Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus Luhe.Sirefef.A - trouble completing AVG, Malowarebytes, CCleaner

Started by joy2mac , Apr 03 2013 03:35 PM

This topic is locked

#1
joy2mac

Posted 03 April 2013 - 03:35 PM

Member

Member
44 posts

Hi, and thank you for your time!

Below are details of my problem. Please note I tried to run the OTL log for 1.75 hours but it kept scanning and would not produce a log. It was scanning Temporary Internet Files Content IE5 when I stopped it.

COMPUTER
HP Pavilion dv6 Notebook PC
Windows 7 Home Premium, Service Pack 1
64-bit operating system

PROBLEM
I cannot successfully run AVG Anti-Virus (scans continuously for hours), Malowarebytes (freezes), nor CCleaner (scans continuously for hours). I believe these are signs my computer is not totally rid of the virus it had/has.

SYMPTOMS OF VIRUS
Autoclick function selected a link in the sidebar of a celebrity gossip website page. Pop-up appeared in bottom of computer screen saying Symantec Detected Potentially Harmful element and to click on it for more information. At one point this prompt named Trojan: Win32/Sirefef.AN as the virus. A McAfee dialogue box appeared on my screen and started scanning for viruses, then prompted me to purchase software. Later on, my computer started shutting down without notice. When watching NetFlix, my computer made scratchy sounds, showed coding language in black and white on the screen, then shut down without notice. These shutdowns occurred approximately 4 times.

RESOURCE USED FOR ADVICE
hxxp://www.selectrealsecurity.com/malware-removal-guide/

MAIN VIRUSES FOUND
Luhe.Sirefef.A (removed via HitManPro 3.7)
Trojan: Win32/Sirefef.AN (pop-up no longer appears in my monitor after HitManPro 3.7 used)
Script/Generic (removed via AVG Anti-Virus)
CouponBar (removed with SkyBot Search and Destroy)

SUCCESSFUL SCANS
TDSS Killer: no threats found
HITMAN PRO 3.7: 98 threats detected and deleted including Luhe.Sirefef.A
ADW Cleaner: report says "registry is clean"
SkyBot Search and Destroy: removed 11 threats called CouponBar

UNSUCCESSFUL SCANS

AVG Anti-Virus: Identified Luhe.Sirefef.A and Script/Generic. Continued scanning for 11.5 hours but progress stalled at 79% progress for 9 of these hours. When I stopped the scan it was scanning C:\Users\jmacbeth\AppData\Lo…\impCADS7E7D.js. I have a feeling these are Temporary Internet files.

MALWAREBYTES: Quick Scan freezes about 2.5 minutes into scan. I have run this scan many times and it keeps freezing while scanning C:\Users\jmacbeth\AppData\Local\Microsoft\Windows\TermporaryInternetFiles\Content.IE5 files

CCLEANER: System ran for 2 hours but progress will not surpass 0%. When I stop the scan the report says that Internet Explorer Temporary Internet files have been removed.

OTHER ACTIONS
Deleted Temporary Internet Files by visiting Tools menu of Internet Explorer and Firefox.
Deleted Temporary Internet Files by typing C:\users\jmacbeth\local settings\temporary internet files\content.IE5 in Folder address line and deleting contents.
Conducted disk cleanup for C: drive (thumb nails and temporary files)

Thank you again for your time and I look forward to your response,
joy2mac

#2
Essexboy

Posted 03 April 2013 - 03:43 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi lets have a look outside of windows

Download the following three programmes to your desktop :

1. Rufus

For 64bit systems
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus
Posted Image

Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image

Then copy FRST to the same USB

Posted Image

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

#3
joy2mac

Posted 03 April 2013 - 05:16 PM

Member

Topic Starter
Member
44 posts

Thank you for the rapid response! Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 21 days old)
Ran by SYSTEM at 03-04-2013 16:05:45
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-11-28] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-20] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2010-01-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [kmw_run.exe] kmw_run.exe [x]
HKLM-x32\...\Run: [MSWheel] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1219248 2013-04-02] ()
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKU\jmacbeth\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\RSIGuard Stretch Edition.lnk
ShortcutTarget: RSIGuard Stretch Edition.lnk -> C:\Program Files (x86)\RSIGuard\RSIGuard.exe ()

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-20] (IDT, Inc.)
2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-02] ()

==================== Drivers (Whitelisted) =====================

3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-04-02] (AVG Technologies)
3 KMW_KBD; C:\Windows\SysWow64\Drivers\KMW_KBD.sys [5248 2003-12-01] (Kensington Technology Group)
4 eabfiltr; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-03 14:19 - 2013-04-03 14:19 - 00000000 ____D C:\FRST
2013-04-03 14:08 - 2013-04-03 14:08 - 01466241 ____A (Farbar) C:\Users\jmacbeth\Downloads\FRST64.exe
2013-04-03 14:00 - 2013-04-03 14:04 - 172855296 ____A C:\Users\jmacbeth\Downloads\win7 64bit rc.iso
2013-04-03 13:52 - 2013-04-03 13:52 - 00453048 ____A (Akeo Consulting (http://akeo.ie)) C:\Users\jmacbeth\Downloads\rufus_v1.3.2.exe
2013-04-03 11:35 - 2013-04-03 11:36 - 00602112 ____A (OldTimer Tools) C:\Users\jmacbeth\Downloads\OTL.scr
2013-04-03 09:52 - 2013-04-03 09:52 - 00602112 ____A (OldTimer Tools) C:\Users\jmacbeth\Downloads\OTL.exe
2013-04-03 07:33 - 2013-04-03 07:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-04-03 07:33 - 2013-04-03 07:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-04-03 07:33 - 2013-04-03 07:33 - 00001262 ____A C:\Users\jmacbeth\Desktop\Spybot - Search & Destroy.lnk
2013-04-03 07:31 - 2013-04-03 07:31 - 16409960 ____A (Safer Networking Limited ) C:\Users\jmacbeth\Downloads\spybotsd162.exe
2013-04-02 20:59 - 2013-04-02 20:59 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\AVG2013
2013-04-02 20:58 - 2013-04-02 20:58 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-04-02 20:58 - 2013-04-02 20:58 - 00000224 ____A C:\Windows\Tasks\SidebarExecute.job
2013-04-02 20:58 - 2013-04-02 20:58 - 00000000 ___HD C:\$AVG
2013-04-02 20:58 - 2013-04-02 20:58 - 00000000 ____D C:\ProgramData\AVG2013
2013-04-02 20:57 - 2013-04-02 20:57 - 00000000 ____D C:\Program Files (x86)\AVG
2013-04-02 20:51 - 2013-04-02 21:03 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\Avg2013
2013-04-02 20:51 - 2013-04-02 20:51 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet(3).exe
2013-04-02 20:28 - 2013-04-02 20:31 - 09737544 ____A (SurfRight B.V.) C:\Users\jmacbeth\Downloads\HitmanPro_x64(1).exe
2013-04-02 16:32 - 2013-04-02 16:32 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-02 16:32 - 2013-04-02 16:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-02 16:32 - 2012-12-14 15:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-02 16:31 - 2013-04-02 16:32 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100(3).exe
2013-04-02 16:16 - 2013-04-02 16:16 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-04-02 16:16 - 2013-04-02 16:16 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-04-02 16:08 - 2013-04-02 16:17 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\AVG Secure Search
2013-04-02 16:04 - 2013-04-02 16:04 - 00005026 ____A C:\AdwCleaner[S1].txt
2013-04-02 16:04 - 2013-04-02 16:04 - 00000121 ____A C:\Windows\DeleteOnReboot.bat
2013-04-02 16:03 - 2013-04-02 16:03 - 00613083 ____A C:\Users\jmacbeth\Downloads\adwcleaner.exe
2013-04-02 15:51 - 2013-04-02 15:51 - 00003834 ____A C:\Windows\System32\.crusader
2013-04-02 15:27 - 2013-04-02 15:56 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-02 15:26 - 2013-04-02 15:27 - 09737544 ____A (SurfRight B.V.) C:\Users\jmacbeth\Downloads\HitmanPro_x64.exe
2013-04-02 15:22 - 2013-04-02 15:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\jmacbeth\Downloads\tdsskiller.exe
2013-04-02 14:18 - 2013-04-02 15:59 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForjmacbeth.job
2013-04-02 14:03 - 2013-04-02 14:03 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-04-02 14:00 - 2013-04-02 14:00 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-02 13:51 - 2013-04-02 13:51 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-04-02 13:44 - 2013-04-02 13:44 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet(2).exe
2013-04-02 13:43 - 2013-04-02 13:43 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\AVG SafeGuard toolbar
2013-04-02 13:38 - 2013-04-02 21:04 - 00000177 ____A C:\Users\jmacbeth\Desktop\avgrep.txt
2013-04-02 13:35 - 2013-04-02 16:16 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-04-02 13:35 - 2013-04-02 13:35 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-04-02 13:29 - 2013-04-02 13:30 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet(1).exe
2013-04-02 13:07 - 2013-04-02 13:07 - 00666624 ____A C:\Users\jmacbeth\Downloads\MicrosoftFixit50472(1).msi
2013-04-02 13:01 - 2013-04-02 13:01 - 00666624 ____A C:\Users\jmacbeth\Downloads\MicrosoftFixit50472.msi
2013-04-02 08:46 - 2013-04-02 08:46 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-02 08:46 - 2013-04-02 08:46 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-04-02 08:46 - 2013-04-02 08:46 - 00000000 ____D C:\Program Files\CCleaner
2013-04-02 08:44 - 2013-04-02 08:44 - 04316280 ____A (Piriform Ltd) C:\Users\jmacbeth\Downloads\ccsetup400.exe
2013-04-01 23:03 - 2013-04-01 23:03 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100(2).exe
2013-04-01 23:02 - 2013-04-01 23:02 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100(1).exe
2013-04-01 17:26 - 2013-04-01 17:26 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\Malwarebytes
2013-04-01 17:26 - 2013-04-01 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-04-01 17:25 - 2013-04-01 17:25 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100.exe
2013-04-01 13:41 - 2013-04-01 13:41 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\TuneUp Software
2013-04-01 13:30 - 2013-04-02 21:10 - 00000000 ____D C:\ProgramData\MFAData
2013-04-01 13:30 - 2013-04-01 13:30 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet.exe
2013-04-01 13:30 - 2013-04-01 13:30 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\MFAData
2013-03-27 18:50 - 2013-03-27 18:50 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-27 18:39 - 2013-03-27 18:39 - 00296192 ____A C:\Windows\Minidump\032713-23041-01.dmp
2013-03-20 12:31 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-03-20 12:31 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-03-20 12:31 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-03-20 12:31 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-03-20 12:31 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-03-20 12:31 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-03-20 12:31 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-03-20 12:31 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-03-20 12:31 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-03-20 12:31 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-03-20 12:31 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-03-20 12:31 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-03-20 12:31 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-03-20 12:31 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-03-20 12:31 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-03-20 12:31 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-03-20 12:31 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-03-20 12:31 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-03-20 12:30 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-20 12:23 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-19 19:52 - 2013-03-19 19:52 - 00000000 ____D C:\Windows\System32\SPReview
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-03-14 10:06 - 2013-03-14 10:06 - 00105016 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\jmacbeth\Downloads\g2m_download.exe
2013-03-13 21:48 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-13 21:48 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-13 21:48 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-13 21:48 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-13 21:48 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-13 21:48 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-13 21:48 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-13 21:48 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-13 21:48 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-13 21:48 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-13 21:48 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-13 21:48 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-13 21:48 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-13 21:48 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-13 21:48 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-13 21:48 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-13 21:48 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-13 21:48 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-13 21:48 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-13 21:48 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-13 21:48 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-13 21:48 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-13 21:48 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-13 21:48 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-13 21:48 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-13 21:48 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-13 21:48 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-13 21:48 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-13 21:48 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-13 21:48 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-13 21:48 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-13 21:48 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-13 21:47 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-13 21:47 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-08 10:55 - 2013-03-08 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-04-03 14:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-03 14:58 - 2009-07-13 20:51 - 00122983 ____A C:\Windows\setupact.log
2013-04-03 14:51 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-03 14:51 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-03 14:30 - 2013-04-03 14:26 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-04-03 14:19 - 2013-04-03 14:19 - 00000000 ____D C:\FRST
2013-04-03 14:08 - 2013-04-03 14:08 - 01466241 ____A (Farbar) C:\Users\jmacbeth\Downloads\FRST64.exe
2013-04-03 14:04 - 2013-04-03 14:00 - 172855296 ____A C:\Users\jmacbeth\Downloads\win7 64bit rc.iso
2013-04-03 13:58 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-03 13:52 - 2013-04-03 13:52 - 00453048 ____A (Akeo Consulting (http://akeo.ie)) C:\Users\jmacbeth\Downloads\rufus_v1.3.2.exe
2013-04-03 13:52 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-04-03 13:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-04-03 11:36 - 2013-04-03 11:35 - 00602112 ____A (OldTimer Tools) C:\Users\jmacbeth\Downloads\OTL.scr
2013-04-03 09:52 - 2013-04-03 09:52 - 00602112 ____A (OldTimer Tools) C:\Users\jmacbeth\Downloads\OTL.exe
2013-04-03 09:22 - 2010-02-09 01:26 - 01803728 ____A C:\Windows\WindowsUpdate.log
2013-04-03 07:56 - 2013-04-03 07:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-04-03 07:36 - 2013-04-03 07:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-04-03 07:33 - 2013-04-03 07:33 - 00001262 ____A C:\Users\jmacbeth\Desktop\Spybot - Search & Destroy.lnk
2013-04-03 07:31 - 2013-04-03 07:31 - 16409960 ____A (Safer Networking Limited ) C:\Users\jmacbeth\Downloads\spybotsd162.exe
2013-04-03 06:56 - 2012-04-27 13:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-03 06:42 - 2011-10-24 17:11 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-02 21:10 - 2013-04-01 13:30 - 00000000 ____D C:\ProgramData\MFAData
2013-04-02 21:06 - 2012-04-29 13:31 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\RSIGuard
2013-04-02 21:05 - 2011-10-24 17:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-02 21:04 - 2013-04-02 13:38 - 00000177 ____A C:\Users\jmacbeth\Desktop\avgrep.txt
2013-04-02 21:03 - 2013-04-02 20:51 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\Avg2013
2013-04-02 20:59 - 2013-04-02 20:59 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\AVG2013
2013-04-02 20:58 - 2013-04-02 20:58 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-04-02 20:58 - 2013-04-02 20:58 - 00000224 ____A C:\Windows\Tasks\SidebarExecute.job
2013-04-02 20:58 - 2013-04-02 20:58 - 00000000 ___HD C:\$AVG
2013-04-02 20:58 - 2013-04-02 20:58 - 00000000 ____D C:\ProgramData\AVG2013
2013-04-02 20:57 - 2013-04-02 20:57 - 00000000 ____D C:\Program Files (x86)\AVG
2013-04-02 20:51 - 2013-04-02 20:51 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet(3).exe
2013-04-02 20:31 - 2013-04-02 20:28 - 09737544 ____A (SurfRight B.V.) C:\Users\jmacbeth\Downloads\HitmanPro_x64(1).exe
2013-04-02 16:44 - 2010-02-09 01:31 - 00215464 ____A C:\Windows\PFRO.log
2013-04-02 16:32 - 2013-04-02 16:32 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-02 16:32 - 2013-04-02 16:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-02 16:32 - 2013-04-02 16:31 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100(3).exe
2013-04-02 16:17 - 2013-04-02 16:08 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\AVG Secure Search
2013-04-02 16:16 - 2013-04-02 16:16 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-04-02 16:16 - 2013-04-02 16:16 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-04-02 16:16 - 2013-04-02 13:35 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-04-02 16:04 - 2013-04-02 16:04 - 00005026 ____A C:\AdwCleaner[S1].txt
2013-04-02 16:04 - 2013-04-02 16:04 - 00000121 ____A C:\Windows\DeleteOnReboot.bat
2013-04-02 16:03 - 2013-04-02 16:03 - 00613083 ____A C:\Users\jmacbeth\Downloads\adwcleaner.exe
2013-04-02 15:59 - 2013-04-02 14:18 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForjmacbeth.job
2013-04-02 15:56 - 2013-04-02 15:27 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-02 15:51 - 2013-04-02 15:51 - 00003834 ____A C:\Windows\System32\.crusader
2013-04-02 15:27 - 2013-04-02 15:26 - 09737544 ____A (SurfRight B.V.) C:\Users\jmacbeth\Downloads\HitmanPro_x64.exe
2013-04-02 15:22 - 2013-04-02 15:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\jmacbeth\Downloads\tdsskiller.exe
2013-04-02 14:17 - 2010-01-09 15:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-02 14:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-04-02 14:03 - 2013-04-02 14:03 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-04-02 14:02 - 2010-01-09 15:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-04-02 14:01 - 2010-02-26 13:11 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\hpqLog
2013-04-02 14:00 - 2013-04-02 14:00 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-02 13:59 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
2013-04-02 13:51 - 2013-04-02 13:51 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-04-02 13:44 - 2013-04-02 13:44 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet(2).exe
2013-04-02 13:43 - 2013-04-02 13:43 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\AVG SafeGuard toolbar
2013-04-02 13:35 - 2013-04-02 13:35 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-04-02 13:30 - 2013-04-02 13:29 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet(1).exe
2013-04-02 13:07 - 2013-04-02 13:07 - 00666624 ____A C:\Users\jmacbeth\Downloads\MicrosoftFixit50472(1).msi
2013-04-02 13:01 - 2013-04-02 13:01 - 00666624 ____A C:\Users\jmacbeth\Downloads\MicrosoftFixit50472.msi
2013-04-02 08:47 - 2010-06-16 20:46 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\Google
2013-04-02 08:46 - 2013-04-02 08:46 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-02 08:46 - 2013-04-02 08:46 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-04-02 08:46 - 2013-04-02 08:46 - 00000000 ____D C:\Program Files\CCleaner
2013-04-02 08:46 - 2010-06-16 20:46 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-02 08:44 - 2013-04-02 08:44 - 04316280 ____A (Piriform Ltd) C:\Users\jmacbeth\Downloads\ccsetup400.exe
2013-04-01 23:03 - 2013-04-01 23:03 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100(2).exe
2013-04-01 23:02 - 2013-04-01 23:02 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100(1).exe
2013-04-01 22:49 - 2010-02-09 01:50 - 00000000 ____D C:\ProgramData\Norton
2013-04-01 17:26 - 2013-04-01 17:26 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\Malwarebytes
2013-04-01 17:26 - 2013-04-01 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-04-01 17:25 - 2013-04-01 17:25 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\jmacbeth\Downloads\mbam-setup-1.70.0.1100.exe
2013-04-01 13:41 - 2013-04-01 13:41 - 00000000 ____D C:\Users\jmacbeth\AppData\Roaming\TuneUp Software
2013-04-01 13:30 - 2013-04-01 13:30 - 04444736 ____A (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2013_3267_cnet.exe
2013-04-01 13:30 - 2013-04-01 13:30 - 00000000 ____D C:\Users\jmacbeth\AppData\Local\MFAData
2013-03-27 18:50 - 2013-03-27 18:50 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-27 18:39 - 2013-03-27 18:39 - 00296192 ____A C:\Windows\Minidump\032713-23041-01.dmp
2013-03-27 18:39 - 2010-04-03 14:39 - 00000000 ____D C:\Windows\Minidump
2013-03-25 20:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-25 15:31 - 2010-03-05 14:14 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-03-22 16:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-22 13:08 - 2009-07-13 20:45 - 02999432 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-03-20 12:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-03-20 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-03-20 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-03-19 20:02 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-03-19 20:02 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-03-19 19:52 - 2013-03-19 19:52 - 00000000 ____D C:\Windows\System32\SPReview
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-03-14 10:06 - 2013-03-14 10:06 - 00105016 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\jmacbeth\Downloads\g2m_download.exe
2013-03-13 21:50 - 2010-03-07 21:09 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-13 21:50 - 2010-01-09 16:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-13 21:47 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-13 21:47 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 13:56 - 2012-04-27 13:26 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-12 13:56 - 2011-05-31 20:02 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-11 11:24 - 2012-05-04 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-08 10:55 - 2013-03-08 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-02 13:48:44
Restore point made on: 2013-04-02 13:49:22
Restore point made on: 2013-04-02 14:01:07
Restore point made on: 2013-04-02 14:14:55
Restore point made on: 2013-04-02 14:15:52
Restore point made on: 2013-04-02 16:15:22
Restore point made on: 2013-04-02 16:24:01
Restore point made on: 2013-04-02 16:25:36

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8182.87 MB
Available physical RAM: 7343.72 MB
Total Pagefile: 8181.02 MB
Available Pagefile: 7340.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:452.2 GB) (Free:232.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.27 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: (ReatogoPE) (Removable) (Total:0.47 GB) (Free:0.28 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 483 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 094B8C03

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 452 GB 200 MB
Partition 3 Primary 13 GB 452 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 452 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 005E2185

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 482 MB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I ReatogoPE NTFS Removable 482 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 094B8C03

Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB

Partition 2:
=========
Hex: 007E261907FEFFFF0040060000408638
Active: NO
Type: 07 (NTFS)
Size: 452 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00808C3800A0A801
Active: NO
Type: 07 (NTFS)
Size: 13 GB

Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF0020353A30380300
Active: NO
Type: 0C
Size: 103 MB

==============================
Partitions of Disk 1:
===============
Disk ID: 005E2185

Partition 1:
=========
Hex: 8020210007FE3F3C0008000091160F00
Active: YES
Type: 07 (NTFS)
Size: 483 MB

Last Boot: 2013-03-25 20:14

==================== End Of Log =============================

#4
Essexboy

Posted 04 April 2013 - 06:52 AM

GeekU Moderator

Retired Staff
69,964 posts

From outside of windows it looks good, so can you access safe mode ?

If so then run the following from safe mode

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

Again from safe mode

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#5
joy2mac

Posted 04 April 2013 - 12:40 PM

Member

Topic Starter
Member
44 posts

Hi, and thank you for the post.

All the following was done in Safe Mode:

TFC by Old Timer
Successfully cleaned the system. It froze after it completed the cleanse. I rebooted the computer and ran the scan again to double check that all folders were down to 0 bytes, which they were.

Then system reboot in safe mode.

OTL
I ran this scan twice (20 minutes the first time and 40 minutes the second time). Both times it continuously ran at the following until I rebooted (I could not close the window or stop the scan otherwise):

Pattern Search - Looking at file: C:\Users\jmacbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3IRNENA\...

joy2mac

#6
Essexboy

Posted 04 April 2013 - 12:43 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets clear that folder and see if it will work, again try from safe mode first

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Users\jmacbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

:Commands
[resethosts]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#7
joy2mac

Posted 04 April 2013 - 02:39 PM

Member

Topic Starter
Member
44 posts

Hi,

I tried the OTL Run Fix in Safe Mode twice but it froze both times (one time with the OTL download provided earlier and a second time with the secondary OTL link provided).

The text at the bottom reads the following (and doesn't show movement):

"Moving file C:\Users\jmacbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5..."

The only way to have functionality again is to reboot.

EEK!

#8
Essexboy

Posted 04 April 2013 - 03:21 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets remove it from outside of windows

Download the attached fixlist.txt to the same USB as FRST
[attachment=64108:fixlist.txt]
Run FRST as previously
Press Fix
A log will be saved on the USB could you attach that

#9
joy2mac

Posted 04 April 2013 - 03:56 PM

Member

Topic Starter
Member
44 posts

Hi,

When I pressed "Fix" the progress line started moving but then froze.

Thank you for your patience,

joy2mac

#10
joy2mac

Posted 04 April 2013 - 04:43 PM

Member

Topic Starter
Member
44 posts

Hi,

I ran the Fix again in FRST and the log said the Temporary Internet Files\Content.IE5 could not be found. I ran the Fix a third time and the log is below.

Another note: I am having trouble booting from the USB (it takes multiple tries to do it). The computer tends to reboot through the hard drive after I select F9 (F9 normally produces a list of booting options at which point I choose the USB option). The computer has also rebooted with the hard drive after I select the USB option. Not sure if this is a symptom of the virus or something else.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-04 15:31:01 Run:3
Running from I:\

==============================================

C:\Users\jmacbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 moved successfully.

==== End of Fixlog ====

#11
joy2mac

Posted 04 April 2013 - 05:57 PM

Member

Topic Starter
Member
44 posts

I ran the OTL "Run Scan" as per directions in Post #4 (putting "netsvcs...CREATERESTORE POINT" in the Custom Scan box. The screen froze after 10 minutes. The scan line read:

Manual File Scan - Getting folder structure...

I ran the OTL "Quick Scan" as per the directions from "Read Before Starting a New Topic" and the following logs were created:

OTL logfile created on: 4/4/2013 4:37:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jmacbeth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 89.84% Memory free
15.98 Gb Paging File | 15.20 Gb Available in Paging File | 95.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.20 Gb Total Space | 231.80 Gb Free Space | 51.26% Space Free | Partition Type: NTFS
Drive D: | 13.27 Gb Total Space | 2.20 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: JMACBETH-PC | User Name: jmacbeth | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/04 16:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jmacbeth\Downloads\OTL(4).exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2010/02/19 23:00:32 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/09/04 14:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/02 14:35:06 | 000,990,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/03/12 14:56:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 11:55:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 22:59:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/02 17:16:46 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/10/21 00:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/02 20:58:12 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/17 13:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/17 13:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 13:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/17 13:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/08/22 02:54:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/14 23:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/07 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 20:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 11:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/12/01 18:53:22 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\kmw_kbd.sys -- (KMW_KBD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{CF1206D6-E217-45FF-BF34-CE4044CAA0B9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{FA7B2168-A1F9-442A-9918-CF7DFD682831}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CF1206D6-E217-45FF-BF34-CE4044CAA0B9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FA7B2168-A1F9-442A-9918-CF7DFD682831}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thebreast....faces?siteId=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {12E3B27C-B8A1-47BF-BBFB-4760AAD195F2}
IE - HKCU\..\SearchScopes\{12E3B27C-B8A1-47BF-BBFB-4760AAD195F2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{CF1206D6-E217-45FF-BF34-CE4044CAA0B9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{FA7B2168-A1F9-442A-9918-CF7DFD682831}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.thebreast...faces?siteId=2"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:55:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/20 12:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jmacbeth\AppData\Roaming\Mozilla\Extensions
[2012/11/19 17:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jmacbeth\AppData\Roaming\Mozilla\Firefox\Profiles\nvjd2odj.default\extensions
[2013/03/08 11:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 11:55:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 21:58:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 19:34:08 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....fr&d=2013-04-02 14:51:55&v=15.0.0.2&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1
CHR - Extension: AVG Security Toolbar = C:\Users\jmacbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.0.0.2_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_SPY.DLL File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [kmw_run.exe] C:\Windows\SysWow64\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...2/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://uoa.webex.co...ng/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21CC42A3-DF41-4E66-9A4F-ABDC0AAE821B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D6E3EE9-2713-41EA-A21E-6AE15F31D498}: DhcpNameServer = 192.168.1.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d1dbcb3-b97c-11e0-8a68-0027138e1288}\Shell - "" = AutoRun
O33 - MountPoints2\{5d1dbcb3-b97c-11e0-8a68-0027138e1288}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 13:19:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/03 15:19:12 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/03 08:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/04/03 08:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/03 08:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/04/02 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Roaming\AVG2013
[2013/04/02 21:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/02 21:58:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/02 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/02 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/04/02 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\Avg2013
[2013/04/02 17:32:29 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 17:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/02 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/02 17:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/04/02 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/04/02 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\AVG Secure Search
[2013/04/02 16:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/02 15:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/04/02 15:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/04/02 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/04/02 14:43:59 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\AVG SafeGuard toolbar
[2013/04/02 14:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/04/02 14:35:27 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/02 14:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/04/02 09:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/02 09:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/02 09:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/01 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Roaming\Malwarebytes
[2013/04/01 18:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/01 18:25:34 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\Programs
[2013/04/01 14:41:54 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Roaming\TuneUp Software
[2013/04/01 14:30:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/01 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\MFAData
[2013/04/01 14:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/27 19:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/19 20:52:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/03/14 11:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/03/13 22:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/08 11:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/04/04 16:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 16:34:24 | 2140,303,359 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 16:15:04 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 16:15:04 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 16:15:04 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 14:44:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 14:38:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/04/04 10:40:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 10:40:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/03 08:33:21 | 000,001,262 | ---- | M] () -- C:\Users\jmacbeth\Desktop\Spybot - Search & Destroy.lnk
[2013/04/03 07:56:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 22:05:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 21:58:57 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013/04/02 21:58:43 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/02 17:32:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 17:16:46 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/02 17:04:15 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/02 16:59:46 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjmacbeth.job
[2013/04/02 16:51:00 | 000,003,834 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/04/02 15:03:33 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/04/02 14:03:48 | 000,002,283 | ---- | M] () -- C:\Users\jmacbeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/02 09:46:11 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/02 09:46:09 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/27 19:50:41 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/22 14:08:04 | 002,999,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/04/03 15:26:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/03 08:33:21 | 000,001,262 | ---- | C] () -- C:\Users\jmacbeth\Desktop\Spybot - Search & Destroy.lnk
[2013/04/02 21:58:57 | 000,000,224 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013/04/02 21:58:43 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/02 17:32:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 17:04:10 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/02 16:51:00 | 000,003,834 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/04/02 15:18:15 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForjmacbeth.job
[2013/04/02 15:03:33 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/04/02 09:46:11 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/02 09:46:09 | 000,002,283 | ---- | C] () -- C:\Users\jmacbeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/02 09:46:09 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/27 19:50:41 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/13 21:44:34 | 000,001,854 | ---- | C] () -- C:\Users\jmacbeth\AppData\Roaming\GhostObjGAFix.xml
[2010/12/10 19:30:22 | 000,769,875 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpBUBBLE LOUNGE.JPG
[2010/11/29 19:20:51 | 000,322,586 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 3.0
[2010/11/29 19:20:51 | 000,104,934 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 3.JPG
[2010/11/29 19:19:30 | 000,348,127 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 2.0
[2010/11/29 19:19:30 | 000,108,746 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 2.JPG
[2010/10/15 02:17:58 | 000,769,875 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO[1].JPG
[2010/10/11 18:33:54 | 002,057,162 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO[1].0
[2010/03/18 19:35:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/13 20:25:49 | 000,295,746 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpMUGSHOT WITH HAT.JPG
[2010/03/13 20:25:19 | 000,568,507 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpMUGSHOT WITH HAT.0
[2010/03/03 00:17:55 | 000,376,172 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpIMG_1234_CROP.JPG
[2010/03/03 00:02:54 | 001,522,711 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpIMG_1234.JPG

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/30 22:07:32 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\AnvSoft
[2013/04/02 21:59:17 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\AVG2013
[2012/09/12 18:26:34 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\Barnes & Noble
[2012/09/19 19:54:26 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\DVD Catalyst 4
[2012/09/19 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\Leawo
[2013/04/02 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\RSIGuard
[2012/09/19 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\tiger-k
[2013/04/01 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\TuneUp Software
[2012/08/30 22:46:29 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\uTorrent
[2011/02/01 09:40:03 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\webex

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 4/4/2013 4:37:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jmacbeth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 89.84% Memory free
15.98 Gb Paging File | 15.20 Gb Available in Paging File | 95.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.20 Gb Total Space | 231.80 Gb Free Space | 51.26% Space Free | Partition Type: NTFS
Drive D: | 13.27 Gb Total Space | 2.20 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: JMACBETH-PC | User Name: jmacbeth | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB031AC-80D4-428B-B599-9F716893C32D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26E8D220-CA98-4C58-9EF1-D3B30542A6B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2AFB410F-93A0-4E2D-AC75-656B53BF8396}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31BA1E11-358F-4F94-A4E5-FF5639508160}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{527467C1-929E-42FA-A9CB-9BBBFCC867FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B6CDD07-7196-40C3-8251-BAB4352AAA2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E7C8D80-A02D-4DBB-8FB7-DC594F767648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{735BB37C-6E3B-43D3-86C7-AF7F9E3E59E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{794EBA7D-096D-4449-B1FF-2A7D57B47E9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ADDA5DD-5BED-4E08-8BA7-0CC0B01D26F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{91ED375D-8E2A-477F-9BBD-1EFA3028C311}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{97B6EC33-F755-475F-A7DA-11A12C83FD37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9CD4D9DF-6304-4DE0-B781-7CAF639F4BAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A5AE52FB-2A5F-4E27-BB66-6F67120A1F40}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AB9DE8BC-842A-4B41-AE32-D0D7F4C12AFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF586920-4187-43B2-B615-94AC1F39D74C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1FECB26-4B6B-43C9-AB1B-75C512EF1636}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3F93A80-AC22-4886-A935-E71C7CD77B72}" = lport=139 | protocol=6 | dir=in | app=system |
"{C43A1A2E-0EC5-4F00-B162-901435D7B25F}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9B84A4E-83E1-4F0E-9B59-0EB0652A050D}" = rport=138 | protocol=17 | dir=out | app=system |
"{D79A76F8-DCDA-448B-8BDD-01B89D486F7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E14A3778-11ED-4D00-A676-0FBD288547D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{EBE69D45-F54B-4A76-9608-B35C01011BA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA7666E8-CA04-4C03-98B4-680C2EA39039}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE09E18C-2004-4B34-B75C-7643D144208A}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FBC673-EA0E-44AF-9E13-C0877DCA8199}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{0D337B7B-6EB0-4A41-ACBC-FFC0F78DD188}" = protocol=1 | dir=in | [email protected],-28543 |
"{0E446CF7-AD84-4C0A-A338-BF7F3BBBC538}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10896100-B925-43E1-8480-4B039A74224F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{14F4FAA5-654A-48F5-AC62-A188D63DEB46}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |
"{16B2664A-8872-49F5-9978-4AA08B24483B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{1C6C5CF0-F37E-4758-B21B-25593AF634ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D12D51B-A114-464C-97DD-7FD7B7446735}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{235767DC-DB07-4B3C-A83B-0662281657B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23FCA668-0060-4268-AA69-DF58B1B8A5F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{2B738676-C33D-4CB3-A20C-F29A07041AE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2F3F5666-D133-47A9-9A15-1310DAEA3059}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2FB744D3-4ADF-4D70-A5CD-D66F4C45E140}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3082691C-38D4-4151-94B0-B7100B266654}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{3242675C-757E-4272-8733-62585B6A9C16}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |
"{3AB20CC2-9387-4D44-9A91-BBE46A15D271}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E0D4879-6F92-45CA-88E5-AD67C1D27F9A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{40F6C382-EE16-48E9-9FB7-879C6914818F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{494EDA1B-6ABC-4C27-9059-E584D5CAB05F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4BC00332-7EBF-4B23-B9F3-1BB15A1E14AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4CAA740C-B562-4856-B4C1-14AD33D9DFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{51FF70DB-3668-4613-AFEB-24ACEDAD580F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5531E487-5E6D-45C6-959E-046D515D1974}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5686ED2E-8AC6-474A-BE80-DE91211B478A}" = protocol=58 | dir=out | [email protected],-28546 |
"{5E12F855-9404-48F5-8F96-F57838CBE87E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EAC4949-29C8-4252-87F8-00066F61CDB8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{61E457B4-2B35-4076-B937-27881FD3A4CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{63C9D7A6-D16A-40F1-ACEE-3C9BAEFE5903}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{686E3478-BF8C-4ECE-B322-BDDC1B867FEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6A833FEF-155B-432B-8C8C-8480FCCEA0F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B0327B1-8F42-4075-8215-D19A59A73615}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6E01FD7E-52ED-4AB6-A46D-5832809F6182}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{70C0855C-1FA3-4804-B680-098A2767D970}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7580A675-37C1-4B93-9433-585BD150F5ED}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7669C8A6-834D-4795-8054-493FD3A66DCD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{76F29696-155A-4C7C-8914-A3FE213087C0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{78AC8992-AD88-429B-99FF-925BEC0B39CF}" = protocol=1 | dir=out | [email protected],-28544 |
"{790024A0-2DFE-4DCA-A220-C319155DB843}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{7BBB12F6-CAFC-449A-AADC-D51D82E74576}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7D0CCDD5-A6BA-4854-AA33-34138FE0AD13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{87DED328-1C49-4E70-9505-EDD46E4FF628}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CD23ACE-47E1-41CF-BA0D-9B7988F783BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8E6A2AFF-7AA9-4F1A-99F9-3593394F14BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8F0189A3-939D-4656-A8D1-4E4875AC1AC1}" = protocol=6 | dir=out | app=system |
"{911212F8-0C7D-4A67-8E8E-B0C9CF995CF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{929551B2-FAFD-4EC3-8562-16E0FE3BBFFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{935A8A29-A25E-4A08-B5C6-FC951E233E07}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{A98451D8-24F6-4BD5-9DA7-262CADC49F59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7E29A0C-2BBC-4B53-B045-1D2AA9B8774F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B9BDB194-3A91-4613-80C5-8B18206CB851}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{BC1CF063-1734-4AF4-8C0F-5239F112FF1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{C5CC9B73-E450-46C1-816E-BB39D2C3F15A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C977D56F-A6DA-40C6-A674-B2B769650B75}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CE2C69F5-F862-4BEF-A42B-8A04D3EA5419}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D18857D1-C81D-43A2-94A8-D2CC1B206CF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3142AFF-13B6-4AD9-B0B8-C13C6B5A3A3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6DE3EEF-262A-4962-9CDC-B3CB9DD775C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D77EB2B5-5401-4954-AB4D-4EB0CF446FCD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D785215A-D061-44EB-82AF-1FB5F75DC2A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{D88EB0D6-0D1D-4013-AA1E-2FF6E9D66B28}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{DCC98F95-E3E0-4D2E-9CC7-07DA7F44E6F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E223FC28-E989-44EF-9569-5A4F23FCCE77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3BAB8BF-BE74-4F2E-A646-8ABD9C55562B}" = protocol=58 | dir=in | [email protected],-28545 |
"{E46BA3CA-4BBE-4067-96EE-FAE89FE324E1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E669AF9B-4F60-404E-BBD5-CF0F9828660D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EAC1F0C9-8188-4532-A1AC-3A0FBB4D2B16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EAE9F007-0B13-4D9D-955C-00F11BC05AE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{EE914254-6B35-4480-B91C-4EC705FD5634}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF4511D7-0A57-4935-984F-77D206191D14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"TCP Query User{4A30072F-451E-479C-9C4F-F2FA8CEA3B71}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F34039DB-2133-41B0-B942-315A75DD41AB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3B9A305C-05ED-452F-BEEA-AD1C82952012}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B4DA155C-D047-453B-9CB8-F9175DC4EFFC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{45ABEF88-3864-41F5-8189-BB80F2C5A75C}" = AVG 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D61B8A31-FB27-4DC3-B89C-0279D8FF9C51}" = RSIGuard Stretch Edition
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E82FBDF4-8C89-4513-B8D8-23378WMVMP4}_is1" = Solid WMV to MP4 Video Converter 1.3.1
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.5.0
"AVG Secure Search" = AVG Security Toolbar
"BN_DesktopReader" = NOOK for PC
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVD Catalyst" = DVD Catalyst 4.2.5.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"GoToMeeting" = GoToMeeting 5.4.0.1082
"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2013 8:25:32 PM | Computer Name = jmacbeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary AVG TDI Driver. System Error: The system cannot find the file specified.
.

Error - 4/2/2013 8:43:54 PM | Computer Name = jmacbeth-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.70.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: bb0 Start Time:
01ce3002d37a5c61 Termination Time: 15 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: 854cffc8-9bf7-11e2-9a7c-0027138e1288

Error - 4/2/2013 9:00:30 PM | Computer Name = jmacbeth-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.70.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: fbc Start Time:
01ce3004de924dde Termination Time: 0 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: d6e24325-9bf9-11e2-94cc-0027138e1288

Error - 4/3/2013 12:57:57 AM | Computer Name = jmacbeth-PC | Source = System Restore | ID = 8193
Description =

Error - 4/3/2013 12:57:58 AM | Computer Name = jmacbeth-PC | Source = System Restore | ID = 8193
Description =

Error - 4/3/2013 12:58:03 AM | Computer Name = jmacbeth-PC | Source = System Restore | ID = 8193
Description =

Error - 4/3/2013 12:58:06 AM | Computer Name = jmacbeth-PC | Source = System Restore | ID = 8193
Description =

Error - 4/4/2013 12:52:54 PM | Computer Name = jmacbeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 4/4/2013 1:04:35 PM | Computer Name = jmacbeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 4/4/2013 5:28:57 PM | Computer Name = jmacbeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

[ Hewlett-Packard Events ]
Error - 10/8/2010 12:25:45 AM | Computer Name = jmacbeth-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/14/2011 12:44:33 AM | Computer Name = jmacbeth-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061113094431.xml
File not created by asset agent

[ Media Center Events ]
Error - 5/19/2012 7:17:33 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 4:17:29 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 8:17:51 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 5:17:50 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 9:14:41 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 6:14:41 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:35:08 AM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 6:35:02 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 2:11:09 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 11:11:09 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 3:11:34 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 12:11:33 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 4:11:51 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 1:11:51 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 5:12:09 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 2:12:09 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:57:14 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 4:57:13 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 12:31:39 PM | Computer Name = jmacbeth-PC | Source = MCUpdate | ID = 0
Description = 9:31:39 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ OSession Events ]
Error - 6/28/2012 11:23:17 AM | Computer Name = jmacbeth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3380
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 6/28/2012 11:24:12 AM | Computer Name = jmacbeth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2012 1:50:41 PM | Computer Name = jmacbeth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2786
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 7/9/2012 4:48:13 PM | Computer Name = jmacbeth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6515
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 7/25/2012 7:53:39 PM | Computer Name = jmacbeth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10114
seconds with 3840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/4/2013 7:41:40 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:42:24 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:42:24 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:42:24 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:43:40 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:43:40 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:43:40 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:44:30 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:44:30 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/4/2013 7:44:30 PM | Computer Name = jmacbeth-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

#12
Essexboy

Posted 05 April 2013 - 06:19 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm this is an intriguing situation

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
[2013/04/02 21:58:57 | 000,000,224 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#13
joy2mac

Posted 05 April 2013 - 09:36 AM

Member

Topic Starter
Member
44 posts

Hi,

Below is the OTL "Run Fix" Log that appeared after reboot (as per directions Post #12).

I will run OTL "Quick Scan" and put in my next post.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Windows\Tasks\SidebarExecute.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jmacbeth
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 266207808 bytes
->Java cache emptied: 45824685 bytes
->FireFox cache emptied: 111174603 bytes
->Google Chrome cache emptied: 13458474 bytes
->Flash cache emptied: 3123385 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 778817 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36034011 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 455.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 04052013_082528

Files\Folders moved on Reboot...
File move failed. C:\Users\jmacbeth\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14
joy2mac

Posted 05 April 2013 - 09:48 AM

Member

Topic Starter
Member
44 posts

Below is the log from the OTL "Quick Scan":

OTL logfile created on: 4/5/2013 8:38:30 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jmacbeth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 89.81% Memory free
15.98 Gb Paging File | 15.19 Gb Available in Paging File | 95.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.20 Gb Total Space | 232.25 Gb Free Space | 51.36% Space Free | Partition Type: NTFS
Drive D: | 13.27 Gb Total Space | 2.20 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: JMACBETH-PC | User Name: jmacbeth | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/04 16:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jmacbeth\Downloads\OTL(4).exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2010/02/19 23:00:32 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/09/04 14:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/02 14:35:06 | 000,990,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/03/12 14:56:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 11:55:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 22:59:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/02 17:16:46 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/10/21 00:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/02 20:58:12 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/17 13:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/17 13:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 13:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/17 13:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/08/22 02:54:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/14 23:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/07 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 20:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 11:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/12/01 18:53:22 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\kmw_kbd.sys -- (KMW_KBD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{CF1206D6-E217-45FF-BF34-CE4044CAA0B9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{FA7B2168-A1F9-442A-9918-CF7DFD682831}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CF1206D6-E217-45FF-BF34-CE4044CAA0B9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FA7B2168-A1F9-442A-9918-CF7DFD682831}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thebreast....faces?siteId=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {12E3B27C-B8A1-47BF-BBFB-4760AAD195F2}
IE - HKCU\..\SearchScopes\{12E3B27C-B8A1-47BF-BBFB-4760AAD195F2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{CF1206D6-E217-45FF-BF34-CE4044CAA0B9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{FA7B2168-A1F9-442A-9918-CF7DFD682831}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.thebreast...faces?siteId=2"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:55:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/20 12:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jmacbeth\AppData\Roaming\Mozilla\Extensions
[2012/11/19 17:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jmacbeth\AppData\Roaming\Mozilla\Firefox\Profiles\nvjd2odj.default\extensions
[2013/03/08 11:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 11:55:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 21:58:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 19:34:08 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....fr&d=2013-04-02 14:51:55&v=15.0.0.2&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1
CHR - Extension: AVG Security Toolbar = C:\Users\jmacbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.0.0.2_0\

O1 HOSTS File: ([2013/04/05 08:25:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_SPY.DLL File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [kmw_run.exe] C:\Windows\SysWow64\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...2/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://uoa.webex.co...ng/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21CC42A3-DF41-4E66-9A4F-ABDC0AAE821B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D6E3EE9-2713-41EA-A21E-6AE15F31D498}: DhcpNameServer = 192.168.1.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d1dbcb3-b97c-11e0-8a68-0027138e1288}\Shell - "" = AutoRun
O33 - MountPoints2\{5d1dbcb3-b97c-11e0-8a68-0027138e1288}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 13:19:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/03 15:19:12 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/03 08:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/04/03 08:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/03 08:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/04/02 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Roaming\AVG2013
[2013/04/02 21:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/02 21:58:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/02 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/02 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/04/02 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\Avg2013
[2013/04/02 17:32:29 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 17:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/02 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/02 17:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/04/02 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/04/02 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\AVG Secure Search
[2013/04/02 16:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/02 15:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/04/02 15:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/04/02 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/04/02 14:43:59 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\AVG SafeGuard toolbar
[2013/04/02 14:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/04/02 14:35:27 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/02 14:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/04/02 09:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/02 09:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/02 09:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/01 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Roaming\Malwarebytes
[2013/04/01 18:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/01 18:25:34 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\Programs
[2013/04/01 14:41:54 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Roaming\TuneUp Software
[2013/04/01 14:30:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/01 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\jmacbeth\AppData\Local\MFAData
[2013/04/01 14:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/27 19:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/19 20:52:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/03/14 11:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/03/13 22:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/08 11:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/04/05 08:33:47 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/05 08:33:47 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/05 08:33:47 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/05 08:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/05 08:29:11 | 2140,303,359 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 08:25:29 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/04 14:44:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 14:38:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/04/04 10:40:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 10:40:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/03 08:33:21 | 000,001,262 | ---- | M] () -- C:\Users\jmacbeth\Desktop\Spybot - Search & Destroy.lnk
[2013/04/03 07:56:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 22:05:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 21:58:43 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/02 17:32:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 17:16:46 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/02 17:04:15 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/02 16:59:46 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjmacbeth.job
[2013/04/02 16:51:00 | 000,003,834 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/04/02 15:03:33 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/04/02 14:03:48 | 000,002,283 | ---- | M] () -- C:\Users\jmacbeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/02 09:46:11 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/02 09:46:09 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/27 19:50:41 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/22 14:08:04 | 002,999,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/04/03 15:26:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/03 08:33:21 | 000,001,262 | ---- | C] () -- C:\Users\jmacbeth\Desktop\Spybot - Search & Destroy.lnk
[2013/04/02 21:58:43 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/02 17:32:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 17:04:10 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/02 16:51:00 | 000,003,834 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/04/02 15:18:15 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForjmacbeth.job
[2013/04/02 15:03:33 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/04/02 09:46:11 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/02 09:46:09 | 000,002,283 | ---- | C] () -- C:\Users\jmacbeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/02 09:46:09 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/27 19:50:41 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/13 21:44:34 | 000,001,854 | ---- | C] () -- C:\Users\jmacbeth\AppData\Roaming\GhostObjGAFix.xml
[2010/12/10 19:30:22 | 000,769,875 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpBUBBLE LOUNGE.JPG
[2010/11/29 19:20:51 | 000,322,586 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 3.0
[2010/11/29 19:20:51 | 000,104,934 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 3.JPG
[2010/11/29 19:19:30 | 000,348,127 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 2.0
[2010/11/29 19:19:30 | 000,108,746 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO 2.JPG
[2010/10/15 02:17:58 | 000,769,875 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO[1].JPG
[2010/10/11 18:33:54 | 002,057,162 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpPHOTO[1].0
[2010/03/18 19:35:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/13 20:25:49 | 000,295,746 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpMUGSHOT WITH HAT.JPG
[2010/03/13 20:25:19 | 000,568,507 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpMUGSHOT WITH HAT.0
[2010/03/03 00:17:55 | 000,376,172 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpIMG_1234_CROP.JPG
[2010/03/03 00:02:54 | 001,522,711 | ---- | C] () -- C:\Users\jmacbeth\AppData\Local\tmpIMG_1234.JPG

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/30 22:07:32 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\AnvSoft
[2013/04/02 21:59:17 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\AVG2013
[2012/09/12 18:26:34 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\Barnes & Noble
[2012/09/19 19:54:26 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\DVD Catalyst 4
[2012/09/19 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\Leawo
[2013/04/02 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\RSIGuard
[2012/09/19 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\tiger-k
[2013/04/01 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\TuneUp Software
[2012/08/30 22:46:29 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\uTorrent
[2011/02/01 09:40:03 | 000,000,000 | ---D | M] -- C:\Users\jmacbeth\AppData\Roaming\webex

========== Purity Check ==========

< End of report >

#15
joy2mac

Posted 05 April 2013 - 10:05 AM

Member

Topic Starter
Member
44 posts

After running TDSSKiller, I cannot find the "Cure" option in the Scan results. The screen only shows the Events and Objects and gives the option to Close the dialog box. There are 5 Suspicious Items listed and 5 Skipped by User Items (the latter of which were listed earlier as identified threats).

Below is the Report:

08:50:49.0899 1628 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:50:50.0398 1628 ============================================================
08:50:50.0398 1628 Current date / time: 2013/04/05 08:50:50.0398
08:50:50.0398 1628 SystemInfo:
08:50:50.0398 1628
08:50:50.0398 1628 OS Version: 6.1.7601 ServicePack: 1.0
08:50:50.0398 1628 Product type: Workstation
08:50:50.0398 1628 ComputerName: JMACBETH-PC
08:50:50.0398 1628 UserName: jmacbeth
08:50:50.0398 1628 Windows directory: C:\Windows
08:50:50.0398 1628 System windows directory: C:\Windows
08:50:50.0398 1628 Running under WOW64
08:50:50.0398 1628 Processor architecture: Intel x64
08:50:50.0398 1628 Number of processors: 8
08:50:50.0398 1628 Page size: 0x1000
08:50:50.0398 1628 Boot type: Safe boot with network
08:50:50.0398 1628 ============================================================
08:50:51.0038 1628 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:50:51.0038 1628 ============================================================
08:50:51.0038 1628 \Device\Harddisk0\DR0:
08:50:51.0038 1628 MBR partitions:
08:50:51.0038 1628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:50:51.0038 1628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38864000
08:50:51.0038 1628 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x388C8000, BlocksNum 0x1A8A000
08:50:51.0038 1628 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
08:50:51.0038 1628 ============================================================
08:50:51.0069 1628 C: <-> \Device\Harddisk0\DR0\Partition2
08:50:51.0131 1628 D: <-> \Device\Harddisk0\DR0\Partition3
08:50:51.0131 1628 E: <-> \Device\Harddisk0\DR0\Partition4
08:50:51.0131 1628 ============================================================
08:50:51.0131 1628 Initialize success
08:50:51.0131 1628 ============================================================
08:51:26.0731 1748 ============================================================
08:51:26.0731 1748 Scan started
08:51:26.0731 1748 Mode: Manual; SigCheck; TDLFS;
08:51:26.0731 1748 ============================================================
08:51:27.0199 1748 ================ Scan system memory ========================
08:51:27.0199 1748 System memory - ok
08:51:27.0199 1748 ================ Scan services =============================
08:51:27.0386 1748 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:51:27.0667 1748 1394ohci - ok
08:51:27.0713 1748 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
08:51:27.0791 1748 Accelerometer - ok
08:51:27.0854 1748 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:51:27.0885 1748 ACPI - ok
08:51:27.0932 1748 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:51:28.0025 1748 AcpiPmi - ok
08:51:28.0103 1748 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
08:51:28.0103 1748 adfs - ok
08:51:28.0259 1748 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:51:28.0259 1748 AdobeARMservice - ok
08:51:28.0400 1748 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:51:28.0431 1748 AdobeFlashPlayerUpdateSvc - ok
08:51:28.0478 1748 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:51:28.0493 1748 adp94xx - ok
08:51:28.0540 1748 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:51:28.0556 1748 adpahci - ok
08:51:28.0587 1748 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:51:28.0603 1748 adpu320 - ok
08:51:28.0634 1748 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:51:28.0774 1748 AeLookupSvc - ok
08:51:28.0868 1748 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
08:51:28.0930 1748 AESTFilters - ok
08:51:29.0008 1748 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:51:29.0071 1748 AFD - ok
08:51:29.0117 1748 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:51:29.0133 1748 agp440 - ok
08:51:29.0149 1748 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:51:29.0195 1748 ALG - ok
08:51:29.0258 1748 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:51:29.0273 1748 aliide - ok
08:51:29.0305 1748 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:51:29.0320 1748 amdide - ok
08:51:29.0367 1748 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:51:29.0429 1748 AmdK8 - ok
08:51:29.0476 1748 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:51:29.0507 1748 AmdPPM - ok
08:51:29.0570 1748 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:51:29.0585 1748 amdsata - ok
08:51:29.0617 1748 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:51:29.0632 1748 amdsbs - ok
08:51:29.0648 1748 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:51:29.0663 1748 amdxata - ok
08:51:29.0741 1748 [ E71711D37C48AC40FD3E2866A5ABBA51 ] anvsnddrv C:\Windows\system32\drivers\anvsnddrv.sys
08:51:29.0757 1748 anvsnddrv - ok
08:51:29.0819 1748 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:51:29.0991 1748 AppID - ok
08:51:30.0022 1748 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:51:30.0085 1748 AppIDSvc - ok
08:51:30.0116 1748 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:51:30.0163 1748 Appinfo - ok
08:51:30.0319 1748 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:51:30.0334 1748 Apple Mobile Device - ok
08:51:30.0412 1748 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:51:30.0428 1748 arc - ok
08:51:30.0443 1748 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:51:30.0459 1748 arcsas - ok
08:51:30.0537 1748 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:51:30.0599 1748 AsyncMac - ok
08:51:30.0662 1748 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:51:30.0677 1748 atapi - ok
08:51:30.0724 1748 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:51:30.0802 1748 AudioEndpointBuilder - ok
08:51:30.0849 1748 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:51:30.0896 1748 AudioSrv - ok
08:51:31.0161 1748 [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
08:51:31.0317 1748 AVGIDSAgent - ok
08:51:31.0379 1748 [ AC6CB348F67B6B1B75C0EFB8927A8B03 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:51:31.0395 1748 AVGIDSDriver - ok
08:51:31.0411 1748 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
08:51:31.0426 1748 AVGIDSHA - ok
08:51:31.0520 1748 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
08:51:31.0535 1748 Avgldx64 - ok
08:51:31.0598 1748 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
08:51:31.0629 1748 Avgloga - ok
08:51:31.0629 1748 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
08:51:31.0645 1748 Avgmfx64 - ok
08:51:31.0676 1748 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
08:51:31.0676 1748 Avgrkx64 - ok
08:51:31.0707 1748 [ 71309F30D4F4565EC611FE3FC33A3A0F ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
08:51:31.0723 1748 Avgtdia - ok
08:51:31.0801 1748 [ 76DCA54A83A34CCBBBDCE7ADA01E0068 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
08:51:31.0816 1748 avgtp - ok
08:51:31.0879 1748 [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
08:51:31.0894 1748 avgwd - ok
08:51:31.0988 1748 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:51:32.0035 1748 AxInstSV - ok
08:51:32.0081 1748 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:51:32.0113 1748 b06bdrv - ok
08:51:32.0159 1748 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:51:32.0222 1748 b57nd60a - ok
08:51:32.0284 1748 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
08:51:32.0393 1748 BCM43XX - ok
08:51:32.0425 1748 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:51:32.0456 1748 BDESVC - ok
08:51:32.0487 1748 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:51:32.0549 1748 Beep - ok
08:51:32.0627 1748 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:51:32.0705 1748 BFE - ok
08:51:32.0768 1748 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:51:32.0799 1748 blbdrive - ok
08:51:32.0939 1748 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:51:32.0955 1748 Bonjour Service - ok
08:51:33.0017 1748 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:51:33.0033 1748 bowser - ok
08:51:33.0049 1748 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:51:33.0111 1748 BrFiltLo - ok
08:51:33.0127 1748 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:51:33.0142 1748 BrFiltUp - ok
08:51:33.0189 1748 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:51:33.0220 1748 Browser - ok
08:51:33.0267 1748 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:51:33.0314 1748 Brserid - ok
08:51:33.0329 1748 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:51:33.0361 1748 BrSerWdm - ok
08:51:33.0392 1748 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:51:33.0439 1748 BrUsbMdm - ok
08:51:33.0454 1748 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:51:33.0485 1748 BrUsbSer - ok
08:51:33.0563 1748 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:51:33.0641 1748 BthEnum - ok
08:51:33.0657 1748 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:51:33.0704 1748 BTHMODEM - ok
08:51:33.0735 1748 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:51:33.0766 1748 BthPan - ok
08:51:33.0797 1748 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:51:33.0875 1748 BTHPORT - ok
08:51:33.0907 1748 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:51:33.0953 1748 bthserv - ok
08:51:33.0985 1748 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:51:34.0000 1748 BTHUSB - ok
08:51:34.0063 1748 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
08:51:34.0078 1748 btwaudio - ok
08:51:34.0094 1748 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
08:51:34.0109 1748 btwavdt - ok
08:51:34.0156 1748 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:51:34.0187 1748 btwdins - ok
08:51:34.0203 1748 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
08:51:34.0203 1748 btwl2cap - ok
08:51:34.0219 1748 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
08:51:34.0219 1748 btwrchid - ok
08:51:34.0265 1748 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:51:34.0312 1748 cdfs - ok
08:51:34.0390 1748 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:51:34.0421 1748 cdrom - ok
08:51:34.0499 1748 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:51:34.0562 1748 CertPropSvc - ok
08:51:34.0624 1748 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:51:34.0655 1748 circlass - ok
08:51:34.0687 1748 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:51:34.0718 1748 CLFS - ok
08:51:34.0765 1748 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:34.0765 1748 clr_optimization_v2.0.50727_32 - ok
08:51:34.0827 1748 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:51:34.0843 1748 clr_optimization_v2.0.50727_64 - ok
08:51:34.0952 1748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:51:34.0967 1748 clr_optimization_v4.0.30319_32 - ok
08:51:34.0983 1748 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:51:34.0999 1748 clr_optimization_v4.0.30319_64 - ok
08:51:35.0014 1748 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:51:35.0045 1748 CmBatt - ok
08:51:35.0077 1748 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:51:35.0077 1748 cmdide - ok
08:51:35.0139 1748 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:51:35.0201 1748 CNG - ok
08:51:35.0248 1748 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:51:35.0264 1748 Com4QLBEx - ok
08:51:35.0279 1748 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:51:35.0295 1748 Compbatt - ok
08:51:35.0357 1748 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:51:35.0389 1748 CompositeBus - ok
08:51:35.0420 1748 COMSysApp - ok
08:51:35.0435 1748 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:51:35.0451 1748 crcdisk - ok
08:51:35.0513 1748 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:51:35.0560 1748 CryptSvc - ok
08:51:35.0607 1748 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:51:35.0669 1748 DcomLaunch - ok
08:51:35.0716 1748 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:51:35.0763 1748 defragsvc - ok
08:51:35.0810 1748 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:51:35.0872 1748 DfsC - ok
08:51:35.0919 1748 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:51:35.0966 1748 Dhcp - ok
08:51:35.0997 1748 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:51:36.0044 1748 discache - ok
08:51:36.0091 1748 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:51:36.0106 1748 Disk - ok
08:51:36.0153 1748 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:51:36.0200 1748 Dnscache - ok
08:51:36.0247 1748 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:51:36.0278 1748 dot3svc - ok
08:51:36.0356 1748 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
08:51:36.0387 1748 Dot4 - ok
08:51:36.0465 1748 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
08:51:36.0496 1748 Dot4Print - ok
08:51:36.0527 1748 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
08:51:36.0559 1748 dot4usb - ok
08:51:36.0621 1748 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:51:36.0683 1748 DPS - ok
08:51:36.0730 1748 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:51:36.0761 1748 drmkaud - ok
08:51:36.0871 1748 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:51:36.0917 1748 DXGKrnl - ok
08:51:36.0964 1748 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:51:37.0027 1748 EapHost - ok
08:51:37.0120 1748 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:51:37.0214 1748 ebdrv - ok
08:51:37.0261 1748 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:51:37.0292 1748 EFS - ok
08:51:37.0370 1748 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:51:37.0417 1748 ehRecvr - ok
08:51:37.0448 1748 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:51:37.0495 1748 ehSched - ok
08:51:37.0541 1748 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:51:37.0573 1748 elxstor - ok
08:51:37.0604 1748 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
08:51:37.0651 1748 enecir - ok
08:51:37.0697 1748 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:51:37.0729 1748 ErrDev - ok
08:51:37.0791 1748 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:51:37.0838 1748 EventSystem - ok
08:51:37.0885 1748 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:51:37.0947 1748 exfat - ok
08:51:37.0978 1748 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:51:38.0025 1748 fastfat - ok
08:51:38.0103 1748 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:51:38.0150 1748 Fax - ok
08:51:38.0197 1748 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:51:38.0243 1748 fdc - ok
08:51:38.0259 1748 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:51:38.0306 1748 fdPHost - ok
08:51:38.0306 1748 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:51:38.0368 1748 FDResPub - ok
08:51:38.0399 1748 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:51:38.0415 1748 FileInfo - ok
08:51:38.0431 1748 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:51:38.0477 1748 Filetrace - ok
08:51:38.0540 1748 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:51:38.0571 1748 FLEXnet Licensing Service - ok
08:51:38.0618 1748 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:51:38.0665 1748 FLEXnet Licensing Service 64 - ok
08:51:38.0680 1748 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:51:38.0696 1748 flpydisk - ok
08:51:38.0743 1748 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:51:38.0774 1748 FltMgr - ok
08:51:38.0821 1748 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:51:38.0867 1748 FontCache - ok
08:51:38.0945 1748 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:51:38.0945 1748 FontCache3.0.0.0 - ok
08:51:38.0977 1748 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:51:38.0992 1748 FsDepends - ok
08:51:39.0055 1748 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:51:39.0070 1748 Fs_Rec - ok
08:51:39.0148 1748 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:51:39.0164 1748 fvevol - ok
08:51:39.0179 1748 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:51:39.0195 1748 gagp30kx - ok
08:51:39.0257 1748 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
08:51:39.0273 1748 GameConsoleService - ok
08:51:39.0351 1748 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:51:39.0367 1748 GEARAspiWDM - ok
08:51:39.0445 1748 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:51:39.0523 1748 gpsvc - ok
08:51:39.0725 1748 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:51:39.0741 1748 gupdate - ok
08:51:39.0757 1748 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:51:39.0772 1748 gupdatem - ok
08:51:39.0850 1748 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:51:39.0866 1748 gusvc - ok
08:51:39.0881 1748 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:51:39.0913 1748 hcw85cir - ok
08:51:39.0975 1748 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:51:40.0006 1748 HdAudAddService - ok
08:51:40.0022 1748 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:51:40.0069 1748 HDAudBus - ok
08:51:40.0084 1748 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:51:40.0100 1748 HidBatt - ok
08:51:40.0115 1748 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:51:40.0131 1748 HidBth - ok
08:51:40.0162 1748 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:51:40.0193 1748 HidIr - ok
08:51:40.0225 1748 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:51:40.0287 1748 hidserv - ok
08:51:40.0334 1748 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:51:40.0334 1748 HidUsb - ok
08:51:40.0396 1748 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:51:40.0459 1748 hkmsvc - ok
08:51:40.0505 1748 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:51:40.0537 1748 HomeGroupListener - ok
08:51:40.0583 1748 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:51:40.0615 1748 HomeGroupProvider - ok
08:51:40.0708 1748 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:51:40.0724 1748 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
08:51:40.0724 1748 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
08:51:40.0771 1748 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
08:51:40.0771 1748 hpdskflt - ok
08:51:40.0802 1748 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:51:40.0849 1748 HpqKbFiltr - ok
08:51:40.0927 1748 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:51:40.0973 1748 hpqwmiex - ok
08:51:41.0051 1748 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:51:41.0067 1748 HpSAMD - ok
08:51:41.0098 1748 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
08:51:41.0114 1748 hpsrv - ok
08:51:41.0192 1748 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:51:41.0270 1748 HTTP - ok
08:51:41.0301 1748 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:51:41.0317 1748 hwpolicy - ok
08:51:41.0348 1748 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:51:41.0363 1748 i8042prt - ok
08:51:41.0395 1748 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:51:41.0410 1748 iaStor - ok
08:51:41.0441 1748 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:51:41.0457 1748 iaStorV - ok
08:51:41.0551 1748 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:51:41.0582 1748 idsvc - ok
08:51:41.0722 1748 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:51:41.0909 1748 igfx - ok
08:51:41.0956 1748 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:51:41.0956 1748 iirsp - ok
08:51:42.0034 1748 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:51:42.0112 1748 IKEEXT - ok
08:51:42.0143 1748 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:51:42.0159 1748 intelide - ok
08:51:42.0190 1748 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:51:42.0221 1748 intelppm - ok
08:51:42.0253 1748 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:51:42.0315 1748 IPBusEnum - ok
08:51:42.0362 1748 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:51:42.0424 1748 IpFilterDriver - ok
08:51:42.0471 1748 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:51:42.0502 1748 iphlpsvc - ok
08:51:42.0549 1748 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:51:42.0580 1748 IPMIDRV - ok
08:51:42.0611 1748 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:51:42.0674 1748 IPNAT - ok
08:51:42.0783 1748 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:51:42.0814 1748 iPod Service - ok
08:51:42.0846 1748 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:51:42.0877 1748 IRENUM - ok
08:51:42.0908 1748 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:51:42.0908 1748 isapnp - ok
08:51:42.0939 1748 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:51:42.0970 1748 iScsiPrt - ok
08:51:43.0002 1748 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
08:51:43.0033 1748 JMCR - ok
08:51:43.0064 1748 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:51:43.0080 1748 kbdclass - ok
08:51:43.0111 1748 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:51:43.0126 1748 kbdhid - ok
08:51:43.0142 1748 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:51:43.0142 1748 KeyIso - ok
08:51:43.0173 1748 KMW_KBD - ok
08:51:43.0220 1748 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:51:43.0236 1748 KSecDD - ok
08:51:43.0298 1748 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:51:43.0314 1748 KSecPkg - ok
08:51:43.0345 1748 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:51:43.0407 1748 ksthunk - ok
08:51:43.0438 1748 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:51:43.0516 1748 KtmRm - ok
08:51:43.0548 1748 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:51:43.0610 1748 LanmanServer - ok
08:51:43.0657 1748 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:51:43.0719 1748 LanmanWorkstation - ok
08:51:43.0797 1748 [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:51:43.0828 1748 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
08:51:43.0828 1748 LightScribeService - detected UnsignedFile.Multi.Generic (1)
08:51:43.0860 1748 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:51:43.0922 1748 lltdio - ok
08:51:43.0953 1748 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:51:44.0000 1748 lltdsvc - ok
08:51:44.0016 1748 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:51:44.0062 1748 lmhosts - ok
08:51:44.0078 1748 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:51:44.0094 1748 LSI_FC - ok
08:51:44.0125 1748 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:51:44.0140 1748 LSI_SAS - ok
08:51:44.0156 1748 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:51:44.0172 1748 LSI_SAS2 - ok
08:51:44.0203 1748 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:51:44.0218 1748 LSI_SCSI - ok
08:51:44.0250 1748 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:51:44.0312 1748 luafv - ok
08:51:44.0390 1748 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:51:44.0421 1748 Mcx2Svc - ok
08:51:44.0421 1748 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:51:44.0437 1748 megasas - ok
08:51:44.0484 1748 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:51:44.0499 1748 MegaSR - ok
08:51:44.0515 1748 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:51:44.0577 1748 MMCSS - ok
08:51:44.0593 1748 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:51:44.0655 1748 Modem - ok
08:51:44.0686 1748 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:51:44.0718 1748 monitor - ok
08:51:44.0749 1748 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:51:44.0749 1748 mouclass - ok
08:51:44.0780 1748 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:51:44.0811 1748 mouhid - ok
08:51:44.0858 1748 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:51:44.0874 1748 mountmgr - ok
08:51:44.0936 1748 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:51:44.0952 1748 MozillaMaintenance - ok
08:51:44.0967 1748 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:51:44.0983 1748 mpio - ok
08:51:44.0998 1748 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:51:45.0045 1748 mpsdrv - ok
08:51:45.0092 1748 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:51:45.0154 1748 MpsSvc - ok
08:51:45.0217 1748 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:51:45.0248 1748 MRxDAV - ok
08:51:45.0310 1748 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:51:45.0357 1748 mrxsmb - ok
08:51:45.0420 1748 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:51:45.0451 1748 mrxsmb10 - ok
08:51:45.0482 1748 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:51:45.0498 1748 mrxsmb20 - ok
08:51:45.0513 1748 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:51:45.0513 1748 msahci - ok
08:51:45.0576 1748 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:51:45.0591 1748 msdsm - ok
08:51:45.0607 1748 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:51:45.0622 1748 MSDTC - ok
08:51:45.0669 1748 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:51:45.0700 1748 Msfs - ok
08:51:45.0716 1748 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:51:45.0778 1748 mshidkmdf - ok
08:51:45.0794 1748 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:51:45.0810 1748 msisadrv - ok
08:51:45.0856 1748 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:51:45.0903 1748 MSiSCSI - ok
08:51:45.0903 1748 msiserver - ok
08:51:45.0934 1748 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:51:45.0981 1748 MSKSSRV - ok
08:51:46.0028 1748 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:51:46.0090 1748 MSPCLOCK - ok
08:51:46.0122 1748 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:51:46.0184 1748 MSPQM - ok
08:51:46.0215 1748 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:51:46.0246 1748 MsRPC - ok
08:51:46.0278 1748 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:51:46.0293 1748 mssmbios - ok
08:51:46.0293 1748 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:51:46.0356 1748 MSTEE - ok
08:51:46.0402 1748 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:51:46.0434 1748 MTConfig - ok
08:51:46.0465 1748 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:51:46.0480 1748 Mup - ok
08:51:46.0527 1748 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:51:46.0590 1748 napagent - ok
08:51:46.0636 1748 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:51:46.0683 1748 NativeWifiP - ok
08:51:46.0746 1748 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:51:46.0792 1748 NDIS - ok
08:51:46.0808 1748 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:51:46.0839 1748 NdisCap - ok
08:51:46.0870 1748 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:51:46.0902 1748 NdisTapi - ok
08:51:46.0948 1748 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:51:47.0011 1748 Ndisuio - ok
08:51:47.0058 1748 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:51:47.0120 1748 NdisWan - ok
08:51:47.0167 1748 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:51:47.0229 1748 NDProxy - ok
08:51:47.0338 1748 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:51:47.0338 1748 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:51:47.0338 1748 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:51:47.0385 1748 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:51:47.0448 1748 NetBIOS - ok
08:51:47.0479 1748 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:51:47.0526 1748 NetBT - ok
08:51:47.0526 1748 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:51:47.0541 1748 Netlogon - ok
08:51:47.0572 1748 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:51:47.0635 1748 Netman - ok
08:51:47.0666 1748 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:51:47.0744 1748 netprofm - ok
08:51:47.0775 1748 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:51:47.0791 1748 NetTcpPortSharing - ok
08:51:47.0978 1748 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
08:51:48.0212 1748 NETw5s64 - ok
08:51:48.0321 1748 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
08:51:48.0493 1748 netw5v64 - ok
08:51:48.0540 1748 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:51:48.0555 1748 nfrd960 - ok
08:51:48.0618 1748 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:51:48.0649 1748 NlaSvc - ok
08:51:48.0680 1748 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:51:48.0711 1748 Npfs - ok
08:51:48.0742 1748 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:51:48.0774 1748 nsi - ok
08:51:48.0789 1748 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:51:48.0852 1748 nsiproxy - ok
08:51:48.0914 1748 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:51:48.0976 1748 Ntfs - ok
08:51:49.0023 1748 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:51:49.0086 1748 Null - ok
08:51:49.0132 1748 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
08:51:49.0148 1748 NVHDA - ok
08:51:49.0335 1748 [ D1DB65FDDA7AF4853EF0994BB111D778 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:51:49.0678 1748 nvlddmkm - ok
08:51:49.0710 1748 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:51:49.0725 1748 nvraid - ok
08:51:49.0741 1748 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:51:49.0756 1748 nvstor - ok
08:51:49.0803 1748 [ 8F9C2A5F96810467D50687AE00465424 ] nvsvc C:\Windows\system32\nvvsvc.exe
08:51:49.0819 1748 nvsvc - ok
08:51:49.0834 1748 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:51:49.0850 1748 nv_agp - ok
08:51:49.0928 1748 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:51:49.0944 1748 odserv - ok
08:51:49.0990 1748 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:51:50.0006 1748 ohci1394 - ok
08:51:50.0037 1748 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:50.0053 1748 ose - ok
08:51:50.0084 1748 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:51:50.0131 1748 p2pimsvc - ok
08:51:50.0162 1748 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:51:50.0193 1748 p2psvc - ok
08:51:50.0224 1748 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:51:50.0240 1748 Parport - ok
08:51:50.0287 1748 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:51:50.0302 1748 partmgr - ok
08:51:50.0318 1748 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:51:50.0365 1748 PcaSvc - ok
08:51:50.0380 1748 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:51:50.0396 1748 pci - ok
08:51:50.0443 1748 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:51:50.0458 1748 pciide - ok
08:51:50.0474 1748 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:51:50.0505 1748 pcmcia - ok
08:51:50.0521 1748 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:51:50.0536 1748 pcw - ok
08:51:50.0552 1748 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:51:50.0630 1748 PEAUTH - ok
08:51:50.0708 1748 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:51:50.0739 1748 PerfHost - ok
08:51:50.0802 1748 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:51:50.0880 1748 pla - ok
08:51:50.0958 1748 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:51:50.0989 1748 PlugPlay - ok
08:51:51.0098 1748 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:51:51.0098 1748 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:51:51.0114 1748 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:51:51.0129 1748 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:51:51.0160 1748 PNRPAutoReg - ok
08:51:51.0207 1748 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:51:51.0223 1748 PNRPsvc - ok
08:51:51.0238 1748 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:51:51.0316 1748 PolicyAgent - ok
08:51:51.0348 1748 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:51:51.0410 1748 Power - ok
08:51:51.0472 1748 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:51:51.0519 1748 PptpMiniport - ok
08:51:51.0550 1748 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:51:51.0582 1748 Processor - ok
08:51:51.0660 1748 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:51:51.0675 1748 ProfSvc - ok
08:51:51.0691 1748 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:51:51.0691 1748 ProtectedStorage - ok
08:51:51.0769 1748 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:51:51.0800 1748 Psched - ok
08:51:51.0831 1748 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:51:51.0894 1748 ql2300 - ok
08:51:51.0925 1748 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:51:51.0925 1748 ql40xx - ok
08:51:51.0956 1748 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:51:51.0972 1748 QWAVE - ok
08:51:52.0003 1748 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:51:52.0034 1748 QWAVEdrv - ok
08:51:52.0065 1748 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:51:52.0128 1748 RasAcd - ok
08:51:52.0174 1748 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:51:52.0206 1748 RasAgileVpn - ok
08:51:52.0221 1748 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:51:52.0284 1748 RasAuto - ok
08:51:52.0330 1748 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:51:52.0393 1748 Rasl2tp - ok
08:51:52.0440 1748 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:51:52.0486 1748 RasMan - ok
08:51:52.0502 1748 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:51:52.0533 1748 RasPppoe - ok
08:51:52.0564 1748 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:51:52.0627 1748 RasSstp - ok
08:51:52.0658 1748 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:51:52.0720 1748 rdbss - ok
08:51:52.0752 1748 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:51:52.0767 1748 rdpbus - ok
08:51:52.0783 1748 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:51:52.0830 1748 RDPCDD - ok
08:51:52.0876 1748 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:51:52.0939 1748 RDPENCDD - ok
08:51:52.0939 1748 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:51:52.0970 1748 RDPREFMP - ok
08:51:53.0032 1748 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:51:53.0048 1748 RDPWD - ok
08:51:53.0110 1748 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:51:53.0126 1748 rdyboost - ok
08:51:53.0157 1748 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:51:53.0220 1748 RemoteAccess - ok
08:51:53.0251 1748 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:51:53.0313 1748 RemoteRegistry - ok
08:51:53.0376 1748 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:51:53.0407 1748 RFCOMM - ok
08:51:53.0500 1748 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
08:51:53.0500 1748 RichVideo - ok
08:51:53.0532 1748 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:51:53.0594 1748 RpcEptMapper - ok
08:51:53.0625 1748 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:51:53.0656 1748 RpcLocator - ok
08:51:53.0703 1748 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:51:53.0750 1748 RpcSs - ok
08:51:53.0781 1748 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:51:53.0844 1748 rspndr - ok
08:51:53.0906 1748 [ 5B04929EF24F87E239B880FAAE410E3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:51:53.0968 1748 RTL8167 - ok
08:51:54.0000 1748 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:51:54.0000 1748 SamSs - ok
08:51:54.0062 1748 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:51:54.0078 1748 sbp2port - ok
08:51:54.0109 1748 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:51:54.0140 1748 SCardSvr - ok
08:51:54.0187 1748 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:51:54.0249 1748 scfilter - ok
08:51:54.0312 1748 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:51:54.0390 1748 Schedule - ok
08:51:54.0436 1748 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:51:54.0468 1748 SCPolicySvc - ok
08:51:54.0483 1748 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
08:51:54.0499 1748 sdbus - ok
08:51:54.0561 1748 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:51:54.0592 1748 SDRSVC - ok
08:51:54.0624 1748 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:51:54.0670 1748 secdrv - ok
08:51:54.0733 1748 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:51:54.0764 1748 seclogon - ok
08:51:54.0780 1748 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:51:54.0826 1748 SENS - ok
08:51:54.0858 1748 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:51:54.0858 1748 SensrSvc - ok
08:51:54.0889 1748 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:51:54.0936 1748 Serenum - ok
08:51:54.0967 1748 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:51:54.0967 1748 Serial - ok
08:51:54.0982 1748 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:51:55.0014 1748 sermouse - ok
08:51:55.0076 1748 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:51:55.0138 1748 SessionEnv - ok
08:51:55.0154 1748 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:51:55.0185 1748 sffdisk - ok
08:51:55.0201 1748 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:51:55.0216 1748 sffp_mmc - ok
08:51:55.0232 1748 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:51:55.0263 1748 sffp_sd - ok
08:51:55.0294 1748 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:51:55.0326 1748 sfloppy - ok
08:51:55.0372 1748 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:51:55.0419 1748 SharedAccess - ok
08:51:55.0466 1748 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:51:55.0513 1748 ShellHWDetection - ok
08:51:55.0544 1748 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:51:55.0560 1748 SiSRaid2 - ok
08:51:55.0575 1748 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:51:55.0591 1748 SiSRaid4 - ok
08:51:55.0669 1748 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:51:55.0684 1748 SkypeUpdate - ok
08:51:55.0716 1748 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:51:55.0747 1748 Smb - ok
08:51:55.0778 1748 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:51:55.0809 1748 SNMPTRAP - ok
08:51:55.0840 1748 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:51:55.0856 1748 spldr - ok
08:51:55.0918 1748 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:51:55.0950 1748 Spooler - ok
08:51:56.0059 1748 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:51:56.0215 1748 sppsvc - ok
08:51:56.0230 1748 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:51:56.0293 1748 sppuinotify - ok
08:51:56.0340 1748 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:51:56.0402 1748 srv - ok
08:51:56.0464 1748 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:51:56.0496 1748 srv2 - ok
08:51:56.0542 1748 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:51:56.0558 1748 SrvHsfHDA - ok
08:51:56.0589 1748 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:51:56.0667 1748 SrvHsfV92 - ok
08:51:56.0698 1748 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:51:56.0730 1748 SrvHsfWinac - ok
08:51:56.0761 1748 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:51:56.0792 1748 srvnet - ok
08:51:56.0839 1748 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:51:56.0901 1748 SSDPSRV - ok
08:51:56.0917 1748 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:51:56.0964 1748 SstpSvc - ok
08:51:57.0057 1748 [ 57BEB4500716DD30B65DFA85A35CC3D7 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
08:51:57.0088 1748 STacSV - ok
08:51:57.0135 1748 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:51:57.0135 1748 stexstor - ok
08:51:57.0182 1748 [ 1FEDF8D130CE221521B9BAD6703B92DE ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:51:57.0198 1748 STHDA - ok
08:51:57.0260 1748 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:51:57.0307 1748 stisvc - ok
08:51:57.0354 1748 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:51:57.0354 1748 swenum - ok
08:51:57.0400 1748 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:51:57.0447 1748 swprv - ok
08:51:57.0494 1748 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:51:57.0510 1748 SynTP - ok
08:51:57.0588 1748 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:51:57.0666 1748 SysMain - ok
08:51:57.0712 1748 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:51:57.0728 1748 TabletInputService - ok
08:51:57.0775 1748 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:51:57.0853 1748 TapiSrv - ok
08:51:57.0868 1748 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:51:57.0915 1748 TBS - ok
08:51:57.0993 1748 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:51:58.0071 1748 Tcpip - ok
08:51:58.0149 1748 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:51:58.0180 1748 TCPIP6 - ok
08:51:58.0243 1748 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:51:58.0274 1748 tcpipreg - ok
08:51:58.0305 1748 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:51:58.0336 1748 TDPIPE - ok
08:51:58.0383 1748 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:51:58.0414 1748 TDTCP - ok
08:51:58.0492 1748 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:51:58.0524 1748 tdx - ok
08:51:58.0570 1748 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:51:58.0586 1748 TermDD - ok
08:51:58.0617 1748 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:51:58.0695 1748 TermService - ok
08:51:58.0726 1748 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:51:58.0773 1748 Themes - ok
08:51:58.0804 1748 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:51:58.0836 1748 THREADORDER - ok
08:51:58.0851 1748 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:51:58.0929 1748 TrkWks - ok
08:51:59.0007 1748 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:51:59.0038 1748 TrustedInstaller - ok
08:51:59.0101 1748 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:51:59.0163 1748 tssecsrv - ok
08:51:59.0210 1748 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:51:59.0241 1748 TsUsbFlt - ok
08:51:59.0319 1748 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:51:59.0366 1748 tunnel - ok
08:51:59.0382 1748 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:51:59.0397 1748 uagp35 - ok
08:51:59.0444 1748 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:51:59.0506 1748 udfs - ok
08:51:59.0538 1748 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:51:59.0553 1748 UI0Detect - ok
08:51:59.0569 1748 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:51:59.0584 1748 uliagpkx - ok
08:51:59.0631 1748 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:51:59.0662 1748 umbus - ok
08:51:59.0694 1748 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:51:59.0725 1748 UmPass - ok
08:51:59.0772 1748 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:51:59.0834 1748 upnphost - ok
08:51:59.0896 1748 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:51:59.0912 1748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
08:51:59.0912 1748 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
08:51:59.0943 1748 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:51:59.0974 1748 usbccgp - ok
08:52:00.0006 1748 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:52:00.0021 1748 usbcir - ok
08:52:00.0037 1748 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:52:00.0068 1748 usbehci - ok
08:52:00.0115 1748 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:52:00.0162 1748 usbhub - ok
08:52:00.0193 1748 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:52:00.0208 1748 usbohci - ok
08:52:00.0240 1748 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:52:00.0271 1748 usbprint - ok
08:52:00.0302 1748 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:52:00.0333 1748 usbscan - ok
08:52:00.0364 1748 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:00.0396 1748 USBSTOR - ok
08:52:00.0411 1748 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:52:00.0442 1748 usbuhci - ok
08:52:00.0489 1748 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:52:00.0505 1748 usbvideo - ok
08:52:00.0552 1748 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:52:00.0614 1748 UxSms - ok
08:52:00.0645 1748 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:52:00.0661 1748 VaultSvc - ok
08:52:00.0676 1748 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:52:00.0692 1748 vdrvroot - ok
08:52:00.0754 1748 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:52:00.0817 1748 vds - ok
08:52:00.0832 1748 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:00.0848 1748 vga - ok
08:52:00.0864 1748 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:52:00.0926 1748 VgaSave - ok
08:52:00.0973 1748 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:52:00.0988 1748 vhdmp - ok
08:52:01.0004 1748 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:52:01.0020 1748 viaide - ok
08:52:01.0035 1748 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:52:01.0051 1748 volmgr - ok
08:52:01.0113 1748 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:52:01.0129 1748 volmgrx - ok
08:52:01.0160 1748 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:52:01.0176 1748 volsnap - ok
08:52:01.0207 1748 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:52:01.0222 1748 vsmraid - ok
08:52:01.0285 1748 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:52:01.0363 1748 VSS - ok
08:52:01.0503 1748 [ 10B2E2FCA707501600D1DEAB1B71F699 ] vToolbarUpdater15.0.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
08:52:01.0534 1748 vToolbarUpdater15.0.0 - ok
08:52:01.0566 1748 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:52:01.0597 1748 vwifibus - ok
08:52:01.0628 1748 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:52:01.0675 1748 vwififlt - ok
08:52:01.0706 1748 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:52:01.0722 1748 vwifimp - ok
08:52:01.0753 1748 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:52:01.0831 1748 W32Time - ok
08:52:01.0846 1748 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:52:01.0878 1748 WacomPen - ok
08:52:01.0956 1748 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:52:02.0018 1748 WANARP - ok
08:52:02.0018 1748 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:52:02.0049 1748 Wanarpv6 - ok
08:52:02.0127 1748 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:52:02.0174 1748 WatAdminSvc - ok
08:52:02.0252 1748 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:52:02.0299 1748 wbengine - ok
08:52:02.0330 1748 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:52:02.0346 1748 WbioSrvc - ok
08:52:02.0361 1748 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:52:02.0408 1748 wcncsvc - ok
08:52:02.0439 1748 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:52:02.0470 1748 WcsPlugInService - ok
08:52:02.0502 1748 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:52:02.0517 1748 Wd - ok
08:52:02.0580 1748 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
08:52:02.0580 1748 WDC_SAM - ok
08:52:02.0642 1748 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:52:02.0689 1748 Wdf01000 - ok
08:52:02.0704 1748 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:52:02.0751 1748 WdiServiceHost - ok
08:52:02.0751 1748 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:52:02.0767 1748 WdiSystemHost - ok
08:52:02.0798 1748 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:52:02.0845 1748 WebClient - ok
08:52:02.0876 1748 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:52:02.0938 1748 Wecsvc - ok
08:52:02.0970 1748 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:52:03.0032 1748 wercplsupport - ok
08:52:03.0063 1748 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:52:03.0126 1748 WerSvc - ok
08:52:03.0172 1748 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:52:03.0204 1748 WfpLwf - ok
08:52:03.0219 1748 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:52:03.0235 1748 WIMMount - ok
08:52:03.0282 1748 WinDefend - ok
08:52:03.0297 1748 WinHttpAutoProxySvc - ok
08:52:03.0344 1748 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:52:03.0391 1748 Winmgmt - ok
08:52:03.0469 1748 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:52:03.0578 1748 WinRM - ok
08:52:03.0687 1748 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:52:03.0718 1748 WinUsb - ok
08:52:03.0765 1748 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:52:03.0812 1748 Wlansvc - ok
08:52:03.0828 1748 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:52:03.0843 1748 WmiAcpi - ok
08:52:03.0874 1748 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:52:03.0906 1748 wmiApSrv - ok
08:52:03.0968 1748 WMPNetworkSvc - ok
08:52:03.0968 1748 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:52:03.0984 1748 WPCSvc - ok
08:52:04.0046 1748 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:52:04.0062 1748 WPDBusEnum - ok
08:52:04.0077 1748 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:52:04.0108 1748 ws2ifsl - ok
08:52:04.0140 1748 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:52:04.0171 1748 wscsvc - ok
08:52:04.0186 1748 WSearch - ok
08:52:04.0233 1748 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:52:04.0249 1748 WudfPf - ok
08:52:04.0296 1748 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:04.0311 1748 WUDFRd - ok
08:52:04.0327 1748 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:52:04.0374 1748 wudfsvc - ok
08:52:04.0420 1748 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:52:04.0467 1748 WwanSvc - ok
08:52:04.0514 1748 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:52:04.0561 1748 yukonw7 - ok
08:52:04.0608 1748 ================ Scan global ===============================
08:52:04.0623 1748 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:52:04.0686 1748 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:52:04.0686 1748 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:52:04.0732 1748 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:52:04.0764 1748 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:52:04.0764 1748 [Global] - ok
08:52:04.0764 1748 ================ Scan MBR ==================================
08:52:04.0779 1748 [ 5B203607700597191E68678869AA80E4 ] \Device\Harddisk0\DR0
08:52:05.0169 1748 \Device\Harddisk0\DR0 - ok
08:52:05.0169 1748 ================ Scan VBR ==================================
08:52:05.0185 1748 [ 6E99A4A726704879D3ED19C8271EF62B ] \Device\Harddisk0\DR0\Partition1
08:52:05.0185 1748 \Device\Harddisk0\DR0\Partition1 - ok
08:52:05.0200 1748 [ 208F458B6AF7C7827977CD4E2159C339 ] \Device\Harddisk0\DR0\Partition2
08:52:05.0216 1748 \Device\Harddisk0\DR0\Partition2 - ok
08:52:05.0263 1748 [ 75B36AEA690AA777FA80F2B22AA4F33C ] \Device\Harddisk0\DR0\Partition3
08:52:05.0263 1748 \Device\Harddisk0\DR0\Partition3 - ok
08:52:05.0278 1748 [ 081FC4D0C147FB4733291C7CC8A38FD9 ] \Device\Harddisk0\DR0\Partition4
08:52:05.0278 1748 \Device\Harddisk0\DR0\Partition4 - ok
08:52:05.0278 1748 ============================================================
08:52:05.0278 1748 Scan finished
08:52:05.0278 1748 ============================================================
08:52:05.0294 1008 Detected object count: 5
08:52:05.0294 1008 Actual detected object count: 5
08:54:05.0071 1008 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:54:05.0071 1008 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:54:05.0071 1008 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
08:54:05.0071 1008 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:54:05.0087 1008 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:54:05.0087 1008 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:54:05.0102 1008 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:54:05.0102 1008 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:54:05.0118 1008 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
08:54:05.0118 1008 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip