:24:57.0831 3576 TDPIPE - ok
17:24:57.0831 3576 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:24:57.0831 3576 TDTCP - ok
17:24:57.0893 3576 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:24:57.0893 3576 tdx - ok
17:24:57.0940 3576 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:24:57.0955 3576 TermDD - ok
17:24:58.0018 3576 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:24:58.0049 3576 TermService - ok
17:24:58.0080 3576 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:24:58.0080 3576 Themes - ok
17:24:58.0096 3576 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:24:58.0111 3576 THREADORDER - ok
17:24:58.0158 3576 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:24:58.0174 3576 TrkWks - ok
17:24:58.0236 3576 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:24:58.0236 3576 TrustedInstaller - ok
17:24:58.0252 3576 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:24:58.0267 3576 tssecsrv - ok
17:24:58.0299 3576 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:24:58.0299 3576 tunmp - ok
17:24:58.0361 3576 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:24:58.0361 3576 tunnel - ok
17:24:58.0470 3576 [ 4215ECFC15D265A8E6E1925084B80908 ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
17:24:58.0470 3576 TVCapSvc - ok
17:24:58.0486 3576 [ F386D56F1B6D70E0E4E70E494975D279 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
17:24:58.0486 3576 TVSched - ok
17:24:58.0517 3576 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:24:58.0517 3576 uagp35 - ok
17:24:58.0579 3576 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:24:58.0579 3576 udfs - ok
17:24:58.0626 3576 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:24:58.0626 3576 UI0Detect - ok
17:24:58.0657 3576 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:24:58.0673 3576 uliagpkx - ok
17:24:58.0704 3576 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:24:58.0720 3576 uliahci - ok
17:24:58.0767 3576 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:24:58.0767 3576 UlSata - ok
17:24:58.0829 3576 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:24:58.0845 3576 ulsata2 - ok
17:24:58.0845 3576 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:24:58.0845 3576 umbus - ok
17:24:58.0876 3576 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:24:58.0891 3576 upnphost - ok
17:24:58.0969 3576 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:24:58.0969 3576 usbaudio - ok
17:24:59.0032 3576 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:24:59.0032 3576 usbccgp - ok
17:24:59.0063 3576 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:24:59.0079 3576 usbcir - ok
17:24:59.0125 3576 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:24:59.0125 3576 usbehci - ok
17:24:59.0172 3576 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:24:59.0188 3576 usbhub - ok
17:24:59.0203 3576 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:24:59.0203 3576 usbohci - ok
17:24:59.0266 3576 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:24:59.0266 3576 usbprint - ok
17:24:59.0313 3576 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:24:59.0313 3576 usbscan - ok
17:24:59.0359 3576 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:24:59.0359 3576 USBSTOR - ok
17:24:59.0406 3576 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:24:59.0422 3576 usbuhci - ok
17:24:59.0437 3576 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:24:59.0453 3576 usbvideo - ok
17:24:59.0484 3576 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:24:59.0500 3576 UxSms - ok
17:24:59.0562 3576 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:24:59.0593 3576 vds - ok
17:24:59.0625 3576 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:24:59.0625 3576 vga - ok
17:24:59.0656 3576 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:24:59.0656 3576 VgaSave - ok
17:24:59.0671 3576 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
17:24:59.0671 3576 viaide - ok
17:24:59.0718 3576 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:24:59.0718 3576 volmgr - ok
17:24:59.0781 3576 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:24:59.0796 3576 volmgrx - ok
17:24:59.0859 3576 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:24:59.0874 3576 volsnap - ok
17:24:59.0905 3576 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:24:59.0905 3576 vsmraid - ok
17:24:59.0983 3576 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:25:00.0046 3576 VSS - ok
17:25:00.0093 3576 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:25:00.0124 3576 W32Time - ok
17:25:00.0139 3576 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:25:00.0155 3576 WacomPen - ok
17:25:00.0186 3576 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:25:00.0202 3576 Wanarp - ok
17:25:00.0202 3576 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:25:00.0202 3576 Wanarpv6 - ok
17:25:00.0249 3576 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:25:00.0249 3576 wcncsvc - ok
17:25:00.0327 3576 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:25:00.0327 3576 WcsPlugInService - ok
17:25:00.0342 3576 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:25:00.0342 3576 Wd - ok
17:25:00.0420 3576 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:25:00.0436 3576 Wdf01000 - ok
17:25:00.0467 3576 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:25:00.0483 3576 WdiServiceHost - ok
17:25:00.0483 3576 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:25:00.0498 3576 WdiSystemHost - ok
17:25:00.0529 3576 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:25:00.0529 3576 WebClient - ok
17:25:00.0576 3576 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:25:00.0592 3576 Wecsvc - ok
17:25:00.0607 3576 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:25:00.0623 3576 wercplsupport - ok
17:25:00.0639 3576 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:25:00.0639 3576 WerSvc - ok
17:25:00.0685 3576 WinDefend - ok
17:25:00.0701 3576 WinHttpAutoProxySvc - ok
17:25:00.0795 3576 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:25:00.0795 3576 Winmgmt - ok
17:25:00.0873 3576 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
17:25:00.0919 3576 WinRM - ok
17:25:01.0013 3576 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:25:01.0044 3576 Wlansvc - ok
17:25:01.0075 3576 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:25:01.0075 3576 WmiAcpi - ok
17:25:01.0138 3576 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:25:01.0138 3576 wmiApSrv - ok
17:25:01.0169 3576 WMPNetworkSvc - ok
17:25:01.0200 3576 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:25:01.0216 3576 WPCSvc - ok
17:25:01.0231 3576 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:25:01.0247 3576 WPDBusEnum - ok
17:25:01.0294 3576 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:25:01.0294 3576 WpdUsb - ok
17:25:01.0309 3576 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:25:01.0325 3576 ws2ifsl - ok
17:25:01.0372 3576 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
17:25:01.0372 3576 wscsvc - ok
17:25:01.0387 3576 WSearch - ok
17:25:01.0497 3576 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:25:01.0559 3576 wuauserv - ok
17:25:01.0621 3576 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:25:01.0621 3576 WUDFRd - ok
17:25:01.0637 3576 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:25:01.0653 3576 wudfsvc - ok
17:25:01.0699 3576 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
17:25:01.0699 3576 yukonx64 - ok
17:25:01.0731 3576 ================ Scan global ===============================
17:25:01.0762 3576 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:25:01.0809 3576 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:25:01.0840 3576 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:25:01.0902 3576 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:25:01.0918 3576 [Global] - ok
17:25:01.0918 3576 ================ Scan MBR ==================================
17:25:01.0918 3576 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:25:01.0980 3576 \Device\Harddisk1\DR1 - ok
17:25:01.0996 3576 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
17:25:02.0433 3576 \Device\Harddisk0\DR0 - ok
17:25:02.0448 3576 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:25:02.0495 3576 \Device\Harddisk1\DR1 - ok
17:25:02.0495 3576 ================ Scan VBR ==================================
17:25:02.0511 3576 [ C161A46B0D9C2310134E085985218A7B ] \Device\Harddisk1\DR1\Partition1
17:25:02.0511 3576 \Device\Harddisk1\DR1\Partition1 - ok
17:25:02.0511 3576 [ 2CCC589F00F233E0ECEB76F37B3A2DA4 ] \Device\Harddisk0\DR0\Partition1
17:25:02.0511 3576 \Device\Harddisk0\DR0\Partition1 - ok
17:25:02.0526 3576 [ FE4DF3A834D5DFBF294E3B43204F6F67 ] \Device\Harddisk0\DR0\Partition2
17:25:02.0526 3576 \Device\Harddisk0\DR0\Partition2 - ok
17:25:02.0526 3576 [ C161A46B0D9C2310134E085985218A7B ] \Device\Harddisk1\DR1\Partition1
17:25:02.0542 3576 \Device\Harddisk1\DR1\Partition1 - ok
17:25:02.0542 3576 ============================================================
17:25:02.0542 3576 Scan finished
17:25:02.0542 3576 ============================================================
17:25:02.0557 3852 Detected object count: 0
17:25:02.0557 3852 Actual detected object count: 0
17:26:20.0433 0900 ============================================================
17:26:20.0433 0900 Scan started
17:26:20.0433 0900 Mode: Manual; SigCheck; TDLFS;
17:26:20.0433 0900 ============================================================
17:26:20.0885 0900 ================ Scan system memory ========================
17:26:20.0885 0900 System memory - ok
17:26:20.0885 0900 ================ Scan services =============================
17:26:20.0979 0900 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:26:21.0103 0900 !SASCORE - ok
17:26:21.0259 0900 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
17:26:21.0259 0900 Accelerometer - ok
17:26:21.0306 0900 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:26:21.0322 0900 ACPI - ok
17:26:21.0415 0900 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:26:21.0431 0900 AdobeARMservice - ok
17:26:21.0462 0900 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:26:21.0493 0900 adp94xx - ok
17:26:21.0493 0900 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:26:21.0509 0900 adpahci - ok
17:26:21.0525 0900 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:26:21.0540 0900 adpu160m - ok
17:26:21.0571 0900 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:26:21.0587 0900 adpu320 - ok
17:26:21.0603 0900 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:26:21.0649 0900 AeLookupSvc - ok
17:26:21.0727 0900 [ 9CAC9E19D71E4AF99920FCC3ECA0E3F1 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
17:26:21.0759 0900 AESTFilters - ok
17:26:21.0790 0900 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:26:21.0821 0900 AFD - ok
17:26:21.0852 0900 [ 734088CB57AEA704CA716C1C6BC5E0E6 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
17:26:21.0868 0900 AgereModemAudio - ok
17:26:21.0899 0900 [ 70E15CDA25E151DFC60636EF73F5A7BE ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:26:21.0961 0900 AgereSoftModem - ok
17:26:22.0024 0900 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:26:22.0039 0900 agp440 - ok
17:26:22.0055 0900 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:26:22.0086 0900 aic78xx - ok
17:26:22.0102 0900 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:26:22.0149 0900 ALG - ok
17:26:22.0164 0900 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
17:26:22.0195 0900 aliide - ok
17:26:22.0195 0900 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
17:26:22.0211 0900 amdide - ok
17:26:22.0227 0900 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:26:22.0273 0900 AmdK8 - ok
17:26:22.0289 0900 [ 69D882157E5E4D17D32E30182F945046 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
17:26:22.0320 0900 ApfiltrService - ok
17:26:22.0336 0900 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:26:22.0351 0900 Appinfo - ok
17:26:22.0398 0900 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:26:22.0414 0900 Apple Mobile Device - ok
17:26:22.0429 0900 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:26:22.0445 0900 arc - ok
17:26:22.0445 0900 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:26:22.0461 0900 arcsas - ok
17:26:22.0523 0900 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:26:22.0539 0900 aswFsBlk - ok
17:26:22.0585 0900 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:26:22.0601 0900 aswMonFlt - ok
17:26:22.0617 0900 [ A4096B90F21BBD2973AFAB8EEE01CD25 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
17:26:22.0632 0900 AswRdr - ok
17:26:22.0663 0900 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:26:22.0710 0900 aswSnx - ok
17:26:22.0757 0900 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:26:22.0788 0900 aswSP - ok
17:26:22.0804 0900 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:26:22.0819 0900 aswTdi - ok
17:26:22.0835 0900 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:26:22.0882 0900 AsyncMac - ok
17:26:22.0944 0900 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:26:22.0960 0900 atapi - ok
17:26:23.0022 0900 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:26:23.0053 0900 AudioEndpointBuilder - ok
17:26:23.0085 0900 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:26:23.0147 0900 AudioSrv - ok
17:26:23.0241 0900 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:26:23.0256 0900 avast! Antivirus - ok
17:26:23.0334 0900 [ 2C91205C43EA45CFE14E9E14E05601AE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:26:23.0428 0900 BCM43XX - ok
17:26:23.0443 0900 Beep - ok
17:26:23.0490 0900 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:26:23.0521 0900 BFE - ok
17:26:23.0599 0900 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
17:26:23.0693 0900 BITS - ok
17:26:23.0771 0900 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:26:23.0802 0900 blbdrive - ok
17:26:23.0865 0900 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:26:23.0880 0900 Bonjour Service - ok
17:26:23.0927 0900 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:26:23.0943 0900 bowser - ok
17:26:23.0974 0900 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:26:24.0005 0900 BrFiltLo - ok
17:26:24.0021 0900 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:26:24.0052 0900 BrFiltUp - ok
17:26:24.0099 0900 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:26:24.0145 0900 Browser - ok
17:26:24.0161 0900 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:26:24.0223 0900 Brserid - ok
17:26:24.0255 0900 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:26:24.0317 0900 BrSerWdm - ok
17:26:24.0348 0900 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:26:24.0411 0900 BrUsbMdm - ok
17:26:24.0426 0900 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:26:24.0473 0900 BrUsbSer - ok
17:26:24.0520 0900 [ 471FF09330A53177BBE9FD6DDF8A8259 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
17:26:24.0520 0900 BthEnum - ok
17:26:24.0535 0900 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:26:24.0598 0900 BTHMODEM - ok
17:26:24.0613 0900 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:26:24.0645 0900 BthPan - ok
17:26:24.0691 0900 [ 7D104F22C04A76F0D2F96F789AC07FCB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:26:24.0707 0900 BTHPORT - ok
17:26:24.0754 0900 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
17:26:24.0769 0900 BthServ - ok
17:26:24.0801 0900 [ D9324F0C142267961CE900BFC3798BB1 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:26:24.0801 0900 BTHUSB - ok
17:26:24.0847 0900 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:26:24.0847 0900 BVRPMPR5a64 - ok
17:26:24.0863 0900 catchme - ok
17:26:24.0879 0900 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:26:24.0925 0900 cdfs - ok
17:26:24.0957 0900 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:26:24.0988 0900 cdrom - ok
17:26:25.0035 0900 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:26:25.0081 0900 CertPropSvc - ok
17:26:25.0097 0900 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:26:25.0144 0900 circlass - ok
17:26:25.0191 0900 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:26:25.0222 0900 CLFS - ok
17:26:25.0300 0900 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:25.0300 0900 clr_optimization_v2.0.50727_32 - ok
17:26:25.0362 0900 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:25.0378 0900 clr_optimization_v2.0.50727_64 - ok
17:26:25.0393 0900 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:26:25.0425 0900 CmBatt - ok
17:26:25.0425 0900 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:26:25.0440 0900 cmdide - ok
17:26:25.0487 0900 [ 2F27104F5D6ED63FDAC38CACB9D19DFD ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:26:25.0503 0900 Com4QLBEx - ok
17:26:25.0518 0900 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:26:25.0534 0900 Compbatt - ok
17:26:25.0534 0900 COMSysApp - ok
17:26:25.0534 0900 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:26:25.0549 0900 crcdisk - ok
17:26:25.0612 0900 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:26:25.0627 0900 CryptSvc - ok
17:26:25.0690 0900 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:26:25.0737 0900 DcomLaunch - ok
17:26:25.0783 0900 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:26:25.0799 0900 DfsC - ok
17:26:25.0908 0900 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:26:26.0033 0900 DFSR - ok
17:26:26.0080 0900 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:26:26.0111 0900 Dhcp - ok
17:26:26.0158 0900 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:26:26.0173 0900 disk - ok
17:26:26.0220 0900 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:26:26.0251 0900 Dnscache - ok
17:26:26.0267 0900 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:26:26.0314 0900 dot3svc - ok
17:26:26.0361 0900 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:26:26.0407 0900 DPS - ok
17:26:26.0454 0900 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:26:26.0485 0900 drmkaud - ok
17:26:26.0532 0900 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:26:26.0563 0900 dtsoftbus01 - ok
17:26:26.0626 0900 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:26:26.0673 0900 DXGKrnl - ok
17:26:26.0704 0900 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:26:26.0766 0900 E1G60 - ok
17:26:26.0766 0900 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:26:26.0813 0900 EapHost - ok
17:26:26.0829 0900 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:26:26.0844 0900 Ecache - ok
17:26:26.0907 0900 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:26:26.0922 0900 ehRecvr - ok
17:26:26.0953 0900 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:26:26.0985 0900 ehSched - ok
17:26:27.0016 0900 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:26:27.0031 0900 ehstart - ok
17:26:27.0047 0900 [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
17:26:27.0063 0900 ElbyCDFL - ok
17:26:27.0094 0900 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
17:26:27.0109 0900 ElbyCDIO - ok
17:26:27.0141 0900 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:26:27.0172 0900 elxstor - ok
17:26:27.0219 0900 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:26:27.0250 0900 EMDMgmt - ok
17:26:27.0281 0900 [ CD0C80E5E9A9BF8DD145F43713D77993 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
17:26:27.0297 0900 enecir - ok
17:26:27.0312 0900 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:26:27.0359 0900 ErrDev - ok
17:26:27.0421 0900 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:26:27.0468 0900 EventSystem - ok
17:26:27.0499 0900 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:26:27.0531 0900 exfat - ok
17:26:27.0562 0900 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:26:27.0593 0900 fastfat - ok
17:26:27.0624 0900 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:26:27.0655 0900 fdc - ok
17:26:27.0687 0900 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:26:27.0733 0900 fdPHost - ok
17:26:27.0733 0900 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:26:27.0796 0900 FDResPub - ok
17:26:27.0811 0900 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:26:27.0827 0900 FileInfo - ok
17:26:27.0858 0900 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:26:27.0889 0900 Filetrace - ok
17:26:27.0936 0900 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:27.0983 0900 flpydisk - ok
17:26:28.0014 0900 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:26:28.0030 0900 FltMgr - ok
17:26:28.0108 0900 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
17:26:28.0155 0900 FontCache - ok
17:26:28.0217 0900 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:28.0217 0900 FontCache3.0.0.0 - ok
17:26:28.0279 0900 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:26:28.0295 0900 Fs_Rec - ok
17:26:28.0311 0900 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:26:28.0326 0900 gagp30kx - ok
17:26:28.0373 0900 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:26:28.0373 0900 GEARAspiWDM - ok
17:26:28.0435 0900 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:26:28.0498 0900 gpsvc - ok
17:26:28.0513 0900 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:26:28.0576 0900 HdAudAddService - ok
17:26:28.0638 0900 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:28.0701 0900 HDAudBus - ok
17:26:28.0716 0900 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:26:28.0779 0900 HidBth - ok
17:26:28.0810 0900 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:26:28.0841 0900 HidIr - ok
17:26:28.0872 0900 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
17:26:28.0903 0900 hidserv - ok
17:26:28.0919 0900 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:26:28.0950 0900 HidUsb - ok
17:26:28.0966 0900 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:26:29.0013 0900 hkmsvc - ok
17:26:29.0028 0900 [ 158DDAC4AA0DFCF2E33B4F53CB5A20B9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:26:29.0044 0900 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
17:26:29.0044 0900 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
17:26:29.0059 0900 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:26:29.0075 0900 HpCISSs - ok
17:26:29.0091 0900 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
17:26:29.0091 0900 hpdskflt - ok
17:26:29.0122 0900 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:26:29.0122 0900 HpqKbFiltr - ok
17:26:29.0153 0900 [ 3E1CB5C4AFFA06B4B29E8FF12544CF23 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:26:29.0169 0900 hpqwmiex - ok
17:26:29.0184 0900 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe
17:26:29.0200 0900 hpsrv - ok
17:26:29.0278 0900 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:26:29.0293 0900 HTTP - ok
17:26:29.0340 0900 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:26:29.0356 0900 i2omp - ok
17:26:29.0356 0900 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:29.0387 0900 i8042prt - ok
17:26:29.0403 0900 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:26:29.0434 0900 iaStorV - ok
17:26:29.0465 0900 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:26:29.0465 0900 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:26:29.0465 0900 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:26:29.0543 0900 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:29.0590 0900 idsvc - ok
17:26:29.0824 0900 [ 7B0A679638E9380C0D8D42C7D43F8169 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:26:30.0167 0900 igfx - ok
17:26:30.0183 0900 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:26:30.0214 0900 iirsp - ok
17:26:30.0261 0900 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:26:30.0323 0900 IKEEXT - ok
17:26:30.0354 0900 [ C7C9720A5B0FD2B974FC4F72E405204B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
17:26:30.0370 0900 IntcHdmiAddService - ok
17:26:30.0401 0900 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
17:26:30.0417 0900 intelide - ok
17:26:30.0417 0900 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:26:30.0463 0900 intelppm - ok
17:26:30.0495 0900 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:26:30.0541 0900 IPBusEnum - ok
17:26:30.0588 0900 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:30.0619 0900 IpFilterDriver - ok
17:26:30.0666 0900 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:26:30.0682 0900 iphlpsvc - ok
17:26:30.0697 0900 IpInIp - ok
17:26:30.0713 0900 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:26:30.0760 0900 IPMIDRV - ok
17:26:30.0791 0900 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:26:30.0838 0900 IPNAT - ok
17:26:30.0869 0900 [ 056AB99A00E2023A24AB4F067880CC3E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:26:30.0900 0900 iPod Service - ok
17:26:30.0916 0900 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:26:30.0963 0900 IRENUM - ok
17:26:30.0978 0900 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:26:30.0994 0900 isapnp - ok
17:26:31.0041 0900 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:31.0072 0900 iScsiPrt - ok
17:26:31.0072 0900 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:26:31.0103 0900 iteatapi - ok
17:26:31.0103 0900 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:26:31.0119 0900 iteraid - ok
17:26:31.0150 0900 [ B33736B29D70DBD275B099BCD4F5C1BA ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:26:31.0181 0900 JMCR - ok
17:26:31.0197 0900 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:31.0212 0900 kbdclass - ok
17:26:31.0259 0900 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:31.0290 0900 kbdhid - ok
17:26:31.0306 0900 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:26:31.0337 0900 KeyIso - ok
17:26:31.0384 0900 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:26:31.0415 0900 KSecDD - ok
17:26:31.0431 0900 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:26:31.0477 0900 ksthunk - ok
17:26:31.0509 0900 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:26:31.0555 0900 KtmRm - ok
17:26:31.0602 0900 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:26:31.0618 0900 LanmanServer - ok
17:26:31.0665 0900 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:26:31.0680 0900 LanmanWorkstation - ok
17:26:31.0696 0900 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:26:31.0743 0900 lltdio - ok
17:26:31.0774 0900 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:26:31.0805 0900 lltdsvc - ok
17:26:31.0821 0900 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:26:31.0852 0900 lmhosts - ok
17:26:31.0867 0900 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:26:31.0883 0900 LSI_FC - ok
17:26:31.0899 0900 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:26:31.0914 0900 LSI_SAS - ok
17:26:31.0914 0900 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:26:31.0930 0900 LSI_SCSI - ok
17:26:31.0945 0900 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:26:31.0977 0900 luafv - ok
17:26:31.0992 0900 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:26:32.0008 0900 Mcx2Svc - ok
17:26:32.0023 0900 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:26:32.0039 0900 megasas - ok
17:26:32.0070 0900 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:26:32.0086 0900 MegaSR - ok
17:26:32.0117 0900 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:26:32.0148 0900 MMCSS - ok
17:26:32.0164 0900 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:26:32.0195 0900 Modem - ok
17:26:32.0242 0900 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:26:32.0304 0900 monitor - ok
17:26:32.0320 0900 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:26:32.0335 0900 mouclass - ok
17:26:32.0335 0900 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:26:32.0382 0900 mouhid - ok
17:26:32.0398 0900 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:26:32.0413 0900 MountMgr - ok
17:26:32.0491 0900 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:26:32.0507 0900 MozillaMaintenance - ok
17:26:32.0554 0900 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:26:32.0585 0900 MpFilter - ok
17:26:32.0601 0900 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:26:32.0616 0900 mpio - ok
17:26:32.0632 0900 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:26:32.0694 0900 mpsdrv - ok
17:26:32.0741 0900 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:26:32.0788 0900 MpsSvc - ok
17:26:32.0803 0900 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:26:32.0819 0900 Mraid35x - ok
17:26:32.0850 0900 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:26:32.0881 0900 MRxDAV - ok
17:26:32.0928 0900 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:32.0944 0900 mrxsmb - ok
17:26:33.0022 0900 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:33.0053 0900 mrxsmb10 - ok
17:26:33.0053 0900 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:33.0084 0900 mrxsmb20 - ok
17:26:33.0131 0900 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
17:26:33.0162 0900 msahci - ok
17:26:33.0162 0900 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:26:33.0178 0900 msdsm - ok
17:26:33.0209 0900 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:26:33.0256 0900 MSDTC - ok
17:26:33.0271 0900 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:26:33.0318 0900 Msfs - ok
17:26:33.0334 0900 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:26:33.0349 0900 msisadrv - ok
17:26:33.0365 0900 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:26:33.0427 0900 MSiSCSI - ok
17:26:33.0427 0900 msiserver - ok
17:26:33.0443 0900 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:26:33.0490 0900 MSKSSRV - ok
17:26:33.0552 0900 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:26:33.0568 0900 MsMpSvc - ok
17:26:33.0583 0900 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:33.0615 0900 MSPCLOCK - ok
17:26:33.0630 0900 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:26:33.0661 0900 MSPQM - ok
17:26:33.0708 0900 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:26:33.0724 0900 MsRPC - ok
17:26:33.0739 0900 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:33.0755 0900 mssmbios - ok
17:26:33.0771 0900 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:26:33.0802 0900 MSTEE - ok
17:26:33.0802 0900 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:26:33.0817 0900 Mup - ok
17:26:33.0880 0900 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:26:33.0911 0900 napagent - ok
17:26:33.0958 0900 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:26:33.0973 0900 NativeWifiP - ok
17:26:34.0036 0900 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:26:34.0067 0900 NDIS - ok
17:26:34.0083 0900 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:34.0114 0900 NdisTapi - ok
17:26:34.0114 0900 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:34.0145 0900 Ndisuio - ok
17:26:34.0192 0900 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:34.0239 0900 NdisWan - ok
17:26:34.0254 0900 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:26:34.0285 0900 NDProxy - ok
17:26:34.0301 0900 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:26:34.0332 0900 NetBIOS - ok
17:26:34.0379 0900 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:26:34.0395 0900 netbt - ok
17:26:34.0410 0900 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:26:34.0426 0900 Netlogon - ok
17:26:34.0457 0900 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:26:34.0504 0900 Netman - ok
17:26:34.0535 0900 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:26:34.0566 0900 netprofm - ok
17:26:34.0613 0900 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:34.0629 0900 NetTcpPortSharing - ok
17:26:34.0753 0900 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
17:26:34.0878 0900 NETw3v64 - ok
17:26:34.0878 0900 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:26:34.0894 0900 nfrd960 - ok
17:26:34.0941 0900 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:26:34.0972 0900 NisDrv - ok
17:26:35.0019 0900 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:26:35.0050 0900 NisSrv - ok
17:26:35.0081 0900 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:26:35.0128 0900 NlaSvc - ok
17:26:35.0175 0900 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:26:35.0206 0900 Npfs - ok
17:26:35.0221 0900 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:26:35.0268 0900 nsi - ok
17:26:35.0268 0900 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:26:35.0315 0900 nsiproxy - ok
17:26:35.0393 0900 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:26:35.0455 0900 Ntfs - ok
17:26:35.0487 0900 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:26:35.0487 0900 NuidFltr - ok
17:26:35.0502 0900 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:26:35.0533 0900 Null - ok
17:26:35.0549 0900 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:26:35.0565 0900 nvraid - ok
17:26:35.0580 0900 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:26:35.0596 0900 nvstor - ok
17:26:35.0627 0900 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:26:35.0643 0900 nv_agp - ok
17:26:35.0643 0900 NwlnkFlt - ok
17:26:35.0658 0900 NwlnkFwd - ok
17:26:35.0736 0900 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:26:35.0783 0900 odserv - ok
17:26:35.0814 0900 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:26:35.0877 0900 ohci1394 - ok
17:26:35.0892 0900 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:35.0908 0900 ose - ok
17:26:35.0970 0900 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:26:36.0001 0900 p2pimsvc - ok
17:26:36.0048 0900 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:26:36.0079 0900 p2psvc - ok
17:26:36.0126 0900 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:26:36.0189 0900 Parport - ok
17:26:36.0235 0900 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:26:36.0251 0900 partmgr - ok
17:26:36.0282 0900 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:26:36.0298 0900 PcaSvc - ok
17:26:36.0345 0900 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:26:36.0376 0900 pci - ok
17:26:36.0376 0900 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
17:26:36.0407 0900 pciide - ok
17:26:36.0423 0900 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:26:36.0454 0900 pcmcia - ok
17:26:36.0485 0900 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:26:36.0563 0900 PEAUTH - ok
17:26:36.0657 0900 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:26:36.0719 0900 PerfHost - ok
17:26:36.0766 0900 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:26:36.0859 0900 pla - ok
17:26:36.0891 0900 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:26:36.0937 0900 PlugPlay - ok
17:26:36.0969 0900 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:26:37.0000 0900 PNRPAutoReg - ok
17:26:37.0062 0900 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:26:37.0093 0900 PNRPsvc - ok
17:26:37.0171 0900 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:26:37.0218 0900 PolicyAgent - ok
17:26:37.0281 0900 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:26:37.0312 0900 PptpMiniport - ok
17:26:37.0343 0900 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:26:37.0390 0900 Processor - ok
17:26:37.0437 0900 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:26:37.0468 0900 ProfSvc - ok
17:26:37.0483 0900 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:37.0499 0900 ProtectedStorage - ok
17:26:37.0546 0900 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:26:37.0577 0900 PSched - ok
17:26:37.0608 0900 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:26:37.0671 0900 ql2300 - ok
17:26:37.0686 0900 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:26:37.0702 0900 ql40xx - ok
17:26:37.0733 0900 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:26:37.0749 0900 QWAVE - ok
17:26:37.0764 0900 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:26:37.0780 0900 QWAVEdrv - ok
17:26:37.0795 0900 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:26:37.0827 0900 RasAcd - ok
17:26:37.0842 0900 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:26:37.0873 0900 RasAuto - ok
17:26:37.0920 0900 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:37.0951 0900 Rasl2tp - ok
17:26:37.0983 0900 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:26:38.0014 0900 RasMan - ok
17:26:38.0061 0900 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:38.0076 0900 RasPppoe - ok
17:26:38.0123 0900 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:26:38.0139 0900 RasSstp - ok
17:26:38.0185 0900 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:26:38.0217 0900 rdbss - ok
17:26:38.0232 0900 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:38.0263 0900 RDPCDD - ok
17:26:38.0295 0900 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:26:38.0341 0900 rdpdr - ok
17:26:38.0341 0900 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:26:38.0373 0900 RDPENCDD - ok
17:26:38.0419 0900 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:26:38.0451 0900 RDPWD - ok
17:26:38.0482 0900 [ 6266D28705BC3F99E8BAC1F864C14E91 ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
17:26:38.0497 0900 Recovery Service for Windows - ok
17:26:38.0544 0900 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:26:38.0575 0900 RemoteAccess - ok
17:26:38.0622 0900 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:26:38.0653 0900 RemoteRegistry - ok
17:26:38.0700 0900 [ 72C35598BA591ABDDC37FCE7D26FE1C4 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:26:38.0716 0900 RFCOMM - ok
17:26:38.0778 0900 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:26:38.0794 0900 RichVideo - ok
17:26:38.0825 0900 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:26:38.0841 0900 RpcLocator - ok
17:26:38.0903 0900 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
17:26:38.0934 0900 RpcSs - ok
17:26:38.0981 0900 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:26:39.0012 0900 rspndr - ok
17:26:39.0028 0900 [ 390482953C63E81BAE52F20386394421 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:26:39.0059 0900 RTL8169 - ok
17:26:39.0075 0900 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:26:39.0090 0900 SamSs - ok
17:26:39.0153 0900 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:26:39.0153 0900 SASDIFSV - ok
17:26:39.0199 0900 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:26:39.0215 0900 SASKUTIL - ok
17:26:39.0231 0900 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:26:39.0246 0900 sbp2port - ok
17:26:39.0309 0900 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:26:39.0371 0900 SBSDWSCService - ok
17:26:39.0418 0900 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:26:39.0449 0900 SCardSvr - ok
17:26:39.0511 0900 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:26:39.0574 0900 Schedule - ok
17:26:39.0589 0900 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:26:39.0636 0900 SCPolicySvc - ok
17:26:39.0667 0900 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:26:39.0714 0900 sdbus - ok
17:26:39.0745 0900 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:26:39.0761 0900 SDRSVC - ok
17:26:39.0777 0900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:26:39.0839 0900 secdrv - ok
17:26:39.0855 0900 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:26:39.0901 0900 seclogon - ok
17:26:39.0917 0900 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
17:26:39.0964 0900 SENS - ok
17:26:39.0979 0900 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:26:40.0026 0900 Serenum - ok
17:26:40.0057 0900 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:26:40.0104 0900 Serial - ok
17:26:40.0135 0900 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:26:40.0167 0900 sermouse - ok
17:26:40.0198 0900 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:26:40.0229 0900 SessionEnv - ok
17:26:40.0260 0900 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:26:40.0291 0900 sffdisk - ok
17:26:40.0307 0900 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:26:40.0354 0900 sffp_mmc - ok
17:26:40.0369 0900 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:26:40.0401 0900 sffp_sd - ok
17:26:40.0416 0900 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:26:40.0463 0900 sfloppy - ok
17:26:40.0494 0900 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:26:40.0525 0900 SharedAccess - ok
17:26:40.0588 0900 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:40.0603 0900 ShellHWDetection - ok
17:26:40.0619 0900 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:26:40.0635 0900 SiSRaid2 - ok
17:26:40.0650 0900 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:26:40.0666 0900 SiSRaid4 - ok
17:26:40.0759 0900 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:26:40.0884 0900 slsvc - ok
17:26:40.0931 0900 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:26:40.0947 0900 SLUINotify - ok
17:26:41.0009 0900 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:26:41.0040 0900 Smb - ok
17:26:41.0071 0900 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:26:41.0087 0900 SNMPTRAP - ok
17:26:41.0134 0900 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:26:41.0149 0900 spldr - ok
17:26:41.0181 0900 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:26:41.0212 0900 Spooler - ok
17:26:41.0259 0900 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:26:41.0274 0900 srv - ok
17:26:41.0337 0900 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:26:41.0352 0900 srv2 - ok
17:26:41.0415 0900 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:26:41.0446 0900 srvnet - ok
17:26:41.0461 0900 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:26:41.0524 0900 SSDPSRV - ok
17:26:41.0571 0900 [ 78A4D20187B5C241C70AA8E9573B3A6C ] ssecbus C:\Windows\system32\DRIVERS\ssecbus.sys
17:26:41.0586 0900 ssecbus - ok
17:26:41.0633 0900 [ 6F65FFE86D515014E29FFF44DBBFA49A ] ssecmdfl C:\Windows\system32\DRIVERS\ssecmdfl.sys
17:26:41.0649 0900 ssecmdfl - ok
17:26:41.0695 0900 [ F4DB6272044F0023C5BA1E17DCC4BD5A ] ssecmdm C:\Windows\system32\DRIVERS\ssecmdm.sys
17:26:41.0711 0900 ssecmdm - ok
17:26:41.0727 0900 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:26:41.0758 0900 SstpSvc - ok
17:26:41.0851 0900 [ 60706B595C63B595DE05BA1B6EA008F8 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe
17:26:41.0867 0900 STacSV - ok
17:26:41.0898 0900 [ AA408EC8F77D3F5E745F5F7E5B133D8E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:26:41.0914 0900 STHDA - ok
17:26:41.0976 0900 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:26:42.0007 0900 stisvc - ok
17:26:42.0039 0900 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:26:42.0054 0900 swenum - ok
17:26:42.0101 0900 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:26:42.0148 0900 swprv - ok
17:26:42.0179 0900 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:26:42.0195 0900 Symc8xx - ok
17:26:42.0226 0900 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:26:42.0241 0900 Sym_hi - ok
17:26:42.0241 0900 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:26:42.0257 0900 Sym_u3 - ok
17:26:42.0319 0900 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:26:42.0382 0900 SysMain - ok
17:26:42.0413 0900 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:42.0444 0900 TabletInputService - ok
17:26:42.0491 0900 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:26:42.0538 0900 TapiSrv - ok
17:26:42.0553 0900 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:26:42.0600 0900 TBS - ok
17:26:42.0678 0900 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:26:42.0772 0900 Tcpip - ok
17:26:42.0834 0900 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:26:42.0912 0900 Tcpip6 - ok
17:26:42.0975 0900 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:26:43.0006 0900 tcpipreg - ok
17:26:43.0053 0900 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:26:43.0115 0900 TDPIPE - ok
17:26:43.0131 0900 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:26:43.0177 0900 TDTCP - ok
17:26:43.0240 0900 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:26:43.0271 0900 tdx - ok
17:26:43.0333 0900 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:26:43.0349 0900 TermDD - ok
17:26:43.0396 0900 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:26:43.0427 0900 TermService - ok
17:26:43.0443 0900 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:26:43.0458 0900 Themes - ok
17:26:43.0489 0900 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:26:43.0521 0900 THREADORDER - ok
17:26:43.0552 0900 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:26:43.0583 0900 TrkWks - ok
17:26:43.0645 0900 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:43.0677 0900 TrustedInstaller - ok
17:26:43.0692 0900 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:43.0739 0900 tssecsrv - ok
17:26:43.0739 0900 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:26:43.0770 0900 tunmp - ok
17:26:43.0801 0900 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:26:43.0817 0900 tunnel - ok
17:26:43.0895 0900 [ 4215ECFC15D265A8E6E1925084B80908 ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
17:26:43.0911 0900 TVCapSvc - ok
17:26:43.0926 0900 [ F386D56F1B6D70E0E4E70E494975D279 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
17:26:43.0942 0900 TVSched - ok
17:26:43.0957 0900 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:26:43.0973 0900 uagp35 - ok
17:26:44.0020 0900 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:26:44.0051 0900 udfs - ok
17:26:44.0082 0900 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:26:44.0129 0900 UI0Detect - ok
17:26:44.0145 0900 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:26:44.0160 0900 uliagpkx - ok
17:26:44.0191 0900 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:26:44.0223 0900 uliahci - ok
17:26:44.0238 0900 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:26:44.0254 0900 UlSata - ok
17:26:44.0269 0900 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:26:44.0285 0900 ulsata2 - ok
17:26:44.0301 0900 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:26:44.0347 0900 umbus - ok
17:26:44.0379 0900 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:26:44.0441 0900 upnphost - ok
17:26:44.0488 0900 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:26:44.0503 0900 usbaudio - ok
17:26:44.0550 0900 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:44.0581 0900 usbccgp - ok
17:26:44.0613 0900 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:26:44.0659 0900 usbcir - ok
17:26:44.0691 0900 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:26:44.0722 0900 usbehci - ok
17:26:44.0769 0900 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:26:44.0800 0900 usbhub - ok
17:26:44.0815 0900 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:26:44.0878 0900 usbohci - ok
17:26:44.0909 0900 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:26:44.0940 0900 usbprint - ok
17:26:44.0987 0900 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:26:45.0018 0900 usbscan - ok
17:26:45.0065 0900 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:45.0096 0900 USBSTOR - ok
17:26:45.0143 0900 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:26:45.0159 0900 usbuhci - ok
17:26:45.0174 0900 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:26:45.0221 0900 usbvideo - ok
17:26:45.0252 0900 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:26:45.0283 0900 UxSms - ok
17:26:45.0330 0900 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:26:45.0377 0900 vds - ok
17:26:45.0393 0900 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:45.0424 0900 vga - ok
17:26:45.0439 0900 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:26:45.0471 0900 VgaSave - ok
17:26:45.0517 0900 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
17:26:45.0533 0900 viaide - ok
17:26:45.0564 0900 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:26:45.0580 0900 volmgr - ok
17:26:45.0642 0900 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:26:45.0658 0900 volmgrx - ok
17:26:45.0720 0900 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:26:45.0751 0900 volsnap - ok
17:26:45.0767 0900 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:26:45.0783 0900 vsmraid - ok
17:26:45.0861 0900 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:26:45.0970 0900 VSS - ok
17:26:46.0017 0900 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:26:46.0079 0900 W32Time - ok
17:26:46.0110 0900 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:26:46.0188 0900 WacomPen - ok
17:26:46.0235 0900 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:26:46.0266 0900 Wanarp - ok
17:26:46.0266 0900 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:26:46.0313 0900 Wanarpv6 - ok
17:26:46.0344 0900 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:26:46.0375 0900 wcncsvc - ok
17:26:46.0422 0900 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:26:46.0469 0900 WcsPlugInService - ok
17:26:46.0485 0900 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:26:46.0500 0900 Wd - ok
17:26:46.0563 0900 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:26:46.0594 0900 Wdf01000 - ok
17:26:46.0625 0900 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:26:46.0672 0900 WdiServiceHost - ok
17:26:46.0672 0900 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:26:46.0734 0900 WdiSystemHost - ok
17:26:46.0750 0900 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:26:46.0765 0900 WebClient - ok
17:26:46.0797 0900 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:26:46.0828 0900 Wecsvc - ok
17:26:46.0843 0900 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:26:46.0875 0900 wercplsupport - ok
17:26:46.0890 0900 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:26:46.0921 0900 WerSvc - ok
17:26:46.0953 0900 WinDefend - ok
17:26:46.0968 0900 WinHttpAutoProxySvc - ok
17:26:47.0031 0900 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:26:47.0062 0900 Winmgmt - ok
17:26:47.0124 0900 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
17:26:47.0202 0900 WinRM - ok
17:26:47.0296 0900 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:26:47.0327 0900 Wlansvc - ok
17:26:47.0343 0900 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:26:47.0374 0900 WmiAcpi - ok
17:26:47.0436 0900 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:26:47.0483 0900 wmiApSrv - ok
17:26:47.0483 0900 WMPNetworkSvc - ok
17:26:47.0514 0900 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:26:47.0545 0900 WPCSvc - ok
17:26:47.0561 0900 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:26:47.0577 0900 WPDBusEnum - ok
17:26:47.0623 0900 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:26:47.0655 0900 WpdUsb - ok
17:26:47.0670 0900 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:26:47.0701 0900 ws2ifsl - ok
17:26:47.0748 0900 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
17:26:47.0764 0900 wscsvc - ok
17:26:47.0779 0900 WSearch - ok
17:26:47.0873 0900 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:26:47.0951 0900 wuauserv - ok
17:26:47.0982 0900 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:48.0029 0900 WUDFRd - ok
17:26:48.0045 0900 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:26:48.0076 0900 wudfsvc - ok
17:26:48.0107 0900 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
17:26:48.0154 0900 yukonx64 - ok
17:26:48.0169 0900 ================ Scan global ===============================
17:26:48.0185 0900 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:26:48.0232 0900 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:26:48.0263 0900 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:26:48.0325 0900 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:26:48.0325 0900 [Global] - ok
17:26:48.0325 0900 ================ Scan MBR ==================================
17:26:48.0325 0900 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:26:48.0466 0900 \Device\Harddisk1\DR1 - ok
17:26:48.0481 0900 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
17:26:48.0996 0900 \Device\Harddisk0\DR0 - ok
17:26:48.0996 0900 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:26:49.0168 0900 \Device\Harddisk1\DR1 - ok
17:26:49.0168 0900 ================ Scan VBR ==================================
17:26:49.0183 0900 [ C161A46B0D9C2310134E085985218A7B ] \Device\Harddisk1\DR1\Partition1
17:26:49.0183 0900 \Device\Harddisk1\DR1\Partition1 - ok
17:26:49.0183 0900 [ 2CCC589F00F233E0ECEB76F37B3A2DA4 ] \Device\Harddisk0\DR0\Partition1
17:26:49.0183 0900 \Device\Harddisk0\DR0\Partition1 - ok
17:26:49.0199 0900 [ FE4DF3A834D5DFBF294E3B43204F6F67 ] \Device\Harddisk0\DR0\Partition2
17:26:49.0199 0900 \Device\Harddisk0\DR0\Partition2 - ok
17:26:49.0199 0900 [ C161A46B0D9C2310134E085985218A7B ] \Device\Harddisk1\DR1\Partition1
17:26:49.0215 0900 \Device\Harddisk1\DR1\Partition1 - ok
17:26:49.0215 0900 ============================================================
17:26:49.0215 0900 Scan finished
17:26:49.0215 0900 ============================================================
17:26:49.0230 2124 Detected object count: 2
17:26:49.0230 2124 Actual detected object count: 2
17:27:14.0377 2124 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:14.0377 2124 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:14.0393 2124 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:14.0393 2124 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#8
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.18.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jeannene :: LAPTOP2 [administrator]

1/18/2013 5:46:12 PM
mbam-log-2013-01-18 (17-46-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223778
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Files Detected: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)
  • 0

#9
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
System scan completed without any complaints.


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/01/2013 6:25:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/01/2013 12:19:22 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/01/2013 6:28:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/01/2013 12:19:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL logfile created on: 1/18/2013 6:32:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeannene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 61.52% Memory free
8.03 Gb Paging File | 6.12 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 152.21 Gb Free Space | 53.14% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
Drive G: | 3.68 Gb Total Space | 3.58 Gb Free Space | 97.38% Space Free | Partition Type: FAT32

Computer Name: LAPTOP2 | User Name: Jeannene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 13:59:59 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/13 08:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeannene\Desktop\OTL.exe
PRC - [2012/12/25 07:32:05 | 001,683,608 | ---- | M] (Bandoo Media Inc) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2009/01/29 16:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 13:59:58 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/01/28 07:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 13:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 08:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/18 13:59:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/27 15:05:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/08 02:40:28 | 000,152,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecmdm.sys -- (ssecmdm)
DRV:64bit: - [2009/09/08 02:40:28 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecbus.sys -- (ssecbus)
DRV:64bit: - [2009/09/08 02:40:28 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecmdfl.sys -- (ssecmdfl)
DRV:64bit: - [2009/06/27 14:42:27 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/25 07:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/02/17 11:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/01/28 07:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/30 06:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 07:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 11:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/28 03:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 11:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 17:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003/09/15 10:57:35 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys -- (ElbyCDIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://search.live.c...ms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {018FD540-75AB-4000-A206-65664BBD9E54}
IE - HKCU\..\SearchScopes\{018FD540-75AB-4000-A206-65664BBD9E54}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3730E888-30A1-43FA-A6D2-509427C0CB46}: "URL" = http://www.amazon.co...y={searchTerms}
IE - HKCU\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT1419405.browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/01 00:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/18 19:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/13 12:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 14:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/16 16:03:32 | 000,000,000 | ---D | M]

[2012/12/28 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Extensions
[2013/01/18 15:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions
[2011/09/22 14:00:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/28 22:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/13 12:06:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/01/18 14:00:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/18 13:59:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/18 13:59:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Power Karaoke = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmaeahhdjjcpionggajmbcinfikbial\10.13.20.300_0\
CHR - Extension: avast! WebRep = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Poppit = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2013/01/18 17:16:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: amazon.com ([payments] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E75DF6-6745-4FA5-953C-181729413414}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7054C4-04E4-4870-8ED3-5CC837DC262C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Jeannene^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: NielsenOnline - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TSMAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: TVAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: WinPatrol - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 18:33:00 | 000,350,915 | ---- | C] (Farbar) -- C:\Users\Jeannene\Desktop\FSS.exe
[2013/01/18 18:19:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/18 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Roaming\Malwarebytes
[2013/01/18 17:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/18 17:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/18 17:44:45 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/18 17:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/18 17:42:21 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeannene\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/18 17:22:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeannene\Desktop\tdsskiller.exe
[2013/01/18 17:19:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/18 17:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/18 17:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/18 17:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/18 16:57:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/18 16:57:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/18 16:55:12 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Jeannene\Desktop\ComboFix.exe
[2013/01/18 15:08:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/18 14:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/18 14:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/16 19:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET
[2013/01/13 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/13 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/13 16:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/13 12:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/13 12:06:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/13 12:06:40 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/13 12:06:38 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/13 12:06:38 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/01/13 12:06:37 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/13 12:06:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/13 12:06:36 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/13 12:06:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/13 12:06:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/13 12:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/13 12:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/13 08:41:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeannene\Desktop\OTL.exe
[2013/01/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\MFAData
[2013/01/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\Avg2013
[2012/12/27 06:21:12 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/27 06:21:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/12/25 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/12/25 17:42:35 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/12/25 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2012/12/25 17:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/12/25 17:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2012/12/25 17:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\iLivid
[2012/12/21 03:00:49 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 03:00:49 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 03:00:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 03:00:48 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 18:33:01 | 000,350,915 | ---- | M] (Farbar) -- C:\Users\Jeannene\Desktop\FSS.exe
[2013/01/18 18:26:24 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/18 18:26:24 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/18 18:26:24 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/18 18:24:01 | 000,061,440 | ---- | M] ( ) -- C:\Users\Jeannene\Desktop\VEW.exe
[2013/01/18 18:19:09 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000UA.job
[2013/01/18 18:18:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 18:18:58 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 18:18:53 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeannene.job
[2013/01/18 18:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 18:18:35 | 4193,210,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 17:44:46 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 17:42:41 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeannene\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/18 17:22:49 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeannene\Desktop\tdsskiller.exe
[2013/01/18 17:16:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/18 16:55:22 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Jeannene\Desktop\ComboFix.exe
[2013/01/18 16:06:08 | 829,580,365 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/18 15:14:07 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/18 15:14:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/17 17:40:07 | 000,000,732 | ---- | M] () -- C:\Users\Jeannene\AppData\Local\d3d9caps64.dat
[2013/01/16 16:22:16 | 000,002,059 | ---- | M] () -- C:\Users\Jeannene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/16 16:22:16 | 000,002,057 | ---- | M] () -- C:\Users\Jeannene\Desktop\Google Chrome.lnk
[2013/01/13 16:52:40 | 005,636,096 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013/01/13 16:52:39 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2013/01/13 16:52:39 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2013/01/13 16:33:49 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/13 12:06:41 | 000,006,756 | ---- | M] () -- C:\Users\Jeannene\AppData\Local\d3d9caps.dat
[2013/01/13 08:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeannene\Desktop\OTL.exe
[2013/01/11 21:14:37 | 000,313,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 14:04:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000Core.job
[2013/01/07 21:29:06 | 000,010,258 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\wklnhst.dat
[2012/12/27 06:21:12 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/27 06:21:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 18:23:41 | 000,061,440 | ---- | C] ( ) -- C:\Users\Jeannene\Desktop\VEW.exe
[2013/01/18 17:44:46 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 17:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/18 17:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/18 17:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/18 17:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/18 17:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/18 16:37:07 | 4193,210,368 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/18 16:06:08 | 829,580,365 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/13 16:51:24 | 005,636,096 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013/01/13 16:51:24 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2013/01/13 16:51:24 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2013/01/13 16:33:49 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/13 12:06:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/13 12:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/11 17:11:51 | 000,000,732 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\d3d9caps64.dat
[2012/12/25 17:42:59 | 000,000,848 | ---- | C] () -- C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012/08/27 15:38:00 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/17 23:03:21 | 000,010,258 | ---- | C] () -- C:\Users\Jeannene\AppData\Roaming\wklnhst.dat
[2009/08/23 18:17:12 | 003,110,453 | ---- | C] () -- C:\Users\Jeannene\Burning CDGs From Any Drive.zip
[2009/08/17 23:22:08 | 000,006,756 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\d3d9caps.dat
[2009/07/26 14:34:25 | 000,020,480 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEVT-60ZCT1 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type:
Media Type: Removable Media
Model: JMCR SD/MMC SCSI Disk Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: HP psc 2175 USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 286.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 307526369280
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 4194304
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/02/02 13:11:52 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Adobe
[2010/06/26 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Apple Computer
[2010/12/02 10:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\AVG10
[2009/09/05 22:11:53 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\AVG8
[2009/09/27 11:49:35 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\avidemux
[2009/09/23 22:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\AVS4YOU
[2011/09/14 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\codeblocks
[2009/10/09 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/27 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\DAEMON Tools Lite
[2012/02/21 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\DivX
[2012/08/27 15:53:22 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Doblon
[2010/02/04 12:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\DriverCure
[2009/09/27 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\GetRightToGo
[2009/07/31 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\gtk-2.0
[2009/07/25 08:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Hewlett-Packard
[2009/07/24 22:09:41 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\HP TCS
[2012/02/11 13:46:36 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\HpUpdate
[2009/07/24 22:27:07 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Identities
[2009/07/25 06:21:55 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Macromedia
[2013/01/18 17:45:00 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Malwarebytes
[2006/11/02 09:07:25 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Media Center Programs
[2012/02/02 13:11:52 | 000,000,000 | --SD | M] -- C:\Users\Jeannene\AppData\Roaming\Microsoft
[2011/09/22 13:55:38 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Mozilla
[2009/10/14 08:55:15 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\muvee Technologies
[2011/01/06 22:29:26 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Netscape
[2010/10/17 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Registry Mechanic
[2013/01/13 16:33:52 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/16 17:16:00 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Template
[2009/09/28 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Uniblue
[2011/11/04 11:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\webex
[2010/12/19 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\WinPatrol
[2010/09/27 15:11:20 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\WinRAR
[2010/06/19 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Jeannene\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/05/31 23:09:54 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2009/05/31 23:09:54 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\erdnt\cache64\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 20:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 20:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/05/31 23:19:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/05/31 23:19:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/05/31 23:19:34 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/05/31 23:19:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/05/31 23:19:34 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/05/31 23:19:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/05/31 23:19:33 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/05/31 23:19:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/20 20:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 00:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache86\mswsock.dll
[2009/04/11 00:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 00:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 20:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 01:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\erdnt\cache64\mswsock.dll
[2009/04/11 01:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 01:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 20:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 20:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 20:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/20 20:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 20:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 20:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 20:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/20 20:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 20:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/20 20:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 20:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 20:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 20:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\erdnt\cache64\services.exe
[2009/04/11 01:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 01:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 20:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 20:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 20:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 20:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 00:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 00:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 03:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 03:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 03:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 05:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 05:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/18 13:59:56 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/18 13:59:56 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/18 13:59:56 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/01/18 13:59:59 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/01/18 13:59:59 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/18 13:59:59 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/09/14 14:05:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/09/14 14:05:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/09/14 14:05:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/14 14:04:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/14 14:04:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/14 14:04:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:13D63198
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements


#11
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL Extras logfile created on: 1/18/2013 6:32:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeannene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 61.52% Memory free
8.03 Gb Paging File | 6.12 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 152.21 Gb Free Space | 53.14% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
Drive G: | 3.68 Gb Total Space | 3.58 Gb Free Space | 97.38% Space Free | Partition Type: FAT32

Computer Name: LAPTOP2 | User Name: Jeannene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FE D9 89 8F DE 1D CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08807A40-D846-49C2-84E2-FEB6931FB9FF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1751EE74-D55E-44BB-870A-EDC0D258A2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{238663A4-1080-453D-8231-7D15651216DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{392146DF-2F33-4EB3-9EC0-A31EAA0B5FA6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{3F90F828-B55A-407C-9845-70C5AA3AC124}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{42E0F292-6488-476F-A505-464036745242}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{4B687811-3FD7-4C78-B21E-825893ADFA43}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{4DD81701-91A1-4CA0-BB7E-12E118ECAE95}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{53A80FCA-2BCF-4D7B-BB9E-65B9C7DEC885}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{63A49467-28DF-41F4-B4EE-C8C9A1EDC2EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{6B37B641-0DD1-49C6-B869-7359B5E50020}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{81653DF7-0246-4CCC-A0FE-35BB04CA9BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8A2A43DD-053A-4031-ABBF-F12CAE87CBFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8F7EA995-B5FF-444F-9039-971579C15A30}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{956F745C-3405-4532-BD6C-42D08787C162}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{95A0CF4C-D26B-444D-9BE1-7C0AD82C2D42}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9900C515-621C-4E75-9FA0-B91954BE976E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A3067D7E-C3D2-46F7-9942-4280D530AF43}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{A624390D-77C9-4355-9779-42BC6E594572}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{A6ACF740-1D11-42BF-84FC-2D64D1FAB11B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AC8ED305-1EBA-4F89-9F51-00AE3AC79F94}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{AFC5EC44-CF1D-4F4D-AEA0-D58D3DE35BEA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{CC0A1B13-3404-46B8-8868-698F82D0A63C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE4B6AF2-2514-4A73-8811-397FB1FEDBC2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{D53A13D0-2A57-4CF6-8552-FB6BC083CDF7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D68B3787-0B93-4431-B47A-D1E40AB623FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{D8E22D8C-E710-4994-926A-8CCD81F9BFC9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F6E87CB1-B1C9-419F-9D7C-BE2B435151B8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F8409635-7413-46EF-9CA7-35800896975E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FCC1545E-F101-46BC-A6A4-360A2CA1E79E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"TCP Query User{2366685F-08E1-4492-86AA-4A2464A028BD}C:\users\jeannene\desktop\leapftp.exe" = protocol=6 | dir=in | app=c:\users\jeannene\desktop\leapftp.exe |
"TCP Query User{99A30BD7-E783-4FA2-ABF3-38B530D2DC7E}C:\users\jeannene\desktop\leapftp.exe" = protocol=6 | dir=in | app=c:\users\jeannene\desktop\leapftp.exe |
"UDP Query User{26360D7B-D9DA-4EF8-B316-E655C6142276}C:\users\jeannene\desktop\leapftp.exe" = protocol=17 | dir=in | app=c:\users\jeannene\desktop\leapftp.exe |
"UDP Query User{5C8C04F9-A2AF-476F-A2FC-E916095274D6}C:\users\jeannene\desktop\leapftp.exe" = protocol=17 | dir=in | app=c:\users\jeannene\desktop\leapftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BC595C4-F736-4EB4-A1C0-32C7E81800F0}" = HP MediaSmart SmartMenu
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91" = ENE CIR Receiver Driver (12/30/2008 2.7.2.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{462DED50-EC2E-4237-ABCF-B5C463C0EE51}" = HP Wireless Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCC2636-CE26-4D08-9CFE-C052416AEE31}" = Microsoft Live Search Toolbar
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8101E/8168/8169 PCI/PCIe Adapters
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{917E1143-3C79-964E-2483-B10024C5064B}" = muvee Reveal
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD10345B-0DD2-4C67-BC2C-F0CA6680AB21}" = Power BibleCD 4.0a
"{D5D4BFD4-616C-4B0C-B28A-C84579CA3F2C}" = HP MediaSmart SlingPlayer
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF34837E-4ECB-4CDA-8E55-99BBAD70CEB6}" = HP Support Assistant
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CloneCD" = CloneCD
"DAEMON Tools Lite" = DAEMON Tools Lite
"DC-Bass Source" = DC-Bass Source 1.1.1
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"iLivid" = iLivid
"ilividtoolbarguid" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KaraFun Player_is1" = KaraFun Player
"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Online help of lcc-win32_is1" = Online help of lcc-win32
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Serif PagePlus 5.0" = Serif PagePlus 5.0
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ICDL Book Reader" = ICDL Book Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2013 8:19:22 PM | Computer Name = laptop2 | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 2/20/2010 12:53:16 AM | Computer Name = laptop2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 9096 seconds with 4800 seconds of active time. This session ended with a
crash.

Error - 2/20/2010 12:55:42 AM | Computer Name = laptop2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 65 seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/20/2011 3:27:09 PM | Computer Name = laptop2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 669548
seconds with 55800 seconds of active time. This session ended with a crash.

Error - 4/22/2011 9:48:52 PM | Computer Name = laptop2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 434 seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/18/2011 1:26:26 PM | Computer Name = laptop2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 157620
seconds with 3900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/18/2013 8:19:22 PM | Computer Name = laptop2 | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#12
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
This is the last log.

Farbar Service Scanner Version: 16-01-2013
Ran by Jeannene (administrator) on 18-01-2013 at 18:57:28
Running from "C:\Users\Jeannene\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-03-18 13:21] - [2009-04-11 01:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 10:37] - [2012-01-03 08:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 14:02] - [2012-03-30 06:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 18:05] - [2011-03-02 10:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-03-18 13:21] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-03-18 13:20] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2010-03-18 13:22] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-03-18 13:20] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-03-18 13:21] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2010-03-18 13:22] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-03-18 13:22] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:43] - [2012-06-01 18:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-03-18 13:22] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Run the FixIt at http://support.micro...;en-US;2545227. That should fix the one error you are showing.

Since you have Avast you should not have Microsoft Security Essentials so uninstall it. Also uninstall:

Java™ 6 Update 20
Java™ 6 Update 13 (64-bit) Your Java versions are obsolete and dangerous. All versions of Java are vulnerable to exploit so we recommend that if you can live without it (and most people can) that you not install it. If you must have it, it must be the latest version and you should use either Firefox with the no-script add-on or Chrome with the script-no add-on. Then only allow those websites that must have Java to use it.
Microsoft Live Search Toolbar -not needed and just slow the browser down
Adobe Reader X (10.1.5) (needs to be updated to 11.something. Get the latest reader at adobe.com. Do not let them install the Ask toolbar, Yahoo toolbar or McAfee Security Scan.
Adobe Flash Player 10 Plugin (To update this one you must use IE and go to adobe.com and get the latest Flash. There are two versions of Flash. One for IE and one for all other browsers.)
Eusing Free Registry Cleaner - never use a registry cleaner
Search-Results Toolbar -adware


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Tonight run an Avast boot-time scan if you haven't done so already:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours which is why I recommend letting it run while you sleep. (Mute the sound so it doesn't wake you when Windows loads.)
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt which you can copy and paste into a reply.

How is it running now?
  • 0

#14
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Do they have a fixit for Vista? I'm not sure what I'm fixin'


Uninstalled:
Java™ 6 Update 20
Java™ 6 Update 13 (64-bit)
Microsoft Live Search Toolbar
Eusing Free Registry Cleaner
Search-Results Toolbar


Adobe Reader X (10.1.5) says it's XI but the load says X so I didn't load it.

Adobe Flash Player 10 Plugin - Loaded
  • 0

#15
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
# AdwCleaner v2.106 - Logfile created 01/18/2013 at 21:00:15
# Updated 17/01/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Jeannene - LAPTOP2
# Boot Mode : Normal
# Running from : C:\Users\Jeannene\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\search results toolbar
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\Users\Jeannene\AppData\Local\Conduit
Deleted on reboot : C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmaeahhdjjcpionggajmbcinfikbial
Deleted on reboot : C:\Users\Jeannene\AppData\Local\Ilivid
Deleted on reboot : C:\Users\Jeannene\AppData\LocalLow\AVG Security Toolbar
Deleted on reboot : C:\Users\Jeannene\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\Jeannene\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Deleted on reboot : C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\Smartbar
File Deleted : C:\END
File Deleted : C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\bprotector_extensions.sqlite

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\agmaeahhdjjcpionggajmbcinfikbial
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\agmaeahhdjjcpionggajmbcinfikbial
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\prefs.js

C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\user.js ... Deleted !

Deleted : user_pref("CT1419405.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT1419405.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT1419405.1000082.state", "{\"state\":\"stopped\",\"text\":\"Undercove...\",\"description[...]
Deleted : user_pref("CT1419405.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT1419405.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1419405.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT1419405.FirstTime", "true");
Deleted : user_pref("CT1419405.FirstTimeFF3", "true");
Deleted : user_pref("CT1419405.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT1419405.RevertSettingsEnabled", true);
Deleted : user_pref("CT1419405.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT141[...]
Deleted : user_pref("CT1419405.ShoppingApp.GK.Exipres.enc", "RnJpIEphbiAxOCAyMDEzIDE3OjAyOjMxIEdNVC0wNjAwIChDZ[...]
Deleted : user_pref("CT1419405.ShoppingApp.GK.GeoLocation.enc", "dW5pdGVkIHN0YXRlcw==");
Deleted : user_pref("CT1419405.UserID", "UN64401743984008472");
Deleted : user_pref("CT1419405.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT1419405.autoDisableScopes", 0);
Deleted : user_pref("CT1419405.browser.search.defaultthis.engineName", "");
Deleted : user_pref("CT1419405.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT1419405.cbfirsttime.enc", "U3VuIERlYyAyMyAyMDEyIDE5OjMzOjM3IEdNVC0wNjAwIChDZW50cmFsIFN0[...]
Deleted : user_pref("CT1419405.defaultSearch", "true");
Deleted : user_pref("CT1419405.embeddedsData", "[{\"appId\":\"128437591452300917\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT1419405.enableAlerts", "always");
Deleted : user_pref("CT1419405.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT1419405.firstTimeDialogOpened", "true");
Deleted : user_pref("CT1419405.fixPageNotFoundError", "true");
Deleted : user_pref("CT1419405.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT1419405.fixUrls", true);
Deleted : user_pref("CT1419405.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT1419405.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT1419405.isCheckedStartAsHidden", true);
Deleted : user_pref("CT1419405.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1419405.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT1419405.isNewTabEnabled", true);
Deleted : user_pref("CT1419405.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT1419405.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1419405.keyword", true);
Deleted : user_pref("CT1419405.migrateAppsAndComponents", true);
Deleted : user_pref("CT1419405.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT1419405.openThankYouPage", "false");
Deleted : user_pref("CT1419405.openUninstallPage", "true");
Deleted : user_pref("CT1419405.search.searchAppId", "128437591452300917");
Deleted : user_pref("CT1419405.search.searchCount", "1");
Deleted : user_pref("CT1419405.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT1419405.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1419405.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT1419405.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT1419405.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT1419405.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1419405.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1419405.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT1419405.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT1419405.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358118262711");
Deleted : user_pref("CT1419405.serviceLayer_services_appsMetadata_lastUpdate", "1358118262548");
Deleted : user_pref("CT1419405.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358118262616");
Deleted : user_pref("CT1419405.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356312812225");
Deleted : user_pref("CT1419405.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358539375457");
Deleted : user_pref("CT1419405.serviceLayer_services_optimizer_lastUpdate", "1356312816220");
Deleted : user_pref("CT1419405.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358118262665");
Deleted : user_pref("CT1419405.serviceLayer_services_searchAPI_lastUpdate", "1358118263880");
Deleted : user_pref("CT1419405.serviceLayer_services_serviceMap_lastUpdate", "1358464014003");
Deleted : user_pref("CT1419405.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358118262586");
Deleted : user_pref("CT1419405.serviceLayer_services_toolbarSettings_lastUpdate", "1358539375164");
Deleted : user_pref("CT1419405.serviceLayer_services_translation_lastUpdate", "1358464014205");
Deleted : user_pref("CT1419405.settingsINI", true);
Deleted : user_pref("CT1419405.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT1419405.smartbar.CTID", "CT1419405");
Deleted : user_pref("CT1419405.smartbar.Uninstall", "0");
Deleted : user_pref("CT1419405.smartbar.homepage", true);
Deleted : user_pref("CT1419405.smartbar.isHidden", true);
Deleted : user_pref("CT1419405.smartbar.toolbarName", "Power Karaoke ");
Deleted : user_pref("CT1419405.startPage", "TRUE");
Deleted : user_pref("CT1419405.toolbarBornServerTime", "24-12-2012");
Deleted : user_pref("CT1419405.toolbarCurrentServerTime", "18-1-2013");
Deleted : user_pref("CT1419405.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT1419405.url_history0001.enc", "aHR0cDovL3RoZWdvb2RzZWVkLmNvbS9uZWVkYWhhbmQvYWRkb25zLzo6[...]
Deleted : user_pref("CT1419405_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1419405&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1419405");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1419405&SearchSource=13");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Deleted [l.58] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid[...]
Deleted [l.1691] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.1937] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[S1].txt - [12240 octets] - [18/01/2013 21:00:15]

########## EOF - C:\AdwCleaner[S1].txt - [12301 octets] ##########
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP