Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

audio ads play in background


  • Please log in to reply

#1
maxcool

maxcool

    New Member

  • Member
  • Pip
  • 6 posts
Hi all
my computer infected as I been getting audio ads play in background even if I am not doing anything on the computer, I am running windows Vista and Kaspersky IS, please help!

OLT log

OTL logfile created on: 10/8/2013 6:30:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 23.54% Memory free
6.82 Gb Paging File | 5.12 Gb Available in Paging File | 75.07% Paging File free
Paging file location(s): c:\pagefile.sys 5000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.56 Gb Total Space | 53.52 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 15.41 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 18:29:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
PRC - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 08:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 08:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/11 13:44:42 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/05 06:18:24 | 000,087,552 | ---- | M] (WebStroller inc.) -- C:\Users\Joan\AppData\Local\GC\runner.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/21 03:28:31 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2011/12/14 07:47:02 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 07:47:00 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2010/11/17 16:38:50 | 000,628,080 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/12 10:13:01 | 000,832,872 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/05/12 10:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/10 20:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/08/28 20:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 20:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 00:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 12:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/30 22:09:00 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/11 13:44:40 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\httpfilter.dll -- (zpnodecollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125obex.dll -- (z800mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pml.dll -- (WscNetDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elnkservice.dll -- (websenselogserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1080.dll -- (wanatw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctaud2k.dll -- (vusbbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netrcacm.dll -- (vmm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTSBLFX.DLL.dll -- (UWProSys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemap.dll -- (USBDongle)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateApp.dll -- (uiusys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (tdrpman174)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmpu401.dll -- (tcpipBM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetTcpPortSharing.dll -- (steamdvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBAAPL.dll -- (stcagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BUFADPT.dll -- (smcirda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBDevice.dll -- (smartscaps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msfs.dll -- (smapint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TClass2k.dll -- (sisperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (SGHIDI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TdmService.dll -- (serialkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsnpool.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acpiec.dll -- (rtl8029)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atikmdag.dll -- (PSDFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqnicmgmt.dll -- (pfmodnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdbhk5.dll -- (perc2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HidBth.dll -- (pav_security)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\schedule.dll -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w300bus.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\actser.dll -- (OEM02Dev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SndTDriverV32.dll -- (NWSAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\steamdvr.dll -- (nv4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DivisCTP.dll -- (NIPALK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (netrcacm)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\NEUSBw32.dll -- (NecUsb3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccdsls.dll -- (naveng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TMKEmu.dll -- (mstdc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfrem01.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimtv1.dll -- (MRESP50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117nd5.dll -- (mldserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smcservice.dll -- (merakpop3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XTrapD12.dll -- (lxcr_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (KMW_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssql$pinnaclesys.dll -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avp.dll -- (hotspotshieldservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\b57w2k.dll -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ni_nic.dll -- (ftdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\klif.dll -- (EACSvrMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDPSp50.dll -- (de_serv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\palmusbd.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imonitor.dll -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MTsensor.dll -- (cnxtdiag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (cisvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intelide.dll -- (cdudf_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (bufserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmgmt.dll -- (BcmSqlStartupSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcmcia.dll -- (BCMModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssDrv.dll -- (awlegacy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cobbmservice.dll -- (As6frin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cardex.dll -- (akshhl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cisvc.dll -- (aha154x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (aec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\freesshdservice.dll -- (abp480n5)
SRV - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/30 22:09:00 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/19 22:44:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/21 03:28:31 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/10/26 10:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2011/12/14 07:47:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 07:46:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/11/17 16:38:50 | 000,628,080 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/05/12 10:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009/09/08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/29 01:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 15:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/08/28 20:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 20:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 04:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/06/28 12:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 12:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/10 20:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 06:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 06:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 05:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4BDB197-B921-4A61-B553-8BD7F5F75F11}\MpKslab5ff8e8.sys -- (MpKslab5ff8e8)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2013/06/18 05:54:53 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/22 07:44:33 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/04/22 07:44:33 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/03/07 13:25:48 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/10/25 18:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/10/25 18:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/04 10:39:06 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV - [2012/08/02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2011/10/20 12:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/17 16:12:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/03/12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/02/26 23:49:18 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/09/19 17:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 08:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 23:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/23 14:45:58 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/06/08 08:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 08:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/15 11:14:24 | 001,472,768 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0536541C-BFBB-4A68-A4F8-5D39EDB7D65D}: "URL" = http://search.aol.co...onType=sny_ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://rover.ebay.com/rover/1/711- [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "4shared.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...01814516671125"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.arccosine.../search.php?q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Joan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/07/04 17:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/30 22:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/30 22:08:46 | 000,000,000 | ---D | M]

[2011/11/27 03:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Extensions
[2013/10/01 18:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\extensions
[2013/07/30 19:07:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 18:37:16 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/03/07 02:00:22 | 000,000,981 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\searchplugins\conduit.xml
[2013/09/30 22:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/30 22:09:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2233703
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Vuaudix = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\
CHR - Extension: AdBlock = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: AdBlock = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Safe Money = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Wajam = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2012/09/14 15:39:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: umassmemorial.org ([umassvdi] https in Trusted sites)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mrmcweb.org/...svrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://mrmcweb.org/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676693C7-D67B-4A68-B3A6-B36FB0B434DC}: DhcpNameServer = 216.195.0.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188}: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD50A76B-EC61-4035-8AB4-8FDB5850BC27}: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 18:29:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
[2013/10/07 22:28:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Joan\Desktop\dds.scr
[2013/10/07 22:27:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Joan\Desktop\HijackThis.exe
[2013/10/07 22:10:14 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
[2013/10/07 21:56:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/07 21:55:29 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joan\Desktop\mbam-setup.exe
[2013/10/07 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\GC
[2013/10/07 16:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/10/04 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2013/10/03 21:25:07 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\iPumper
[2013/09/30 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/28 12:31:44 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\intro to health care
[2013/09/20 00:10:14 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\PubHlth 540
[2013/09/18 18:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/18 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/18 18:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/13 17:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
[2013/09/13 17:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\R
[2013/09/09 22:45:23 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Absolute Uninstaller
[2013/09/09 22:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFBinder
[2013/09/09 22:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\PDFBinder
[2013/09/09 22:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 3
[3 C:\Users\Joan\Desktop\*.tmp files -> C:\Users\Joan\Desktop\*.tmp -> ]
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 18:29:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
[2013/10/08 18:22:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 18:21:02 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Joan.job
[2013/10/08 18:13:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/08 18:13:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 18:13:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 18:13:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/08 18:13:22 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/08 17:44:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 22:38:44 | 280,635,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/07 22:33:58 | 000,377,856 | ---- | M] () -- C:\Users\Joan\Desktop\dwet1u6t.exe
[2013/10/07 22:28:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Joan\Desktop\dds.scr
[2013/10/07 22:27:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joan\Desktop\HijackThis.exe
[2013/10/07 22:10:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
[2013/10/07 21:55:56 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joan\Desktop\mbam-setup.exe
[2013/10/07 21:55:54 | 001,045,226 | ---- | M] () -- C:\Users\Joan\Desktop\adwcleaner.exe
[2013/10/05 03:32:35 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/02 17:23:29 | 000,070,652 | ---- | M] () -- C:\Users\Joan\Desktop\probability_review_solutions.pdf
[2013/09/30 23:37:17 | 000,115,905 | ---- | M] () -- C:\test.xml
[2013/09/28 17:45:08 | 000,118,599 | ---- | M] () -- C:\Users\Joan\Desktop\Untitled.jpg
[2013/09/19 22:34:03 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/19 22:34:03 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/18 18:42:35 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 22:08:29 | 000,373,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\Users\Joan\Desktop\*.tmp files -> C:\Users\Joan\Desktop\*.tmp -> ]
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/07 22:32:29 | 000,377,856 | ---- | C] () -- C:\Users\Joan\Desktop\dwet1u6t.exe
[2013/10/07 21:55:48 | 001,045,226 | ---- | C] () -- C:\Users\Joan\Desktop\adwcleaner.exe
[2013/10/02 17:23:29 | 000,070,652 | ---- | C] () -- C:\Users\Joan\Desktop\probability_review_solutions.pdf
[2013/09/28 17:45:07 | 000,118,599 | ---- | C] () -- C:\Users\Joan\Desktop\Untitled.jpg
[2013/09/18 18:42:35 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/05 06:51:58 | 000,048,402 | -HS- | C] () -- C:\Users\Joan\AppData\Local\ws_updater.exe
[2012/11/17 21:12:50 | 000,001,100 | ---- | C] () -- C:\Users\Joan\AppData\Local\d3d8caps.dat
[2012/08/04 10:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2012/08/04 10:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2012/06/09 15:26:43 | 000,160,796 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/06/04 22:02:26 | 000,017,408 | ---- | C] () -- C:\Users\Joan\AppData\Local\WebpageIcons.db
[2012/03/11 15:01:21 | 000,115,686 | ---- | C] () -- C:\Windows\System32\itldvupd.dat
[2012/03/11 15:01:21 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/02/17 17:21:42 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/02/17 17:21:42 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/02/17 17:20:59 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2012/02/17 17:20:59 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2012/02/17 17:20:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll
[2012/02/17 17:20:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2012/02/17 17:20:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2012/02/17 17:20:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2012/02/08 00:30:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/02/04 20:39:06 | 000,002,487 | ---- | C] () -- C:\Users\Joan\Skype.lnk
[2012/01/16 00:11:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/08 12:05:47 | 000,009,728 | ---- | C] () -- C:\Users\Joan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 17:46:14 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2011/12/17 17:45:14 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2011/12/08 17:43:42 | 000,001,356 | ---- | C] () -- C:\Users\Joan\AppData\Local\d3d9caps.dat
[2011/11/27 04:45:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/27 04:45:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/27 03:51:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/11/27 03:26:13 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2011/11/27 03:25:02 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2011/11/27 02:48:21 | 000,000,104 | ---- | C] () -- C:\Users\Joan\Computer - Shortcut.lnk
[2011/11/27 01:35:09 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/07 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\ABSoft
[2013/09/09 22:45:23 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Absolute Uninstaller
[2013/03/31 14:17:31 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Auslogics
[2013/05/18 17:17:30 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\BitTorrent
[2013/09/08 12:48:07 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Canon
[2013/04/04 11:09:10 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/11 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Copyright © 2011-2012 RealNetworks
[2012/07/08 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Crayon Physics Deluxe
[2013/03/07 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\DAEMON Tools Lite
[2013/09/08 00:39:04 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\ExpressFiles
[2012/03/11 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\GetRightToGo
[2013/10/08 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\GlarySoft
[2011/11/27 03:35:58 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\ICAClient
[2011/12/11 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\iolo
[2013/10/05 00:54:27 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\iPumper
[2011/12/10 12:09:56 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Juniper Networks
[2013/06/18 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Kingsoft
[2013/09/07 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Leawo
[2012/09/12 16:14:53 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Localphone
[2012/03/17 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\PC Cleaners
[2012/03/17 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\PCPro
[2013/04/16 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\PDAppFlex
[2012/03/11 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\rinsebyreal
[2013/01/28 16:57:00 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Spotify
[2013/06/12 03:29:37 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\TeamViewer
[2013/09/07 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\tiger-k
[2011/11/27 19:06:07 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Please download Security Check by screen317 from here. BleepingComputer allows ads which mimic the download so be careful that you click on the Download Now @BleepingComputer button and not some adware's Download button
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

Ron
  • 0

#3
maxcool

maxcool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi thanks for the help, please can you tell me what is the problem (what virus?)? by the way there is program name ( GC ) it install it self automatically even if I uninstall it

here are the logs

AdwCleaner
# AdwCleaner v3.006 - Report created 08/10/2013 at 21:01:49
# Updated 01/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Joan - JOAN-PC
# Running from : C:\Users\Joan\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****



***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vaudix
Folder Deleted : C:\Users\Joan\AppData\Local\Conduit
Folder Deleted : C:\Users\Joan\AppData\Local\Wajam
Folder Deleted : C:\Users\Joan\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Joan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joan\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
File Deleted : C:\END
File Deleted : C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\prefs.js ]

Line Deleted : user_pref("CT2233703_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362676969730,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13&CUI=UN79901814516671125");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "4shared.com Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=2&CUI=UN79901814516671125&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=be2f80f8-400e-47a8-ab14-48ce2ddab21d&searchtype=ds&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2233703");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultthis.engineName", "4shared.com Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}&CUI=UN79901814516671125");
Line Deleted : user_pref("extensions.519ffdd9ec75d.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.crossrider.bic", "13be3e92a85e99eae24ad5ea9aa1ab81");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT2233703");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [1134 octets] - [07/10/2013 21:56:18]
AdwCleaner[R1].txt - [7596 octets] - [08/10/2013 21:00:47]
AdwCleaner[S0].txt - [6706 octets] - [08/10/2013 21:01:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6766 octets] ##########


JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Joan on Tue 10/08/2013 at 21:10:35.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0536541C-BFBB-4A68-A4F8-5D39EDB7D65D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Joan\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Joan\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\Joan\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files\software informer"
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{040C68ED-B1F3-485C-8F8F-A384210C09C5}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{0453FC78-90AB-4558-BB09-23F6E39CAC2A}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{09CE8162-20CA-4481-BDF9-50D6D88643C4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{09E980EB-F301-41DA-9025-74D615475F9D}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{0C0012D4-4B75-4AC1-8281-53420D45F0D6}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{0C23CAF9-AD89-40F8-AE5F-93E80CE6A9A9}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{0FFA2145-5348-47BA-9C4B-5E8EAE8FA9EE}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{12DB91FE-ACBB-4F0A-87B3-70D447F0B132}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{134AEBBB-D71D-4683-8D04-EF97C0F3299B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{15F0EA99-368B-4257-A328-9E57403EB376}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{15FD6735-B8B2-4292-A737-205E43B2161E}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{16334AE1-A6E9-405A-B316-412693918295}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{17EF0CF2-478D-470C-B2D1-F99BB514A52D}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{1909B4BA-E94C-4787-A375-D28C2CE81A48}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{19207B18-22A7-4692-9A61-495FB07A2F46}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{1A0742C8-371E-4923-B444-48E879A956AB}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{1B43414A-78AC-41E3-92C6-EB713A6BC646}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{2D25EA4B-A1F2-4EE3-B5DC-3F29E147912A}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{3097BA36-D43D-485B-A580-45B5EDE975DF}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{31E7AD29-E51E-4A94-B273-DBE7B820F948}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{33929F37-34F5-4894-A2E8-3AE92423991B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{363477E8-F5D0-4BE3-9511-65D332EE141B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{3A882256-3040-4649-AF89-79DC8227E5C4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{3BDED41C-A5DB-45D7-8576-52C3C1135FDA}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{3CA0C7AE-055A-4261-B285-3A3B969CEEB3}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{3D296E03-9F8A-4A6E-9F7E-4847B64F0A9E}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{40AA0A3B-3742-4765-B06B-4B230CB5F573}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{44D6E3E6-09F6-4D87-8952-62DB0D6293C0}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{45EA8E51-85A3-4754-9A5A-247C8E036ECB}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{4AC61341-5C83-4B5C-965A-B68A604EA921}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{4C43CB07-0C0F-45C9-ADD7-3CAD6E371402}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{4DC0F6CB-06F3-4B82-B914-1D8C29424CE4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{4DD97F6F-1DAF-4734-A22E-A1B41F90129F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{50DC6991-CF3E-4BBF-ADC9-574E4A74D53F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{5B4479FB-D65B-4832-BA7C-5AC001FAEC27}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{5DCDD508-7988-4D8B-A719-2E093F5D4A7B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{67670D9F-7CCD-412A-A567-32120CE67263}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{677F43B3-59D9-4E41-9227-75A78653B37C}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{6994AABC-76AD-490A-AEE1-2058F28BC567}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{7079757F-E33E-4DC7-8021-B3FEC24D5E1E}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{71BE955B-C583-4AFA-9C91-77B465DAB065}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{720212E8-363A-4075-B3F7-6FD9471C97CD}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{72C35B44-4C79-4F35-9E32-057DC5D8E3F2}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{7640C0A5-B48C-4059-94E6-A39FC4EA231F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{76534F56-6DC3-4F55-AC8B-D8AF835AA306}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{79D17B51-ED6F-4625-999A-96C617F2D8D8}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{7F34ED5E-2F13-4885-AB91-23C663076216}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{8052E632-5760-4FC6-8FA8-E5AF7EE68084}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{808AB15D-8317-41BD-9993-F02B6B5B4658}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{843538B9-78F1-4C48-8037-A7F805D9DBA3}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{85B6A97E-E6F0-43DD-8E80-F17D4791BFF1}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{8697B1E5-2772-489F-AB17-A3A426312BD2}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{8837A100-4E93-4E48-A42E-22D09839500F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{8EEA9AA9-935F-418F-82F5-0116A736607B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{9497D72B-94ED-4DEA-8C1A-7EE829FE6332}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{99625307-BF40-4F1A-957C-A63A4FCAE1FA}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{9EB209DF-4BBE-404E-9398-1352FF2ED9F7}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{A784F2DB-B8D8-403C-BC7C-F5189445C401}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{A8AF9DD9-C130-4E6F-8DCD-EB6D4F369FEE}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{A8DC9DFF-2762-4443-8A60-4D5252E22DF3}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{A8F795C0-69E0-4C48-A0B1-2B00A33CA518}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{A98E0E3C-6378-4730-9EAD-481840C60F2B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{AC2DA288-6A4B-45F1-A474-80A29F3491E4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{ACD77E63-8239-40F4-BA0C-2C0C1CB79F19}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{B8196C25-B87B-478B-ADC4-87A50AFF8DB4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{B9C9369C-3C0E-40C0-9731-6092E94ED88D}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{BB3A4712-B060-49BE-83B3-0D876754E3A8}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{BC668FFA-F093-4819-A18D-2C4DB10D140A}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{BE4F474F-1DB4-4107-BAC3-AF8E650971E4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{C2A56C90-EAFE-4256-8F41-264727FED64B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{C4347788-610B-45FD-BD34-B10BFA8727C9}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{C989C6F8-F6FD-4B9E-AA22-2EAF4B5D1C93}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{CBCAB821-B161-41DD-938C-E0543DAE272C}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{D3D5AA1D-AA38-49DD-8A0A-E846CC0BAC8B}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{D77EDFB7-74A7-4BF1-9EC8-1F8B3EF9CCB1}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{D7F6D618-AE35-439A-AD35-4CB5AEF2D12F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{D8F0286B-B02E-4B5F-A722-A8A1BA91F1AE}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DAAD286F-C72E-4357-AF8D-11B4E4E466CB}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DADF8AE4-FC41-4BDD-ADA3-EF0F90035298}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DBBD54BE-1DF2-4DC0-9D08-7EC286590161}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DDF1CE1D-F57D-47C4-815C-3B3C57EFC4F0}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DE09DBDE-7189-49AA-81CE-77067D8B86D3}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DE0B8D4A-E668-4137-AB24-844DC74E3369}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{DEEBCAC4-ECA1-4EF1-B93F-842F3C9A97FD}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{E34EB5C2-EC2F-4402-AA2E-D5D43D55563A}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{E3DF6F0E-E9E5-432D-9BBF-E3B3F2BF1835}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{EABC4B64-B851-4DE3-8019-AB6345F8F901}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{EC4750FB-B44A-4FF8-B2A5-C416A78DAAC3}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{ED35CA95-055D-401D-8B99-594AA4E36141}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{EF832E9B-6C41-4C45-9BCB-168818718E55}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F3C0EAD9-091A-4ADE-BB5C-FE11AE1F83F0}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F3E252B4-0A14-456A-A37A-191F1FAD4BBA}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F53928A6-6DD6-4309-8E91-71B38A29D266}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F53B8555-25A3-4876-8A51-30C7F83460EE}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F860494E-F498-44E3-98A0-DE73E08F405F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F8639041-68AC-441A-9DC3-8FEF8CDAA8B4}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{F8E517D0-20FC-4A03-9ED1-9FDEB2BAEC6F}
Successfully deleted: [Empty Folder] C:\Users\Joan\appdata\local\{FA3A3AB6-4489-47E5-BD33-42A9C5AE5F8C}



~~~ FireFox

Emptied folder: C:\Users\Joan\AppData\Roaming\mozilla\firefox\profiles\5dwvji7k.default\minidumps [446 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Joan\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/08/2013 at 21:14:22.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR.exe log


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-08 21:16:16
-----------------------------
21:16:16.584 OS Version: Windows 6.0.6002 Service Pack 2
21:16:16.584 Number of processors: 2 586 0xF0D
21:16:16.585 ComputerName: JOAN-PC UserName: Joan
21:16:19.018 Initialize success
21:19:12.185 AVAST engine defs: 13100800
21:21:00.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:21:00.483 Disk 0 Vendor: TOSHIBA_ LB01 Size: 190782MB BusType: 3
21:21:00.483 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
21:21:00.483 Disk 1 Vendor: ( Size: 190782MB BusType: 0
21:21:00.499 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
21:21:00.499 Disk 2 Vendor: ( Size: 190782MB BusType: 0
21:21:00.717 Disk 0 MBR read successfully
21:21:00.717 Disk 0 MBR scan
21:21:00.780 Disk 0 Windows VISTA default MBR code
21:21:00.795 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8110 MB offset 2048
21:21:00.826 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 132669 MB offset 16611328
21:21:00.858 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 49999 MB offset 288319488
21:21:00.858 Disk 0 scanning sectors +390717440
21:21:01.076 Disk 0 scanning C:\Windows\system32\drivers
21:21:21.980 Service scanning
21:21:37.363 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
21:21:37.675 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
21:21:37.721 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
21:21:37.768 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:21:37.815 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
21:21:37.955 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
21:22:11.761 Modules scanning
21:22:43.195 AVAST engine scan C:\Windows
21:22:46.751 AVAST engine scan C:\Windows\system32
21:26:40.024 AVAST engine scan C:\Windows\system32\drivers
21:26:56.225 AVAST engine scan C:\Users\Joan
22:04:40.269 File: C:\Users\Joan\AppData\Local\temp\tmpF797.tmp.exe **HIDDEN**
22:04:58.362 AVAST engine scan C:\ProgramData
22:12:42.477 Scan finished successfully
22:16:07.949 Disk 0 MBR has been saved successfully to "C:\Users\Joan\Desktop\MBR.dat"
22:16:07.996 The log file has been saved successfully to "C:\Users\Joan\Desktop\aswMBR.txt"

FRST log


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Joan (administrator) on JOAN-PC on 08-10-2013 22:17:28
Running from C:\Users\Joan\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
() C:\Windows\system32\PSIService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Users\Joan\Desktop\aswmbr.exe
(WebStroller inc.) C:\Users\Joan\AppData\Local\GC\Runner.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\OneClick.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TUDefragBackend32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(WebStroller) C:\Users\Joan\AppData\Local\GC\Clicker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-09-01] (Realtek Semiconductor)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-21] (Kaspersky Lab ZAO)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://rover.ebay.co...52013-16445-0/4
http://www.learningc...fers/index.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0536541C-BFBB-4A68-A4F8-5D39EDB7D65D} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mrmcweb.org/...svrloader32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://mrmcweb.org/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.195.0.131 216.195.0.226 216.195.0.227

FireFox:
========
FF ProfilePath: C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.arccosine.com/search.php?q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Joan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: No Name - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Conduit) - http://www.google.com
CHR DefaultSuggestURL: (Conduit) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Wajam) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Vuaudix) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1
CHR Extension: (AdBlock) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Safe Money) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Joan\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-21] (Kaspersky Lab ZAO)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [5105000 2010-05-12] (DisplayLink Corp.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [628080 2010-11-17] (Juniper Networks)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-11-03] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-15] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2818048 2007-09-23] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-09] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-09] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292128 2007-09-29] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation)
S2 abp480n5; %systemroot%\system32\freesshdservice.dll [x]
S2 aec; %systemroot%\system32\mvserver.dll [x]
S2 aha154x; %systemroot%\system32\cisvc.dll [x]
S2 akshhl; %systemroot%\system32\Cardex.dll [x]
S2 As6frin; %systemroot%\system32\cobbmservice.dll [x]
S2 awlegacy; %systemroot%\system32\HssDrv.dll [x]
S2 BCMModem; %systemroot%\system32\pcmcia.dll [x]
S2 BcmSqlStartupSvc; %systemroot%\system32\SE2Dmgmt.dll [x]
S2 bufserv; %systemroot%\system32\emclisrv.dll [x]
S2 cdudf_xp; %systemroot%\system32\intelide.dll [x]
S2 cisvc; %systemroot%\system32\ccflic0.dll [x]
S2 cnxtdiag; %systemroot%\system32\MTsensor.dll [x]
S2 cwafreportscheduler; %systemroot%\system32\imonitor.dll [x]
S2 DCamUSBSQTECH; %systemroot%\system32\palmusbd.dll [x]
S2 de_serv; %systemroot%\system32\ZDPSp50.dll [x]
S2 EACSvrMngr; %systemroot%\system32\klif.dll [x]
S2 ftdisk; %systemroot%\system32\ni_nic.dll [x]
S2 hnmsvc; %systemroot%\system32\b57w2k.dll [x]
S2 hotspotshieldservice; %systemroot%\system32\avp.dll [x]
S2 KLOGNT; %systemroot%\system32\mssql$pinnaclesys.dll [x]
S2 KMW_USB; %systemroot%\system32\WinDriver6.dll [x]
S2 lxcr_device; %systemroot%\system32\XTrapD12.dll [x]
S2 merakpop3; %systemroot%\system32\smcservice.dll [x]
S2 mldserv; %systemroot%\system32\s117nd5.dll [x]
S2 MRESP50; %systemroot%\system32\iaimtv1.dll [x]
S2 mrobeservice; %systemroot%\system32\sfrem01.dll [x]
S2 mstdc; %systemroot%\system32\TMKEmu.dll [x]
S2 naveng; %systemroot%\system32\wmccdsls.dll [x]
S2 NecUsb3; C:\Windows\system32\NEUSBw32.dll [x]
S2 netrcacm; %systemroot%\system32\Epfwndis.dll [x]
S2 NIPALK; %systemroot%\system32\DivisCTP.dll [x]
S2 nv4; %systemroot%\system32\steamdvr.dll [x]
S2 NWSAP; %systemroot%\system32\SndTDriverV32.dll [x]
S2 OEM02Dev; %systemroot%\system32\actser.dll [x]
S2 ofcpfwsvc; %systemroot%\system32\w300bus.dll [x]
S2 oracle_load_balancer_60_client-forms6ip9; %systemroot%\system32\schedule.dll [x]
S2 pav_security; %systemroot%\system32\HidBth.dll [x]
S2 perc2; %systemroot%\system32\sscdbhk5.dll [x]
S2 pfmodnt; %systemroot%\system32\cpqnicmgmt.dll [x]
S2 PSDFilter; %systemroot%\system32\atikmdag.dll [x]
S2 rtl8029; %systemroot%\system32\acpiec.dll [x]
S2 s116unic; %systemroot%\system32\tfsnpool.dll [x]
S2 serialkeys; %systemroot%\system32\TdmService.dll [x]
S2 SGHIDI; %systemroot%\system32\tversitymediaserver.dll [x]
S2 sisperf; %systemroot%\system32\TClass2k.dll [x]
S2 smapint; %systemroot%\system32\msfs.dll [x]
S2 smartscaps; %systemroot%\system32\GBDevice.dll [x]
S2 smcirda; %systemroot%\system32\BUFADPT.dll [x]
S2 stcagent; %systemroot%\system32\USBAAPL.dll [x]
S2 steamdvr; %systemroot%\system32\NetTcpPortSharing.dll [x]
S2 tcpipBM; %systemroot%\system32\nvmpu401.dll [x]
S2 tdrpman174; %systemroot%\system32\emAudio.dll [x]
S2 uiusys; %systemroot%\system32\iPassPeriodicUpdateApp.dll [x]
S2 USBDongle; %systemroot%\system32\pdlnemap.dll [x]
S2 USIUDF; %systemroot%\system32\MA8032M.dll [x]
S2 UWProSys; %systemroot%\system32\CTSBLFX.DLL.dll [x]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
S2 vmm; %systemroot%\system32\netrcacm.dll [x]
S2 vusbbus; %systemroot%\system32\ctaud2k.dll [x]
S2 wanatw; %systemroot%\system32\ql1080.dll [x]
S2 websenselogserver; %systemroot%\system32\elnkservice.dll [x]
S2 WscNetDr; %systemroot%\system32\pml.dll [x]
S2 z800mgmt; %systemroot%\system32\s125obex.dll [x]
S2 zpnodecollector; %systemroot%\system32\httpfilter.dll [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.3.24903.0.sys [21888 2012-08-04] (http://libusb-win32.sourceforge.net)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-11-17] (Juniper Networks)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-18] (Kaspersky Lab ZAO)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-22] (Kaspersky Lab ZAO)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-03-07] (Duplex Secure Ltd.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-10-20] (TuneUp Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-15] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 dlkmd; \SystemRoot\system32\drivers\dlkmd.sys [x]
S0 dlkmdldr; system32\drivers\dlkmdldr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-04-22] (Kaspersky Lab ZAO)
S1 MpKslab5ff8e8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4BDB197-B921-4A61-B553-8BD7F5F75F11}\MpKslab5ff8e8.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [x]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]
U3 aswMBR; \??\C:\Users\Joan\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: uiusys -> C:\Windows\system32\iPassPeriodicUpdateApp.dll ==> No File.
NETSVC: vmm -> C:\Windows\system32\netrcacm.dll ==> No File.
NETSVC: BcmSqlStartupSvc -> C:\Windows\system32\SE2Dmgmt.dll ==> No File.
NETSVC: DCamUSBSQTECH -> C:\Windows\system32\palmusbd.dll ==> No File.
NETSVC: KLOGNT -> C:\Windows\system32\mssql$pinnaclesys.dll ==> No File.
NETSVC: aha154x -> C:\Windows\system32\cisvc.dll ==> No File.
NETSVC: netrcacm -> C:\Windows\system32\Epfwndis.dll ==> No File.
NETSVC: smartscaps -> C:\Windows\system32\GBDevice.dll ==> No File.
NETSVC: de_serv -> C:\Windows\system32\ZDPSp50.dll ==> No File.
NETSVC: abp480n5 -> C:\Windows\system32\freesshdservice.dll ==> No File.
NETSVC: bufserv -> C:\Windows\system32\emclisrv.dll ==> No File.
NETSVC: ofcpfwsvc -> C:\Windows\system32\w300bus.dll ==> No File.
NETSVC: nv4 -> C:\Windows\system32\steamdvr.dll ==> No File.
NETSVC: zpnodecollector -> C:\Windows\system32\httpfilter.dll ==> No File.
NETSVC: lxcr_device -> C:\Windows\system32\XTrapD12.dll ==> No File.
NETSVC: tdrpman174 -> C:\Windows\system32\emAudio.dll ==> No File.
NETSVC: OEM02Dev -> C:\Windows\system32\actser.dll ==> No File.
NETSVC: BCMModem -> C:\Windows\system32\pcmcia.dll ==> No File.
NETSVC: hotspotshieldservice -> C:\Windows\system32\avp.dll ==> No File.
NETSVC: serialkeys -> C:\Windows\system32\TdmService.dll ==> No File.
NETSVC: cisvc -> C:\Windows\system32\ccflic0.dll ==> No File.
NETSVC: vusbbus -> C:\Windows\system32\ctaud2k.dll ==> No File.
NETSVC: perc2 -> C:\Windows\system32\sscdbhk5.dll ==> No File.
NETSVC: awlegacy -> C:\Windows\system32\HssDrv.dll ==> No File.
NETSVC: aec -> C:\Windows\system32\mvserver.dll ==> No File.
NETSVC: cdudf_xp -> C:\Windows\system32\intelide.dll ==> No File.
NETSVC: tcpipBM -> C:\Windows\system32\nvmpu401.dll ==> No File.
NETSVC: pav_security -> C:\Windows\system32\HidBth.dll ==> No File.
NETSVC: WscNetDr -> C:\Windows\system32\pml.dll ==> No File.
NETSVC: stcagent -> C:\Windows\system32\USBAAPL.dll ==> No File.
NETSVC: lbtserv -> No Registry Path.
NETSVC: SE2Cmgmt -> No Registry Path.
NETSVC: procmon10 -> No Registry Path.
NETSVC: akshhl -> C:\Windows\system32\Cardex.dll ==> No File.
NETSVC: s116unic -> C:\Windows\system32\tfsnpool.dll ==> No File.
NETSVC: smapint -> C:\Windows\system32\msfs.dll ==> No File.
NETSVC: sisperf -> C:\Windows\system32\TClass2k.dll ==> No File.
NETSVC: SGHIDI -> C:\Windows\system32\tversitymediaserver.dll ==> No File.
NETSVC: mstdc -> C:\Windows\system32\TMKEmu.dll ==> No File.
NETSVC: USIUDF -> C:\Windows\system32\MA8032M.dll ==> No File.
NETSVC: EACSvrMngr -> C:\Windows\system32\klif.dll ==> No File.
NETSVC: pfmodnt -> C:\Windows\system32\cpqnicmgmt.dll ==> No File.
NETSVC: PSDFilter -> C:\Windows\system32\atikmdag.dll ==> No File.
NETSVC: naveng -> C:\Windows\system32\wmccdsls.dll ==> No File.
NETSVC: z800mgmt -> C:\Windows\system32\s125obex.dll ==> No File.
NETSVC: cnxtdiag -> C:\Windows\system32\MTsensor.dll ==> No File.
NETSVC: As6frin -> C:\Windows\system32\cobbmservice.dll ==> No File.
NETSVC: hnmsvc -> C:\Windows\system32\b57w2k.dll ==> No File.
NETSVC: UWProSys -> C:\Windows\system32\CTSBLFX.DLL.dll ==> No File.
NETSVC: smcirda -> C:\Windows\system32\BUFADPT.dll ==> No File.
NETSVC: rtl8029 -> C:\Windows\system32\acpiec.dll ==> No File.
NETSVC: mldserv -> C:\Windows\system32\s117nd5.dll ==> No File.
NETSVC: NWSAP -> C:\Windows\system32\SndTDriverV32.dll ==> No File.
NETSVC: merakpop3 -> C:\Windows\system32\smcservice.dll ==> No File.
NETSVC: ftdisk -> C:\Windows\system32\ni_nic.dll ==> No File.
NETSVC: oracle_load_balancer_60_client-forms6ip9 -> C:\Windows\system32\schedule.dll ==> No File.
NETSVC: steamdvr -> C:\Windows\system32\NetTcpPortSharing.dll ==> No File.
NETSVC: websenselogserver -> C:\Windows\system32\elnkservice.dll ==> No File.
NETSVC: cwafreportscheduler -> C:\Windows\system32\imonitor.dll ==> No File.
NETSVC: wanatw -> C:\Windows\system32\ql1080.dll ==> No File.
NETSVC: NIPALK -> C:\Windows\system32\DivisCTP.dll ==> No File.
NETSVC: USBDongle -> C:\Windows\system32\pdlnemap.dll ==> No File.
NETSVC: mrobeservice -> C:\Windows\system32\sfrem01.dll ==> No File.
NETSVC: MRESP50 -> C:\Windows\system32\iaimtv1.dll ==> No File.
NETSVC: KMW_USB -> C:\Windows\system32\WinDriver6.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-10-08 22:17 - 2013-10-08 22:18 - 00021929 _____ C:\Users\Joan\Desktop\post.txt
2013-10-08 22:16 - 2013-10-08 22:16 - 00002470 _____ C:\Users\Joan\Desktop\aswMBR.txt
2013-10-08 22:16 - 2013-10-08 22:16 - 00000512 _____ C:\Users\Joan\Desktop\MBR.dat
2013-10-08 22:16 - 2013-10-08 22:16 - 00000000 ____D C:\FRST
2013-10-08 21:24 - 2013-10-08 21:24 - 01087213 _____ (Farbar) C:\Users\Joan\Desktop\FRST.exe
2013-10-08 21:15 - 2013-10-08 21:15 - 04745728 _____ (AVAST Software) C:\Users\Joan\Desktop\aswmbr.exe
2013-10-08 21:14 - 2013-10-08 21:14 - 00012318 _____ C:\Users\Joan\Desktop\JRT.txt
2013-10-08 21:10 - 2013-10-08 21:10 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 21:09 - 2013-10-08 21:09 - 01032220 _____ (Thisisu) C:\Users\Joan\Desktop\JRT.exe
2013-10-08 21:06 - 2013-10-08 21:06 - 00006846 _____ C:\Users\Joan\Desktop\AdwCleaner[S0].txt
2013-10-08 20:58 - 2013-10-08 20:58 - 01045226 _____ C:\Users\Joan\Desktop\AdwCleaner(1).exe
2013-10-08 18:44 - 2013-10-08 18:44 - 00060040 _____ C:\Users\Joan\Desktop\Extras.Txt
2013-10-08 18:42 - 2013-10-08 18:42 - 00124260 _____ C:\Users\Joan\Desktop\OTL.Txt
2013-10-08 18:29 - 2013-10-08 18:29 - 00602112 _____ (OldTimer Tools) C:\Users\Joan\Desktop\OTL.exe
2013-10-08 07:04 - 2013-10-08 07:04 - 00000447 _____ C:\Users\Joan\Desktop\eset.txt
2013-10-08 01:19 - 2013-10-08 01:19 - 00048402 ___SH C:\Users\Joan\AppData\Local\ws_updater.exe
2013-10-07 22:38 - 2013-10-07 22:38 - 00159304 _____ C:\Windows\Minidump\Mini100713-02.dmp
2013-10-07 22:33 - 2013-10-07 22:33 - 00010387 _____ C:\Users\Joan\Desktop\attach.txt
2013-10-07 22:33 - 2013-10-07 22:32 - 00020139 _____ C:\Users\Joan\Desktop\dds.txt
2013-10-07 22:32 - 2013-10-07 22:33 - 00377856 _____ C:\Users\Joan\Desktop\dwet1u6t.exe
2013-10-07 22:28 - 2013-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\Joan\Desktop\dds.scr
2013-10-07 22:28 - 2013-10-07 22:28 - 00014699 _____ C:\Users\Joan\Desktop\hijackthis.log
2013-10-07 22:27 - 2013-10-07 22:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joan\Desktop\HijackThis.exe
2013-10-07 22:10 - 2013-10-07 22:10 - 02347384 _____ (ESET) C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
2013-10-07 21:58 - 2013-10-07 21:58 - 00159304 _____ C:\Windows\Minidump\Mini100713-01.dmp
2013-10-07 21:56 - 2013-10-08 21:01 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:55 - 2013-10-07 21:55 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joan\Desktop\mbam-setup.exe
2013-10-07 21:28 - 2013-10-08 22:13 - 00000000 ____D C:\Users\Joan\AppData\Local\GC
2013-10-07 16:21 - 2013-10-07 16:21 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-10-06 07:24 - 2013-10-06 07:25 - 00159304 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-04 20:22 - 2013-10-08 18:26 - 00000000 ____D C:\Program Files\RAR Password Unlocker
2013-10-03 21:25 - 2013-10-05 00:54 - 00000000 ____D C:\Users\Joan\AppData\Roaming\iPumper
2013-09-30 22:08 - 2013-09-30 22:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 12:31 - 2013-09-28 14:35 - 00000000 ____D C:\Users\Joan\Desktop\intro to health care
2013-09-20 00:10 - 2013-10-07 22:33 - 00000000 ____D C:\Users\Joan\Desktop\PubHlth 540
2013-09-18 18:42 - 2013-09-18 18:42 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-18 18:40 - 2013-09-18 18:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-18 18:40 - 2013-09-18 18:40 - 00000000 ____D C:\Program Files\iPod
2013-09-13 17:52 - 2013-09-13 17:52 - 00000000 ____D C:\Program Files\R
2013-09-11 22:01 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 22:01 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 22:01 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 22:01 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 22:01 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 22:01 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 22:01 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 22:01 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 22:01 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 22:01 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 22:01 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 22:01 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 22:01 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 22:01 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 22:01 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 22:01 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 05:54 - 2013-08-07 21:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 05:54 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\PDFBinder
2013-09-09 22:15 - 2013-10-08 18:19 - 00000075 _____ C:\DiskDefrag.log
2013-09-09 14:05 - 2013-09-20 00:13 - 00000107 _____ C:\Users\Joan\Desktop\hospital bill.txt

==================== One Month Modified Files and Folders =======

2013-10-08 22:18 - 2013-10-08 22:17 - 00021929 _____ C:\Users\Joan\Desktop\post.txt
2013-10-08 22:16 - 2013-10-08 22:16 - 00002470 _____ C:\Users\Joan\Desktop\aswMBR.txt
2013-10-08 22:16 - 2013-10-08 22:16 - 00000512 _____ C:\Users\Joan\Desktop\MBR.dat
2013-10-08 22:16 - 2013-10-08 22:16 - 00000000 ____D C:\FRST
2013-10-08 22:13 - 2013-10-07 21:28 - 00000000 ____D C:\Users\Joan\AppData\Local\GC
2013-10-08 22:07 - 2012-09-15 22:50 - 00000000 ____D C:\Users\Joan\Desktop\Rasstam
2013-10-08 21:54 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 21:44 - 2012-04-08 12:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 21:24 - 2013-10-08 21:24 - 01087213 _____ (Farbar) C:\Users\Joan\Desktop\FRST.exe
2013-10-08 21:22 - 2012-05-27 00:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 21:21 - 2013-06-18 18:26 - 00000360 _____ C:\Windows\Tasks\WpsUpdateTask_Joan.job
2013-10-08 21:21 - 2012-06-04 21:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-08 21:15 - 2013-10-08 21:15 - 04745728 _____ (AVAST Software) C:\Users\Joan\Desktop\aswmbr.exe
2013-10-08 21:14 - 2013-10-08 21:14 - 00012318 _____ C:\Users\Joan\Desktop\JRT.txt
2013-10-08 21:10 - 2013-10-08 21:10 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 21:09 - 2013-10-08 21:09 - 01032220 _____ (Thisisu) C:\Users\Joan\Desktop\JRT.exe
2013-10-08 21:09 - 2011-11-27 03:03 - 01299740 _____ C:\Windows\WindowsUpdate.log
2013-10-08 21:06 - 2013-10-08 21:06 - 00006846 _____ C:\Users\Joan\Desktop\AdwCleaner[S0].txt
2013-10-08 21:06 - 2012-02-04 20:39 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Skype
2013-10-08 21:05 - 2012-05-27 00:32 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 21:05 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 21:05 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 21:05 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 21:03 - 2006-11-02 09:01 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-08 21:01 - 2013-10-07 21:56 - 00000000 ____D C:\AdwCleaner
2013-10-08 20:58 - 2013-10-08 20:58 - 01045226 _____ C:\Users\Joan\Desktop\AdwCleaner(1).exe
2013-10-08 18:57 - 2012-03-17 18:00 - 00059910 _____ C:\Windows\PFRO.log
2013-10-08 18:44 - 2013-10-08 18:44 - 00060040 _____ C:\Users\Joan\Desktop\Extras.Txt
2013-10-08 18:42 - 2013-10-08 18:42 - 00124260 _____ C:\Users\Joan\Desktop\OTL.Txt
2013-10-08 18:29 - 2013-10-08 18:29 - 00602112 _____ (OldTimer Tools) C:\Users\Joan\Desktop\OTL.exe
2013-10-08 18:26 - 2013-10-04 20:22 - 00000000 ____D C:\Program Files\RAR Password Unlocker
2013-10-08 18:19 - 2013-09-09 22:15 - 00000075 _____ C:\DiskDefrag.log
2013-10-08 18:19 - 2013-03-21 17:44 - 00000000 ____D C:\Users\Joan\AppData\Roaming\GlarySoft
2013-10-08 07:04 - 2013-10-08 07:04 - 00000447 _____ C:\Users\Joan\Desktop\eset.txt
2013-10-08 01:19 - 2013-10-08 01:19 - 00048402 ___SH C:\Users\Joan\AppData\Local\ws_updater.exe
2013-10-07 22:38 - 2013-10-07 22:38 - 00159304 _____ C:\Windows\Minidump\Mini100713-02.dmp
2013-10-07 22:38 - 2012-04-13 11:48 - 280635584 _____ C:\Windows\MEMORY.DMP
2013-10-07 22:38 - 2011-11-30 08:31 - 00000000 ____D C:\Windows\Minidump
2013-10-07 22:33 - 2013-10-07 22:33 - 00010387 _____ C:\Users\Joan\Desktop\attach.txt
2013-10-07 22:33 - 2013-10-07 22:32 - 00377856 _____ C:\Users\Joan\Desktop\dwet1u6t.exe
2013-10-07 22:33 - 2013-09-20 00:10 - 00000000 ____D C:\Users\Joan\Desktop\PubHlth 540
2013-10-07 22:32 - 2013-10-07 22:33 - 00020139 _____ C:\Users\Joan\Desktop\dds.txt
2013-10-07 22:28 - 2013-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\Joan\Desktop\dds.scr
2013-10-07 22:28 - 2013-10-07 22:28 - 00014699 _____ C:\Users\Joan\Desktop\hijackthis.log
2013-10-07 22:27 - 2013-10-07 22:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joan\Desktop\HijackThis.exe
2013-10-07 22:10 - 2013-10-07 22:10 - 02347384 _____ (ESET) C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
2013-10-07 21:58 - 2013-10-07 21:58 - 00159304 _____ C:\Windows\Minidump\Mini100713-01.dmp
2013-10-07 21:55 - 2013-10-07 21:55 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joan\Desktop\mbam-setup.exe
2013-10-07 16:21 - 2013-10-07 16:21 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-10-07 16:16 - 2011-11-27 03:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-07 16:15 - 2006-11-02 06:23 - 00000219 _____ C:\Windows\win.ini
2013-10-06 14:58 - 2013-09-01 19:11 - 00000000 ____D C:\Users\Joan\Desktop\APA 2013
2013-10-06 07:25 - 2013-10-06 07:24 - 00159304 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-05 03:32 - 2013-03-14 12:03 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-05 00:54 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Joan\AppData\Roaming\iPumper
2013-10-02 17:10 - 2013-06-15 14:41 - 00000000 ____D C:\Users\Joan\Desktop\Family TPS
2013-10-01 18:32 - 2012-10-11 18:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-30 23:37 - 2013-03-31 14:19 - 00115905 _____ C:\test.xml
2013-09-30 22:09 - 2013-09-30 22:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 14:35 - 2013-09-28 12:31 - 00000000 ____D C:\Users\Joan\Desktop\intro to health care
2013-09-28 14:16 - 2013-04-26 18:39 - 00000000 ____D C:\Users\Joan\Desktop\bills
2013-09-20 00:13 - 2013-09-09 14:05 - 00000107 _____ C:\Users\Joan\Desktop\hospital bill.txt
2013-09-20 00:07 - 2013-05-05 17:53 - 00000000 ____D C:\Users\Joan\Desktop\MPH laptop copy
2013-09-19 22:44 - 2012-04-08 12:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-19 22:44 - 2011-11-27 04:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 22:34 - 2006-11-02 06:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 18:42 - 2013-09-18 18:42 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-18 18:42 - 2013-09-18 18:40 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-18 18:42 - 2013-09-06 14:40 - 00000000 ____D C:\Program Files\iTunes
2013-09-18 18:40 - 2013-09-18 18:40 - 00000000 ____D C:\Program Files\iPod
2013-09-18 18:40 - 2011-11-27 16:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-18 18:33 - 2011-11-27 00:48 - 00000000 ____D C:\Users\Joan
2013-09-16 16:18 - 2008-02-16 17:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-13 17:52 - 2013-09-13 17:52 - 00000000 ____D C:\Program Files\R
2013-09-11 22:08 - 2006-11-02 08:47 - 00373080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 21:50 - 2013-08-15 03:10 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:42 - 2006-11-02 06:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\PDFBinder
2013-09-09 22:10 - 2012-05-17 19:17 - 00000000 ____D C:\ProgramData\A-PDF
2013-09-08 12:48 - 2011-12-05 16:34 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Canon

Some content of TEMP:
====================
C:\Users\Joan\AppData\Local\temp\htmlayout.dll
C:\Users\Joan\AppData\Local\temp\Quarantine.exe
C:\Users\Joan\AppData\Local\temp\setup.exe
C:\Users\Joan\AppData\Local\temp\tmp252D.exe
C:\Users\Joan\AppData\Local\temp\tmp430F.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp4BD8.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp4C46.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp5BBD.exe
C:\Users\Joan\AppData\Local\temp\tmp5C9.exe
C:\Users\Joan\AppData\Local\temp\tmp6C6A.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp78CD.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpA2BD.exe
C:\Users\Joan\AppData\Local\temp\tmpAAEA.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpB5E1.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpC481.exe
C:\Users\Joan\AppData\Local\temp\tmpDE9C.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpE6D2.exe
C:\Users\Joan\AppData\Local\temp\tmpF1B6.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpF797.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-08 21:11

==================== End Of Log ============================


Addition log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Joan at 2013-10-08 22:19:53
Running from C:\Users\Joan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

A4 TECH PC Camera H
A4 TECH PC Camera H (Version: 2007.11.12)
Adobe AIR (Version: 3.6.0.6090)
Adobe Download Assistant (Version: 1.2.6)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Alps Pointing-device for VAIO
Amazon Cloud Drive (Version: 0.3.28.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Athan Basic 4.2
Bonjour (Version: 3.0.0.10)
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Citrix Online Launcher (Version: 1.0.117)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Click to Disc (Version: 1.2.73.04270)
Click to Disc Editor (Version: 1.0.00)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayLink Core Software (Version: 5.3.24903.0)
DisplayLink Graphics (Version: 5.3.25010.0)
DivX Setup (Version: 2.6.1.44)
GearDrvs (Version: 1)
Google Books Downloader version 1.6 (Version: 1.6)
Google Chrome (Version: 30.0.1599.69)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Talk (remove only)
GoToMeeting 5.8.0.1189 (HKCU Version: 5.8.0.1189)
GPL Ghostscript 8.71
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.17087)
Juniper Networks Setup Client (HKCU Version: 2.1.6.9079)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
Kingsoft Office 2013 (9.1.0.4088) (Version: 9.1.0.4088)
K-Lite Codec Pack 8.1.0 (Basic) (Version: 8.1.0)
Localphone version 1.1.0
LocationFree Player (Version: 4.02.0000)
Media Player Classic - Home Cinema v1.5.2.3456 (Version: 1.5.2.3456)
MEDITECH Workstation3.x
MEDITECH Workstation4.x
Meter Drivers for OneTouch® Software (Version: 1.10.0.0)
Meter Drivers for OneTouch® Software (Version: 1.9.1.0)
Meter Drivers for OneTouch® Software v1.10.0.0 (Version: 1.10.0.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office ScreenTip Language 2010 - العربية (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton 360 (Version: 1.2.0.10)
OneTouch Software
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
PDF Editor
PDFBinder (Version: 1.0.0)
PL-2303 USB-to-Serial (Version: 1.3.0)
PS - Power and Sample Size Calculation
QuickTime (Version: 7.74.80.86)
R for Windows 3.0.1 (Version: 3.0.1)
Realtek High Definition Audio Driver
Revo Uninstaller 1.95 (Version: 1.95)
Roxio Activation Module (Version: 1.0)
Roxio Easy Media Creator Home (Version: 9.1.095)
Segoe UI (Version: 15.4.2271.0615)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setting Utility Series (Version: 3.1.00.09240)
Skype™ 6.5 (Version: 6.5.158)
SonicStage Mastering Studio (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter Custom Preset (Version: 2.3)
SonicStage Mastering Studio Plugins (Version: 2.4)
Sony Video Shared Library (Version: 3.3.00)
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
SupportSoft Assisted Service (Version: 15)
TeamViewer 8 (Version: 8.0.22298)
TuneUp Utilities 2012 (Version: 12.0.2160.13)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.2160.13)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VAIO Care (Version: 6.3.0.09020)
VAIO Center Access Bar (Version: 1.00.1001)
VAIO Content Folder Setting (Version: 1.1.02.11070)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.1.00.09284)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240)
VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080)
VAIO Control Center (Version: 2.1.00.09190)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Entertainment Center (Version: 3.00.1005)
VAIO Entertainment Platform (Version: 3.0.00.06280)
VAIO Event Service (Version: 3.3.00.09200)
VAIO Help and Support (Version: 4.00.1016.NRVP)
VAIO Launcher (Version: 1.1.01.11270)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Movie Story (Version: 1.1.00.10160)
VAIO Movie Story (Version: 1.5.01.05120)
VAIO Movie Story 1.5 Upgrade (Version: 1.5.01.05120)
VAIO Movie Story Template Data (Version: 1.5.01.05120)
VAIO MusicBox (Version: 1.1.01.09240)
VAIO MusicBox Sample Music (Version: 1.0.01.09210)
VAIO OOBE and Welcome Center (Version: 4.00.1015.US)
VAIO Original Function Settings (Version: 2.0.2.02240)
VAIO PC Wireless LAN Wizard (Version: 1.01.1015)
VAIO Power Management (Version: 2.3.00.10100)
VAIO Productivity Center (Version: 3.00.1015)
VAIO Security Center (Version: 6.00.1015)
VAIO Service Utility (Version: 1.2.0.0)
VAIO Smart Network (Version: 2.0.1.11050)
VAIO Startup Assistant (Version: 1.00.1019)
VAIO Survey (Version: 5.00.7207)
VAIO Update (Version: 6.1.1.10250)
VAIO Wallpaper Contents (Version: 1.0.00.09200)
VBA (2627.01) (Version: 6.03.00.9402)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.6 (Version: 2.0.6)
VU5x86 (Version: 1.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinDVD for VAIO (Version: 8.0-B8.411)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Yahoo! Messenger
Yahoo! Software Update

==================== Restore Points =========================

23-09-2013 02:12:07 Scheduled Checkpoint
24-09-2013 01:58:06 Scheduled Checkpoint
24-09-2013 19:54:43 Windows Update
26-09-2013 05:36:47 Scheduled Checkpoint
27-09-2013 04:00:11 Scheduled Checkpoint
28-09-2013 04:00:11 Scheduled Checkpoint
29-09-2013 04:59:07 Scheduled Checkpoint
30-09-2013 01:00:56 Scheduled Checkpoint
01-10-2013 03:12:03 Scheduled Checkpoint
02-10-2013 01:07:36 Windows Update
03-10-2013 04:00:07 Scheduled Checkpoint
04-10-2013 04:52:01 Scheduled Checkpoint
05-10-2013 08:04:31 Scheduled Checkpoint
06-10-2013 10:45:45 Scheduled Checkpoint
07-10-2013 00:20:38 Scheduled Checkpoint
07-10-2013 18:31:44 Scheduled Checkpoint
07-10-2013 19:40:46 Windows Update

==================== Hosts content: ==========================

2012-03-12 23:50 - 2012-09-14 15:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10290674-BBDB-4DB8-B251-5F308B8B5852} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {19D9C94A-CBED-422D-9C70-858BD2AE5C0D} - System32\Tasks\VAIO Service Utility => C:\Program Files\Sony\VAIO Service Utility\VAIO-SU.exe [2007-09-26] ()
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28673CB6-B19B-40EC-8F7C-6C2E0346D75D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {2B99BB25-913E-4DE2-9DC3-85AEDD40828C} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-09-02] (Sony Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {331FC378-41A7-444B-AE7B-DE02C6EC5F7E} - System32\Tasks\WpsUpdateTask_Joan => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-06-03] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4F4C07BA-38BC-471C-9B12-5ADA0DB73CEA} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {5183A33E-9EE5-4784-995E-DF6BA57BD8E7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {63ADF37B-65A5-40FE-B291-2068441C8BCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-27] (Google Inc.)
Task: {72A66B62-1335-46FC-834A-9B6B2970562D} - System32\Tasks\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2010-08-12] ()
Task: {88348787-4AB0-47C6-BC21-19EE864002B6} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe
Task: {8C06E44B-DC07-4BC4-9830-760CEFC7B730} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {9911DAFA-A095-4230-8E06-58AA67471848} - System32\Tasks\{1713C594-8B29-4D5B-B521-102CB7668F63} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {A026692E-DC0D-4F65-BAFF-2BC3487CDEFF} - System32\Tasks\Divx online update program => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-12] ()
Task: {AC038BA3-CE0D-445E-A336-804DAFFC24C9} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {B7D5BBA3-1032-4D78-8057-2C684FFE11C2} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {BBFAAFFD-D289-4907-AF03-0702E13600A5} - System32\Tasks\Google Updater and Installer => C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BED41E63-EEB3-4EFF-9CCB-7DF562B53C47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-27] (Google Inc.)
Task: {CA40780A-7D21-4517-931C-BD219980A8E9} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe
Task: {CD929ABB-BADD-4CBE-90BB-402E67BA6BF9} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-08-12] (Sony Corporation)
Task: {E3704CBD-957C-4C46-85C9-B3C7DBF685C0} - System32\Tasks\Escolade => C:\Users\Joan\AppData\Roaming\iPumper\Updater.exe [2013-10-03] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FD0DEEDD-130E-4D7E-9B12-08A8F67A5EAB} - System32\Tasks\UP_Scheduler => %LOCALAPPDATA%\GC\updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Joan.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-11-27 14:29 - 2012-02-22 20:49 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2011-11-27 16:53 - 2011-03-02 13:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-30 22:08 - 2013-09-30 22:09 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-10-20 12:37 - 2011-10-20 12:37 - 13420352 _____ () C:\Program Files\TuneUp Utilities 2012\libcef.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-10-08 22:13 - 2013-10-08 22:13 - 00070144 _____ () C:\Users\Joan\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
2013-10-05 01:30 - 2013-10-03 02:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-05 01:30 - 2013-10-03 02:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-05 01:30 - 2013-10-03 02:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-08-13 08:15 - 2013-08-13 08:15 - 00206336 _____ () C:\Users\Joan\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2013-10-05 01:30 - 2013-10-03 02:03 - 13611984 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\$NtUninstallKB58393$:SummaryInformation

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2013 09:30:39 PM) (Source: Application Hang) (User: )
Description: The program tmpF797.tmp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2170
Start Time: 01cec48f0f7af289
Termination Time: 2


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/08/2013 09:30:39 PM) (Source: Application Hang)(User: )
Description: tmpF797.tmp.exe0.0.0.0217001cec48f0f7af2892


CodeIntegrity Errors:
===================================
Date: 2013-10-08 22:18:28.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:28.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:28.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:27.904
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:27.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:27.361
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:27.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:26.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:26.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 22:18:26.471
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 2037.69 MB
Available physical RAM: 652.03 MB
Total Pagefile: 6982.89 MB
Available Pagefile: 5017.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:129.56 GB) (Free:52.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (joan) (Fixed) (Total:48.83 GB) (Free:15.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: D5A56E96)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)

==================== End Of Log ============================


OLT log

OTL logfile created on: 10/8/2013 10:24:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.38% Memory free
6.82 Gb Paging File | 4.87 Gb Available in Paging File | 71.48% Paging File free
Paging file location(s): c:\pagefile.sys 5000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.56 Gb Total Space | 52.97 Gb Free Space | 40.89% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 15.41 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 18:29:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
PRC - [2013/10/08 01:15:50 | 000,186,880 | ---- | M] (WebStroller) -- C:\Users\Joan\AppData\Local\GC\Clicker.exe
PRC - [2013/10/08 01:15:50 | 000,087,552 | ---- | M] (WebStroller inc.) -- C:\Users\Joan\AppData\Local\GC\runner.exe
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 08:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 08:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/21 03:28:31 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2011/12/14 07:47:02 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 07:47:00 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/12/14 07:46:56 | 000,459,584 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TUDefragBackend32.exe
PRC - [2011/12/14 07:45:38 | 000,546,624 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\OneClick.exe
PRC - [2010/11/17 16:38:50 | 000,628,080 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/12 10:13:01 | 000,832,872 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/05/12 10:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/10 20:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/08/28 20:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 20:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 00:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 12:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/08 22:23:05 | 000,070,144 | ---- | M] () -- C:\Users\Joan\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/30 22:09:00 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/13 08:15:50 | 000,206,336 | ---- | M] () -- C:\Users\Joan\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/10/20 12:37:46 | 013,420,352 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2012\libcef.dll
MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\httpfilter.dll -- (zpnodecollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125obex.dll -- (z800mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pml.dll -- (WscNetDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elnkservice.dll -- (websenselogserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1080.dll -- (wanatw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctaud2k.dll -- (vusbbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netrcacm.dll -- (vmm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTSBLFX.DLL.dll -- (UWProSys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemap.dll -- (USBDongle)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateApp.dll -- (uiusys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (tdrpman174)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmpu401.dll -- (tcpipBM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetTcpPortSharing.dll -- (steamdvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBAAPL.dll -- (stcagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BUFADPT.dll -- (smcirda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBDevice.dll -- (smartscaps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msfs.dll -- (smapint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TClass2k.dll -- (sisperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (SGHIDI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TdmService.dll -- (serialkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsnpool.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acpiec.dll -- (rtl8029)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atikmdag.dll -- (PSDFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqnicmgmt.dll -- (pfmodnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdbhk5.dll -- (perc2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HidBth.dll -- (pav_security)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\schedule.dll -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w300bus.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\actser.dll -- (OEM02Dev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SndTDriverV32.dll -- (NWSAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\steamdvr.dll -- (nv4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DivisCTP.dll -- (NIPALK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (netrcacm)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\NEUSBw32.dll -- (NecUsb3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccdsls.dll -- (naveng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TMKEmu.dll -- (mstdc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfrem01.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimtv1.dll -- (MRESP50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117nd5.dll -- (mldserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smcservice.dll -- (merakpop3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XTrapD12.dll -- (lxcr_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (KMW_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssql$pinnaclesys.dll -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avp.dll -- (hotspotshieldservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\b57w2k.dll -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ni_nic.dll -- (ftdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\klif.dll -- (EACSvrMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDPSp50.dll -- (de_serv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\palmusbd.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imonitor.dll -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MTsensor.dll -- (cnxtdiag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (cisvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intelide.dll -- (cdudf_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (bufserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmgmt.dll -- (BcmSqlStartupSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcmcia.dll -- (BCMModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssDrv.dll -- (awlegacy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cobbmservice.dll -- (As6frin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cardex.dll -- (akshhl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cisvc.dll -- (aha154x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (aec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\freesshdservice.dll -- (abp480n5)
SRV - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/30 22:09:00 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/19 22:44:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/21 03:28:31 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/10/26 10:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2011/12/14 07:47:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 07:46:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/11/17 16:38:50 | 000,628,080 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/05/12 10:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009/09/08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/29 01:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 15:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/08/28 20:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 20:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 04:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/06/28 12:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 12:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/10 20:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 06:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 06:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 05:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4BDB197-B921-4A61-B553-8BD7F5F75F11}\MpKslab5ff8e8.sys -- (MpKslab5ff8e8)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Joan\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/06/18 05:54:53 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/22 07:44:33 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/04/22 07:44:33 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/03/07 13:25:48 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/10/25 18:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/10/25 18:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/04 10:39:06 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV - [2012/08/02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2011/10/20 12:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/17 16:12:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/03/12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/02/26 23:49:18 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/09/19 17:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 08:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 23:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/23 14:45:58 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/06/08 08:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 08:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/15 11:14:24 | 001,472,768 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://rover.ebay.com/rover/1/711- [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.arccosine.../search.php?q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Joan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/22 07:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/07/04 17:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/30 22:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/30 22:08:46 | 000,000,000 | ---D | M]

[2011/11/27 03:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Extensions
[2013/10/01 18:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\extensions
[2013/07/30 19:07:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 18:37:16 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/30 22:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/30 22:09:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Vuaudix = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\
CHR - Extension: AdBlock = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: AdBlock = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Safe Money = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2012/09/14 15:39:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: umassmemorial.org ([umassvdi] https in Trusted sites)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mrmcweb.org/...svrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://mrmcweb.org/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676693C7-D67B-4A68-B3A6-B36FB0B434DC}: DhcpNameServer = 216.195.0.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188}: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD50A76B-EC61-4035-8AB4-8FDB5850BC27}: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: uiusys - %systemroot%\system32\iPassPeriodicUpdateApp.dll File not found
NetSvcs: vmm - %systemroot%\system32\netrcacm.dll File not found
NetSvcs: BcmSqlStartupSvc - %systemroot%\system32\SE2Dmgmt.dll File not found
NetSvcs: DCamUSBSQTECH - %systemroot%\system32\palmusbd.dll File not found
NetSvcs: KLOGNT - %systemroot%\system32\mssql$pinnaclesys.dll File not found
NetSvcs: aha154x - %systemroot%\system32\cisvc.dll File not found
NetSvcs: netrcacm - %systemroot%\system32\Epfwndis.dll File not found
NetSvcs: smartscaps - %systemroot%\system32\GBDevice.dll File not found
NetSvcs: de_serv - %systemroot%\system32\ZDPSp50.dll File not found
NetSvcs: abp480n5 - %systemroot%\system32\freesshdservice.dll File not found
NetSvcs: bufserv - %systemroot%\system32\emclisrv.dll File not found
NetSvcs: ofcpfwsvc - %systemroot%\system32\w300bus.dll File not found
NetSvcs: nv4 - %systemroot%\system32\steamdvr.dll File not found
NetSvcs: zpnodecollector - %systemroot%\system32\httpfilter.dll File not found
NetSvcs: lxcr_device - %systemroot%\system32\XTrapD12.dll File not found
NetSvcs: tdrpman174 - %systemroot%\system32\emAudio.dll File not found
NetSvcs: OEM02Dev - %systemroot%\system32\actser.dll File not found
NetSvcs: BCMModem - %systemroot%\system32\pcmcia.dll File not found
NetSvcs: hotspotshieldservice - %systemroot%\system32\avp.dll File not found
NetSvcs: serialkeys - %systemroot%\system32\TdmService.dll File not found
NetSvcs: cisvc - %systemroot%\system32\ccflic0.dll File not found
NetSvcs: vusbbus - %systemroot%\system32\ctaud2k.dll File not found
NetSvcs: perc2 - %systemroot%\system32\sscdbhk5.dll File not found
NetSvcs: awlegacy - %systemroot%\system32\HssDrv.dll File not found
NetSvcs: aec - %systemroot%\system32\mvserver.dll File not found
NetSvcs: cdudf_xp - %systemroot%\system32\intelide.dll File not found
NetSvcs: tcpipBM - %systemroot%\system32\nvmpu401.dll File not found
NetSvcs: pav_security - %systemroot%\system32\HidBth.dll File not found
NetSvcs: WscNetDr - %systemroot%\system32\pml.dll File not found
NetSvcs: stcagent - %systemroot%\system32\USBAAPL.dll File not found
NetSvcs: lbtserv - File not found
NetSvcs: SE2Cmgmt - File not found
NetSvcs: procmon10 - File not found
NetSvcs: akshhl - %systemroot%\system32\Cardex.dll File not found
NetSvcs: s116unic - %systemroot%\system32\tfsnpool.dll File not found
NetSvcs: smapint - %systemroot%\system32\msfs.dll File not found
NetSvcs: sisperf - %systemroot%\system32\TClass2k.dll File not found
NetSvcs: SGHIDI - %systemroot%\system32\tversitymediaserver.dll File not found
NetSvcs: mstdc - %systemroot%\system32\TMKEmu.dll File not found
NetSvcs: USIUDF - %systemroot%\system32\MA8032M.dll File not found
NetSvcs: EACSvrMngr - %systemroot%\system32\klif.dll File not found
NetSvcs: pfmodnt - %systemroot%\system32\cpqnicmgmt.dll File not found
NetSvcs: PSDFilter - %systemroot%\system32\atikmdag.dll File not found
NetSvcs: naveng - %systemroot%\system32\wmccdsls.dll File not found
NetSvcs: z800mgmt - %systemroot%\system32\s125obex.dll File not found
NetSvcs: cnxtdiag - %systemroot%\system32\MTsensor.dll File not found
NetSvcs: As6frin - %systemroot%\system32\cobbmservice.dll File not found
NetSvcs: hnmsvc - %systemroot%\system32\b57w2k.dll File not found
NetSvcs: UWProSys - %systemroot%\system32\CTSBLFX.DLL.dll File not found
NetSvcs: smcirda - %systemroot%\system32\BUFADPT.dll File not found
NetSvcs: rtl8029 - %systemroot%\system32\acpiec.dll File not found
NetSvcs: mldserv - %systemroot%\system32\s117nd5.dll File not found
NetSvcs: NWSAP - %systemroot%\system32\SndTDriverV32.dll File not found
NetSvcs: merakpop3 - %systemroot%\system32\smcservice.dll File not found
NetSvcs: ftdisk - %systemroot%\system32\ni_nic.dll File not found
NetSvcs: oracle_load_balancer_60_client-forms6ip9 - %systemroot%\system32\schedule.dll File not found
NetSvcs: steamdvr - %systemroot%\system32\NetTcpPortSharing.dll File not found
NetSvcs: websenselogserver - %systemroot%\system32\elnkservice.dll File not found
NetSvcs: cwafreportscheduler - %systemroot%\system32\imonitor.dll File not found
NetSvcs: wanatw - %systemroot%\system32\ql1080.dll File not found
NetSvcs: NIPALK - %systemroot%\system32\DivisCTP.dll File not found
NetSvcs: USBDongle - %systemroot%\system32\pdlnemap.dll File not found
NetSvcs: mrobeservice - %systemroot%\system32\sfrem01.dll File not found
NetSvcs: MRESP50 - %systemroot%\system32\iaimtv1.dll File not found
NetSvcs: KMW_USB - %systemroot%\system32\WinDriver6.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Domino - hkey= - key= - C:\Windows\Domino.exe ()
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Users\Joan\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found
MsConfig - StartUpReg: VMSnap3 - hkey= - key= - C:\Windows\vmsnap3.exe (Vimicro)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 22:16:55 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/08 21:24:03 | 001,087,213 | ---- | C] (Farbar) -- C:\Users\Joan\Desktop\FRST.exe
[2013/10/08 21:15:19 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Joan\Desktop\aswmbr.exe
[2013/10/08 21:10:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/08 21:09:34 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Joan\Desktop\JRT.exe
[2013/10/08 18:29:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
[2013/10/07 22:28:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Joan\Desktop\dds.scr
[2013/10/07 22:27:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Joan\Desktop\HijackThis.exe
[2013/10/07 22:10:14 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
[2013/10/07 21:56:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/07 21:55:29 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joan\Desktop\mbam-setup.exe
[2013/10/07 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\GC
[2013/10/07 16:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/10/04 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2013/10/03 21:25:07 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\iPumper
[2013/09/30 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/28 12:31:44 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\intro to health care
[2013/09/20 00:10:14 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\PubHlth 540
[2013/09/18 18:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/18 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/18 18:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/13 17:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
[2013/09/13 17:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\R
[2013/09/11 22:01:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/11 22:01:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/11 22:01:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/11 22:01:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/11 22:01:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/11 22:01:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/11 22:01:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/11 22:01:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/11 05:54:55 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/09 22:45:23 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Absolute Uninstaller
[2013/09/09 22:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFBinder
[2013/09/09 22:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\PDFBinder
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 22:27:35 | 000,891,167 | ---- | M] () -- C:\Users\Joan\Desktop\SecurityCheck.exe
[2013/10/08 22:22:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 22:21:03 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Joan.job
[2013/10/08 22:16:07 | 000,000,512 | ---- | M] () -- C:\Users\Joan\Desktop\MBR.dat
[2013/10/08 21:44:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/08 21:24:03 | 001,087,213 | ---- | M] (Farbar) -- C:\Users\Joan\Desktop\FRST.exe
[2013/10/08 21:15:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Joan\Desktop\aswmbr.exe
[2013/10/08 21:09:27 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Joan\Desktop\JRT.exe
[2013/10/08 21:05:57 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/08 21:05:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 21:05:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 21:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/08 21:05:06 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/08 20:58:56 | 001,045,226 | ---- | M] () -- C:\Users\Joan\Desktop\AdwCleaner(1).exe
[2013/10/08 18:29:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
[2013/10/08 01:19:04 | 000,048,402 | -HS- | M] () -- C:\Users\Joan\AppData\Local\ws_updater.exe
[2013/10/07 22:38:44 | 280,635,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/07 22:33:58 | 000,377,856 | ---- | M] () -- C:\Users\Joan\Desktop\dwet1u6t.exe
[2013/10/07 22:28:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Joan\Desktop\dds.scr
[2013/10/07 22:27:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joan\Desktop\HijackThis.exe
[2013/10/07 22:10:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
[2013/10/07 21:55:56 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joan\Desktop\mbam-setup.exe
[2013/10/05 03:32:35 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/02 17:23:29 | 000,070,652 | ---- | M] () -- C:\Users\Joan\Desktop\probability_review_solutions.pdf
[2013/09/30 23:37:17 | 000,115,905 | ---- | M] () -- C:\test.xml
[2013/09/28 17:45:08 | 000,118,599 | ---- | M] () -- C:\Users\Joan\Desktop\Untitled.jpg
[2013/09/19 22:44:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/19 22:44:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/19 22:34:03 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/19 22:34:03 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/18 18:42:35 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 22:08:29 | 000,373,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/08 22:27:37 | 000,891,167 | ---- | C] () -- C:\Users\Joan\Desktop\SecurityCheck.exe
[2013/10/08 22:16:07 | 000,000,512 | ---- | C] () -- C:\Users\Joan\Desktop\MBR.dat
[2013/10/08 20:58:56 | 001,045,226 | ---- | C] () -- C:\Users\Joan\Desktop\AdwCleaner(1).exe
[2013/10/08 01:19:04 | 000,048,402 | -HS- | C] () -- C:\Users\Joan\AppData\Local\ws_updater.exe
[2013/10/07 22:32:29 | 000,377,856 | ---- | C] () -- C:\Users\Joan\Desktop\dwet1u6t.exe
[2013/10/02 17:23:29 | 000,070,652 | ---- | C] () -- C:\Users\Joan\Desktop\probability_review_solutions.pdf
[2013/09/28 17:45:07 | 000,118,599 | ---- | C] () -- C:\Users\Joan\Desktop\Untitled.jpg
[2013/09/18 18:42:35 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/17 21:12:50 | 000,001,100 | ---- | C] () -- C:\Users\Joan\AppData\Local\d3d8caps.dat
[2012/08/04 10:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2012/08/04 10:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2012/06/09 15:26:43 | 000,160,796 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/06/04 22:02:26 | 000,017,408 | ---- | C] () -- C:\Users\Joan\AppData\Local\WebpageIcons.db
[2012/03/11 15:01:21 | 000,115,686 | ---- | C] () -- C:\Windows\System32\itldvupd.dat
[2012/03/11 15:01:21 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/02/17 17:21:42 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/02/17 17:21:42 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/02/17 17:20:59 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2012/02/17 17:20:59 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2012/02/17 17:20:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll
[2012/02/17 17:20:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2012/02/17 17:20:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2012/02/17 17:20:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2012/02/08 00:30:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/02/04 20:39:06 | 000,002,487 | ---- | C] () -- C:\Users\Joan\Skype.lnk
[2012/01/16 00:11:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/08 12:05:47 | 000,009,728 | ---- | C] () -- C:\Users\Joan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 17:46:14 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2011/12/17 17:45:14 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2011/12/08 17:43:42 | 000,001,356 | ---- | C] () -- C:\Users\Joan\AppData\Local\d3d9caps.dat
[2011/11/27 04:45:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/27 04:45:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/27 03:51:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/11/27 03:26:13 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2011/11/27 03:25:02 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2011/11/27 02:48:21 | 000,000,104 | ---- | C] () -- C:\Users\Joan\Computer - Shortcut.lnk
[2011/11/27 01:35:09 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK2546GSX_200
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type:
Media Type:
Model: MemoryStick0 Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type:
Media Type:
Model: SD1 Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 130.00GB
Starting Offset: 8504999936
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 49.00GB
Starting Offset: 147619577856
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/05/08 00:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 18:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/05/08 00:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 18:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/09/07 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\ABSoft
[2013/09/09 22:45:23 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Absolute Uninstaller
[2013/04/05 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Adobe
[2012/12/02 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Apple Computer
[2013/03/31 14:17:31 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Auslogics
[2013/05/18 17:17:30 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\BitTorrent
[2013/09/08 12:48:07 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Canon
[2013/04/04 11:09:10 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/11 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Copyright © 2011-2012 RealNetworks
[2012/07/08 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Crayon Physics Deluxe
[2013/03/07 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\DAEMON Tools Lite
[2013/02/11 21:24:05 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\DivX
[2012/03/11 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\GetRightToGo
[2013/10/08 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\GlarySoft
[2012/05/28 16:11:34 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Google
[2011/11/27 03:35:58 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\ICAClient
[2011/11/27 00:52:19 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Identities
[2011/11/27 14:33:56 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\InstallShield
[2011/12/11 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\iolo
[2013/10/05 00:54:27 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\iPumper
[2011/12/10 12:09:56 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Juniper Networks
[2013/06/18 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Kingsoft
[2013/09/07 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Leawo
[2012/09/12 16:14:53 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Localphone
[2011/11/27 00:53:20 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Macromedia
[2012/03/13 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Media Center Programs
[2012/05/23 19:56:10 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Media Player Classic
[2013/09/01 19:29:25 | 000,000,000 | --SD | M] -- C:\Users\Joan\AppData\Roaming\Microsoft
[2012/10/10 19:11:46 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Mozilla
[2013/04/16 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\PDAppFlex
[2012/03/11 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\rinsebyreal
[2012/05/13 23:13:32 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Roxio
[2013/10/08 21:06:29 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Skype
[2011/11/27 02:03:29 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Sony Corporation
[2013/01/28 16:57:00 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Spotify
[2013/06/12 03:29:37 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\TeamViewer
[2013/09/07 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\tiger-k
[2011/11/27 19:06:07 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\TuneUp Software
[2012/10/08 19:06:35 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\vlc
[2011/11/27 00:52:59 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Webroot
[2011/11/27 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\WinRAR
[2012/04/26 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 22:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 22:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 22:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 22:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 22:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 22:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 22:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 22:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 22:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 05:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 9675-8DCA
Directory of C:\
11/02/2006 09:02 AM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 09:02 AM <JUNCTION> Application Data [..]
11/02/2006 09:02 AM <JUNCTION> Desktop [..]
11/02/2006 09:02 AM <JUNCTION> Documents [..]
11/02/2006 09:02 AM <JUNCTION> Favorites [..]
11/02/2006 09:02 AM <JUNCTION> Start Menu [..]
11/02/2006 09:02 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 09:02 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 09:02 AM <JUNCTION> Application Data [..]
11/02/2006 09:02 AM <JUNCTION> Desktop [..]
11/02/2006 09:02 AM <JUNCTION> Documents [..]
11/02/2006 09:02 AM <JUNCTION> Favorites [..]
11/02/2006 09:02 AM <JUNCTION> Start Menu [..]
11/02/2006 09:02 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 09:02 AM <JUNCTION> Application Data [..]
11/02/2006 09:02 AM <JUNCTION> Local Settings [..]
11/02/2006 09:02 AM <JUNCTION> My Documents [..]
11/02/2006 09:02 AM <JUNCTION> NetHood [..]
11/02/2006 09:02 AM <JUNCTION> PrintHood [..]
11/02/2006 09:02 AM <JUNCTION> Recent [..]
11/02/2006 09:02 AM <JUNCTION> SendTo [..]
11/02/2006 09:02 AM <JUNCTION> Start Menu [..]
11/02/2006 09:02 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 09:02 AM <JUNCTION> Application Data [..]
11/02/2006 09:02 AM <JUNCTION> History [..]
11/02/2006 09:02 AM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 09:02 AM <JUNCTION> My Music [..]
11/02/2006 09:02 AM <JUNCTION> My Pictures [..]
11/02/2006 09:02 AM <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\Joan
11/27/2011 12:48 AM <JUNCTION> Application Data [C:\Users\Joan\AppData\Roaming]
11/27/2011 12:48 AM <JUNCTION> Cookies [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies]
11/27/2011 12:48 AM <JUNCTION> Local Settings [C:\Users\Joan\AppData\Local]
11/27/2011 12:48 AM <JUNCTION> My Documents [C:\Users\Joan\Documents]
11/27/2011 12:48 AM <JUNCTION> NetHood [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/27/2011 12:48 AM <JUNCTION> PrintHood [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/27/2011 12:48 AM <JUNCTION> Recent [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Recent]
11/27/2011 12:48 AM <JUNCTION> SendTo [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\SendTo]
11/27/2011 12:48 AM <JUNCTION> Start Menu [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu]
11/27/2011 12:48 AM <JUNCTION> Templates [C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Joan\AppData\Local
11/27/2011 12:48 AM <JUNCTION> Application Data [C:\Users\Joan\AppData\Local]
11/27/2011 12:48 AM <JUNCTION> History [C:\Users\Joan\AppData\Local\Microsoft\Windows\History]
11/27/2011 12:48 AM <JUNCTION> Temporary Internet Files [C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Joan\AppData\LocalLow
03/09/2013 11:55 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Joan\Documents
11/27/2011 12:48 AM <JUNCTION> My Music [C:\Users\Joan\Music]
11/27/2011 12:48 AM <JUNCTION> My Pictures [C:\Users\Joan\Pictures]
11/27/2011 12:48 AM <JUNCTION> My Videos [C:\Users\Joan\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/16/2008 05:12 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/16/2008 05:12 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/16/2008 05:12 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/16/2008 05:12 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/16/2008 05:12 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/16/2008 05:12 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/16/2008 05:12 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
02/16/2008 05:12 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/16/2008 05:12 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/16/2008 05:12 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
02/16/2008 05:12 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02/16/2008 05:12 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/16/2008 05:12 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
98 Dir(s) 56,673,370,112 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/30 22:08:58 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/30 22:08:58 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/30 22:08:58 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/27 15:57:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/27 15:57:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/27 15:57:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/31 06:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/31 06:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/30 22:08:58 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/30 22:08:58 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/30 22:08:58 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/30 22:09:02 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/27 15:57:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/27 15:57:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/27 15:57:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/31 06:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/31 06:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/28 10:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 08:41:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/11 02:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 07:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 14:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 14:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 14:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 14:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 14:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 07:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/11 02:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< End of report >


Extra log from OLT


OTL Extras logfile created on: 10/8/2013 10:24:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.38% Memory free
6.82 Gb Paging File | 4.87 Gb Available in Paging File | 71.48% Paging File free
Paging file location(s): c:\pagefile.sys 5000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.56 Gb Total Space | 52.97 Gb Free Space | 40.89% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 15.41 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D252F9F-1545-41BB-A536-DB3D560D12ED}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{15A67133-29BE-4A7F-BECE-F27F7D61C751}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F2AF587-A9F3-46D7-A8FE-A9372F329712}" = lport=138 | protocol=17 | dir=in | app=system |
"{3613B7E5-8016-407A-94C9-531644D58889}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{464A0EAC-52A8-4E7B-80D7-B65B99BE24CB}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{57041380-53CC-4DD9-9801-E66FDF5C5109}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57D78092-D8D7-40CE-82F9-41AC37E68AAB}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E8B119F-1158-4E76-8B91-B01CECC78D71}" = rport=137 | protocol=17 | dir=out | app=system |
"{6600E715-1B10-4A86-9BF6-DEDB7C1C3B36}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75FB1F1E-2FB3-4AD7-82F4-996CB55A2F55}" = lport=139 | protocol=6 | dir=in | app=system |
"{B0EC0496-BD24-4D06-9612-43637A5D9C7D}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDDEF805-D7D4-4799-93C1-98D4859ED7E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{C24B2E73-C040-4A05-A187-08D58CC75609}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D438917D-6840-4B48-A7F2-59BD9033D1F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{D68B0DED-1594-447F-861E-360EFAAA1E8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{F8CCBEE0-4892-426F-8887-65BE02B71C6B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19DC4FED-764D-4D78-A21A-9FD358190BC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26D90F7A-92D2-4D31-90F8-B29F011D6E76}" = protocol=1 | dir=in | [email protected],-28543 |
"{3349CBE3-595F-4ABA-B1C9-C0575F9920D3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{39B7724C-B185-4DB3-85B0-F76989A2CC8F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{56CA7ABA-FC2E-41CC-BF6E-5CDE549A2B6A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{70882D37-73BB-4FC9-8524-7903AEB56CAB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{7752E8EE-8C55-4C35-9970-EF40250F8608}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{823E8B6C-C203-433D-93C1-47298EF6FE13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8AD1B2D9-8968-4AF0-9901-A018F8ECFD3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8C568615-5B36-42FB-BF2D-2237C4F7AE67}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{95655BBE-F941-4EF9-B46B-7F26F87FE0CA}" = protocol=1 | dir=out | [email protected],-28544 |
"{9779EAAD-DBBF-4C09-B485-699C1E19CE4B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9ED5FA2B-5CE9-4143-97E5-75211E28A6F8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AA41A183-6EB5-45FB-BAA3-7FB79ACE12BF}" = protocol=58 | dir=out | [email protected],-28546 |
"{AC71E320-800D-4C36-BC6E-F3473259B028}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADD43811-58AE-4D8A-9C3D-5FE3D84E3FD4}" = protocol=58 | dir=in | [email protected],-28545 |
"{BDAD85F1-11FA-41B1-9E2F-D5E14EFF0E00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2DE0748-2331-42B6-BED6-218A49149956}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{D06F8C07-7DE1-44E1-B1A5-996F956A2231}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E25FA552-6574-4432-B547-E54FEA0BB142}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{E6C4D74D-3F6C-4A6A-97D9-2221C6C3C56A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{EA376658-4344-48A9-88F4-9952754AF530}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{2158D04B-E58C-4E8F-90BC-FBB227A782C9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D35C88BF-178F-4CD2-A098-F8DC394479AB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F0AE5734-FCDE-42DC-8D9B-D78AFBDD3754}C:\program files\microsoft office\office14\kmsemulator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\kmsemulator.exe |
"UDP Query User{3EC2E0EB-3BB6-4076-BF7D-4FF326D96B5A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{9A0D573E-BAA3-4939-8BA0-2537F7C3B2A3}C:\program files\microsoft office\office14\kmsemulator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\kmsemulator.exe |
"UDP Query User{9FD6B223-3255-4313-8A89-4BB66D3926CC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.6
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340B2F36-632B-48ED-929A-28803FC81AC5}" = DisplayLink Graphics
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{455CF228-9805-4F94-9246-D475F4C90829}" = Citrix Online Launcher
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8C16C8-C208-4B04-BF04-DD2AAEFD55FA}" = Amazon Cloud Drive
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{554E34DB-1EDD-4CE4-B63D-9E9973C6FFA5}" = VAIO Care
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82FEBE5D-61EC-4365-A213-2B278780945E}" = OneTouch Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BA03AC2-579F-41CD-A250-740137D86F7A}" = PDFBinder
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BD-0401-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - العربية
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}" = Meter Drivers for OneTouch® Software
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = A4 TECH PC Camera H
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B28470A5-F73F-432C-8066-05BA652AA5D1}" = Meter Drivers for OneTouch® Software
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{E79E814C-733C-40C1-B189-C5FCFDA0BAD5}" = DisplayLink Core Software
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Athan" = Athan Basic 4.2
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX Setup
"eMagMaker PDF Editor_is1" = PDF Editor
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}" = Meter Drivers for OneTouch® Software v1.10.0.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4088)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Basic)
"Localphone_is1" = Localphone version 1.1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"R for Windows 3.0.1_is1" = R for Windows 3.0.1
"Revo Uninstaller" = Revo Uninstaller 1.95
"ST6UNST #1" = PS - Power and Sample Size Calculation
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VAIO Service Utility" = VAIO Service Utility
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Workstation3.x" = MEDITECH Workstation3.x
"Workstation4.x" = MEDITECH Workstation4.x
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"GoToMeeting" = GoToMeeting 5.8.0.1189
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2013 9:30:39 PM | Computer Name = Joan-PC | Source = Application Hang | ID = 1002
Description = The program tmpF797.tmp.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2170 Start Time: 01cec48f0f7af289 Termination Time: 2


< End of report >


Security Check log

UNSUPPORTED OPERATING SYSTEM! ABORTED!


thanks again
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Download the attached filelist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post it.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 25 (Version: 7.0.250)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Not sure what your GC is. Think it's just adware. It was triggered by a scheduled task. The sounds are probably from a version of Zero Access tho I think Kaspersky managed to kill off most of it.

Run a FRST scan again and post the log so I can see if we got it all.

We should probably run a couple of other scans to make sure:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0

#5
maxcool

maxcool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi

I had to change the file name to fixlist.txt to run FRST, deleted all Java, here are the logs

FIX log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Joan at 2013-10-09 18:03:35 Run:1
Running from C:\Users\Joan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\httpfilter.dll -- (zpnodecollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125obex.dll -- (z800mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pml.dll -- (WscNetDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elnkservice.dll -- (websenselogserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1080.dll -- (wanatw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctaud2k.dll -- (vusbbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netrcacm.dll -- (vmm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTSBLFX.DLL.dll -- (UWProSys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemap.dll -- (USBDongle)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateApp.dll -- (uiusys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (tdrpman174)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmpu401.dll -- (tcpipBM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetTcpPortSharing.dll -- (steamdvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBAAPL.dll -- (stcagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BUFADPT.dll -- (smcirda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBDevice.dll -- (smartscaps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msfs.dll -- (smapint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TClass2k.dll -- (sisperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (SGHIDI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TdmService.dll -- (serialkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsnpool.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acpiec.dll -- (rtl8029)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atikmdag.dll -- (PSDFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqnicmgmt.dll -- (pfmodnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdbhk5.dll -- (perc2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HidBth.dll -- (pav_security)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\schedule.dll -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w300bus.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\actser.dll -- (OEM02Dev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SndTDriverV32.dll -- (NWSAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\steamdvr.dll -- (nv4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DivisCTP.dll -- (NIPALK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (netrcacm)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\NEUSBw32.dll -- (NecUsb3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccdsls.dll -- (naveng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TMKEmu.dll -- (mstdc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfrem01.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimtv1.dll -- (MRESP50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117nd5.dll -- (mldserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smcservice.dll -- (merakpop3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XTrapD12.dll -- (lxcr_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (KMW_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssql$pinnaclesys.dll -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avp.dll -- (hotspotshieldservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\b57w2k.dll -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ni_nic.dll -- (ftdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\klif.dll -- (EACSvrMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDPSp50.dll -- (de_serv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\palmusbd.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imonitor.dll -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MTsensor.dll -- (cnxtdiag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (cisvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intelide.dll -- (cdudf_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (bufserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmgmt.dll -- (BcmSqlStartupSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcmcia.dll -- (BCMModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssDrv.dll -- (awlegacy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cobbmservice.dll -- (As6frin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cardex.dll -- (akshhl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cisvc.dll -- (aha154x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (aec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\freesshdservice.dll -- (abp480n5)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4BDB197-B921-4A61-B553-8BD7F5F75F11}\MpKslab5ff8e8.sys -- (MpKslab5ff8e8)
S1 MpKslab5ff8e8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4BDB197-B921-4A61-B553-8BD7F5F75F11}\MpKslab5ff8e8.sys [x]
C:\Users\Joan\AppData\Local\temp\htmlayout.dll
C:\Users\Joan\AppData\Local\temp\Quarantine.exe
C:\Users\Joan\AppData\Local\temp\setup.exe
C:\Users\Joan\AppData\Local\temp\tmp252D.exe
C:\Users\Joan\AppData\Local\temp\tmp430F.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp4BD8.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp4C46.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp5BBD.exe
C:\Users\Joan\AppData\Local\temp\tmp5C9.exe
C:\Users\Joan\AppData\Local\temp\tmp6C6A.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmp78CD.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpA2BD.exe
C:\Users\Joan\AppData\Local\temp\tmpAAEA.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpB5E1.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpC481.exe
C:\Users\Joan\AppData\Local\temp\tmpDE9C.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpE6D2.exe
C:\Users\Joan\AppData\Local\temp\tmpF1B6.tmp.exe
C:\Users\Joan\AppData\Local\temp\tmpF797.tmp.exe
C:\Users\Joan\AppData\Local\GC\Clicker.exe
C:\Users\Joan\AppData\Local\GC\runner.exe
C:\Users\Joan\AppData\Local\GC\updater.exe
C:\Users\Joan\AppData\Local\ws_updater.exe
C:\Users\Joan\Desktop\dwet1u6t.exe
C:\Users\Joan\AppData\Roaming\iPumper\Updater.exe
Task: {88348787-4AB0-47C6-BC21-19EE864002B6} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe
Task: {E3704CBD-957C-4C46-85C9-B3C7DBF685C0} - System32\Tasks\Escolade => C:\Users\Joan\AppData\Roaming\iPumper\Updater.exe [2013-10-03] ()
Task: {FD0DEEDD-130E-4D7E-9B12-08A8F67A5EAB} - System32\Tasks\UP_Scheduler => %LOCALAPPDATA%\GC\updater.exe
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CMD: netsh winsock reset

*****************

MpKslab5ff8e8 => Service deleted successfully.
C:\Users\Joan\AppData\Local\temp\htmlayout.dll => Moved successfully.
C:\Users\Joan\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\setup.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp252D.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp430F.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp4BD8.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp4C46.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp5BBD.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp5C9.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp6C6A.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmp78CD.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpA2BD.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpAAEA.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpB5E1.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpC481.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpDE9C.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpE6D2.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpF1B6.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\temp\tmpF797.tmp.exe => Moved successfully.
C:\Users\Joan\AppData\Local\GC\Clicker.exe => Moved successfully.
C:\Users\Joan\AppData\Local\GC\runner.exe => Moved successfully.
Could not move "C:\Users\Joan\AppData\Local\GC\updater.exe" => Scheduled to move on reboot.
C:\Users\Joan\AppData\Local\ws_updater.exe => Moved successfully.
C:\Users\Joan\Desktop\dwet1u6t.exe => Moved successfully.
C:\Users\Joan\AppData\Roaming\iPumper\Updater.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88348787-4AB0-47C6-BC21-19EE864002B6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88348787-4AB0-47C6-BC21-19EE864002B6} => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3704CBD-957C-4C46-85C9-B3C7DBF685C0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3704CBD-957C-4C46-85C9-B3C7DBF685C0} => Key deleted successfully.
C:\Windows\System32\Tasks\Escolade => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Escolade => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD0DEEDD-130E-4D7E-9B12-08A8F67A5EAB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD0DEEDD-130E-4D7E-9B12-08A8F67A5EAB} => Key deleted successfully.
C:\Windows\System32\Tasks\UP_Scheduler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UP_Scheduler => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

C:\Users\Joan\AppData\Local\GC\updater.exe => Moved successfully.

==== End of Fixlog ====



FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Joan (administrator) on JOAN-PC on 09-10-2013 18:10:58
Running from C:\Users\Joan\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
() C:\Windows\system32\PSIService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-09-01] (Realtek Semiconductor)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://rover.ebay.co...52013-16445-0/4
http://www.learningc...fers/index.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0536541C-BFBB-4A68-A4F8-5D39EDB7D65D} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mrmcweb.org/...svrloader32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://mrmcweb.org/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.195.0.131 216.195.0.226 216.195.0.227

FireFox:
========
FF ProfilePath: C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.arccosine.com/search.php?q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Joan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: No Name - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Conduit) - http://www.google.com
CHR DefaultSuggestURL: (Conduit) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Wajam) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Vuaudix) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1
CHR Extension: (AdBlock) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Safe Money) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Joan\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [5105000 2010-05-12] (DisplayLink Corp.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [628080 2010-11-17] (Juniper Networks)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-11-03] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-15] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2818048 2007-09-23] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-09] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-09] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292128 2007-09-29] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation)
S2 abp480n5; %systemroot%\system32\freesshdservice.dll [x]
S2 aec; %systemroot%\system32\mvserver.dll [x]
S2 aha154x; %systemroot%\system32\cisvc.dll [x]
S2 akshhl; %systemroot%\system32\Cardex.dll [x]
S2 As6frin; %systemroot%\system32\cobbmservice.dll [x]
S2 awlegacy; %systemroot%\system32\HssDrv.dll [x]
S2 BCMModem; %systemroot%\system32\pcmcia.dll [x]
S2 BcmSqlStartupSvc; %systemroot%\system32\SE2Dmgmt.dll [x]
S2 bufserv; %systemroot%\system32\emclisrv.dll [x]
S2 cdudf_xp; %systemroot%\system32\intelide.dll [x]
S2 cisvc; %systemroot%\system32\ccflic0.dll [x]
S2 cnxtdiag; %systemroot%\system32\MTsensor.dll [x]
S2 cwafreportscheduler; %systemroot%\system32\imonitor.dll [x]
S2 DCamUSBSQTECH; %systemroot%\system32\palmusbd.dll [x]
S2 de_serv; %systemroot%\system32\ZDPSp50.dll [x]
S2 EACSvrMngr; %systemroot%\system32\klif.dll [x]
S2 ftdisk; %systemroot%\system32\ni_nic.dll [x]
S2 hnmsvc; %systemroot%\system32\b57w2k.dll [x]
S2 hotspotshieldservice; %systemroot%\system32\avp.dll [x]
S2 KLOGNT; %systemroot%\system32\mssql$pinnaclesys.dll [x]
S2 KMW_USB; %systemroot%\system32\WinDriver6.dll [x]
S2 lxcr_device; %systemroot%\system32\XTrapD12.dll [x]
S2 merakpop3; %systemroot%\system32\smcservice.dll [x]
S2 mldserv; %systemroot%\system32\s117nd5.dll [x]
S2 MRESP50; %systemroot%\system32\iaimtv1.dll [x]
S2 mrobeservice; %systemroot%\system32\sfrem01.dll [x]
S2 mstdc; %systemroot%\system32\TMKEmu.dll [x]
S2 naveng; %systemroot%\system32\wmccdsls.dll [x]
S2 NecUsb3; C:\Windows\system32\NEUSBw32.dll [x]
S2 netrcacm; %systemroot%\system32\Epfwndis.dll [x]
S2 NIPALK; %systemroot%\system32\DivisCTP.dll [x]
S2 nv4; %systemroot%\system32\steamdvr.dll [x]
S2 NWSAP; %systemroot%\system32\SndTDriverV32.dll [x]
S2 OEM02Dev; %systemroot%\system32\actser.dll [x]
S2 ofcpfwsvc; %systemroot%\system32\w300bus.dll [x]
S2 oracle_load_balancer_60_client-forms6ip9; %systemroot%\system32\schedule.dll [x]
S2 pav_security; %systemroot%\system32\HidBth.dll [x]
S2 perc2; %systemroot%\system32\sscdbhk5.dll [x]
S2 pfmodnt; %systemroot%\system32\cpqnicmgmt.dll [x]
S2 PSDFilter; %systemroot%\system32\atikmdag.dll [x]
S2 rtl8029; %systemroot%\system32\acpiec.dll [x]
S2 s116unic; %systemroot%\system32\tfsnpool.dll [x]
S2 serialkeys; %systemroot%\system32\TdmService.dll [x]
S2 SGHIDI; %systemroot%\system32\tversitymediaserver.dll [x]
S2 sisperf; %systemroot%\system32\TClass2k.dll [x]
S2 smapint; %systemroot%\system32\msfs.dll [x]
S2 smartscaps; %systemroot%\system32\GBDevice.dll [x]
S2 smcirda; %systemroot%\system32\BUFADPT.dll [x]
S2 stcagent; %systemroot%\system32\USBAAPL.dll [x]
S2 steamdvr; %systemroot%\system32\NetTcpPortSharing.dll [x]
S2 tcpipBM; %systemroot%\system32\nvmpu401.dll [x]
S2 tdrpman174; %systemroot%\system32\emAudio.dll [x]
S2 uiusys; %systemroot%\system32\iPassPeriodicUpdateApp.dll [x]
S2 USBDongle; %systemroot%\system32\pdlnemap.dll [x]
S2 USIUDF; %systemroot%\system32\MA8032M.dll [x]
S2 UWProSys; %systemroot%\system32\CTSBLFX.DLL.dll [x]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
S2 vmm; %systemroot%\system32\netrcacm.dll [x]
S2 vusbbus; %systemroot%\system32\ctaud2k.dll [x]
S2 wanatw; %systemroot%\system32\ql1080.dll [x]
S2 websenselogserver; %systemroot%\system32\elnkservice.dll [x]
S2 WscNetDr; %systemroot%\system32\pml.dll [x]
S2 z800mgmt; %systemroot%\system32\s125obex.dll [x]
S2 zpnodecollector; %systemroot%\system32\httpfilter.dll [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.3.24903.0.sys [21888 2012-08-04] (http://libusb-win32.sourceforge.net)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-11-17] (Juniper Networks)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-18] (Kaspersky Lab ZAO)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-22] (Kaspersky Lab ZAO)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-03-07] (Duplex Secure Ltd.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-10-20] (TuneUp Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-15] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 dlkmd; \SystemRoot\system32\drivers\dlkmd.sys [x]
S0 dlkmdldr; system32\drivers\dlkmdldr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-04-22] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [x]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: uiusys -> C:\Windows\system32\iPassPeriodicUpdateApp.dll ==> No File.
NETSVC: vmm -> C:\Windows\system32\netrcacm.dll ==> No File.
NETSVC: BcmSqlStartupSvc -> C:\Windows\system32\SE2Dmgmt.dll ==> No File.
NETSVC: DCamUSBSQTECH -> C:\Windows\system32\palmusbd.dll ==> No File.
NETSVC: KLOGNT -> C:\Windows\system32\mssql$pinnaclesys.dll ==> No File.
NETSVC: aha154x -> C:\Windows\system32\cisvc.dll ==> No File.
NETSVC: netrcacm -> C:\Windows\system32\Epfwndis.dll ==> No File.
NETSVC: smartscaps -> C:\Windows\system32\GBDevice.dll ==> No File.
NETSVC: de_serv -> C:\Windows\system32\ZDPSp50.dll ==> No File.
NETSVC: abp480n5 -> C:\Windows\system32\freesshdservice.dll ==> No File.
NETSVC: bufserv -> C:\Windows\system32\emclisrv.dll ==> No File.
NETSVC: ofcpfwsvc -> C:\Windows\system32\w300bus.dll ==> No File.
NETSVC: nv4 -> C:\Windows\system32\steamdvr.dll ==> No File.
NETSVC: zpnodecollector -> C:\Windows\system32\httpfilter.dll ==> No File.
NETSVC: lxcr_device -> C:\Windows\system32\XTrapD12.dll ==> No File.
NETSVC: tdrpman174 -> C:\Windows\system32\emAudio.dll ==> No File.
NETSVC: OEM02Dev -> C:\Windows\system32\actser.dll ==> No File.
NETSVC: BCMModem -> C:\Windows\system32\pcmcia.dll ==> No File.
NETSVC: hotspotshieldservice -> C:\Windows\system32\avp.dll ==> No File.
NETSVC: serialkeys -> C:\Windows\system32\TdmService.dll ==> No File.
NETSVC: cisvc -> C:\Windows\system32\ccflic0.dll ==> No File.
NETSVC: vusbbus -> C:\Windows\system32\ctaud2k.dll ==> No File.
NETSVC: perc2 -> C:\Windows\system32\sscdbhk5.dll ==> No File.
NETSVC: awlegacy -> C:\Windows\system32\HssDrv.dll ==> No File.
NETSVC: aec -> C:\Windows\system32\mvserver.dll ==> No File.
NETSVC: cdudf_xp -> C:\Windows\system32\intelide.dll ==> No File.
NETSVC: tcpipBM -> C:\Windows\system32\nvmpu401.dll ==> No File.
NETSVC: pav_security -> C:\Windows\system32\HidBth.dll ==> No File.
NETSVC: WscNetDr -> C:\Windows\system32\pml.dll ==> No File.
NETSVC: stcagent -> C:\Windows\system32\USBAAPL.dll ==> No File.
NETSVC: lbtserv -> No Registry Path.
NETSVC: SE2Cmgmt -> No Registry Path.
NETSVC: procmon10 -> No Registry Path.
NETSVC: akshhl -> C:\Windows\system32\Cardex.dll ==> No File.
NETSVC: s116unic -> C:\Windows\system32\tfsnpool.dll ==> No File.
NETSVC: smapint -> C:\Windows\system32\msfs.dll ==> No File.
NETSVC: sisperf -> C:\Windows\system32\TClass2k.dll ==> No File.
NETSVC: SGHIDI -> C:\Windows\system32\tversitymediaserver.dll ==> No File.
NETSVC: mstdc -> C:\Windows\system32\TMKEmu.dll ==> No File.
NETSVC: USIUDF -> C:\Windows\system32\MA8032M.dll ==> No File.
NETSVC: EACSvrMngr -> C:\Windows\system32\klif.dll ==> No File.
NETSVC: pfmodnt -> C:\Windows\system32\cpqnicmgmt.dll ==> No File.
NETSVC: PSDFilter -> C:\Windows\system32\atikmdag.dll ==> No File.
NETSVC: naveng -> C:\Windows\system32\wmccdsls.dll ==> No File.
NETSVC: z800mgmt -> C:\Windows\system32\s125obex.dll ==> No File.
NETSVC: cnxtdiag -> C:\Windows\system32\MTsensor.dll ==> No File.
NETSVC: As6frin -> C:\Windows\system32\cobbmservice.dll ==> No File.
NETSVC: hnmsvc -> C:\Windows\system32\b57w2k.dll ==> No File.
NETSVC: UWProSys -> C:\Windows\system32\CTSBLFX.DLL.dll ==> No File.
NETSVC: smcirda -> C:\Windows\system32\BUFADPT.dll ==> No File.
NETSVC: rtl8029 -> C:\Windows\system32\acpiec.dll ==> No File.
NETSVC: mldserv -> C:\Windows\system32\s117nd5.dll ==> No File.
NETSVC: NWSAP -> C:\Windows\system32\SndTDriverV32.dll ==> No File.
NETSVC: merakpop3 -> C:\Windows\system32\smcservice.dll ==> No File.
NETSVC: ftdisk -> C:\Windows\system32\ni_nic.dll ==> No File.
NETSVC: oracle_load_balancer_60_client-forms6ip9 -> C:\Windows\system32\schedule.dll ==> No File.
NETSVC: steamdvr -> C:\Windows\system32\NetTcpPortSharing.dll ==> No File.
NETSVC: websenselogserver -> C:\Windows\system32\elnkservice.dll ==> No File.
NETSVC: cwafreportscheduler -> C:\Windows\system32\imonitor.dll ==> No File.
NETSVC: wanatw -> C:\Windows\system32\ql1080.dll ==> No File.
NETSVC: NIPALK -> C:\Windows\system32\DivisCTP.dll ==> No File.
NETSVC: USBDongle -> C:\Windows\system32\pdlnemap.dll ==> No File.
NETSVC: mrobeservice -> C:\Windows\system32\sfrem01.dll ==> No File.
NETSVC: MRESP50 -> C:\Windows\system32\iaimtv1.dll ==> No File.
NETSVC: KMW_USB -> C:\Windows\system32\WinDriver6.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-10-09 18:13 - 2013-10-09 18:13 - 05131844 _____ (Swearware) C:\Users\Joan\Desktop\ComboFix.exe
2013-10-09 18:01 - 2013-10-09 18:01 - 01087213 _____ (Farbar) C:\Users\Joan\Desktop\FRST.exe
2013-10-09 11:49 - 2013-10-09 17:57 - 00000000 ____D C:\Users\Joan\Desktop\New Folder
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 _____ C:\Windows\system32\REN558E.tmp
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 _____ C:\Windows\system32\REN558D.tmp
2013-10-08 22:27 - 2013-10-08 22:27 - 00891167 _____ C:\Users\Joan\Desktop\SecurityCheck.exe
2013-10-08 22:19 - 2013-10-08 22:22 - 00022940 _____ C:\Users\Joan\Desktop\Addition.txt
2013-10-08 22:17 - 2013-10-08 22:52 - 00243175 _____ C:\Users\Joan\Desktop\post.txt
2013-10-08 22:16 - 2013-10-09 18:08 - 00000000 ____D C:\FRST
2013-10-08 22:16 - 2013-10-08 22:16 - 00002470 _____ C:\Users\Joan\Desktop\aswMBR.txt
2013-10-08 22:16 - 2013-10-08 22:16 - 00000512 _____ C:\Users\Joan\Desktop\MBR.dat
2013-10-08 21:15 - 2013-10-08 21:15 - 04745728 _____ (AVAST Software) C:\Users\Joan\Desktop\aswmbr.exe
2013-10-08 21:14 - 2013-10-08 21:14 - 00012318 _____ C:\Users\Joan\Desktop\JRT.txt
2013-10-08 21:10 - 2013-10-08 21:10 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 21:09 - 2013-10-08 21:09 - 01032220 _____ (Thisisu) C:\Users\Joan\Desktop\JRT.exe
2013-10-08 21:06 - 2013-10-08 21:06 - 00006846 _____ C:\Users\Joan\Desktop\AdwCleaner[S0].txt
2013-10-08 20:58 - 2013-10-08 20:58 - 01045226 _____ C:\Users\Joan\Desktop\AdwCleaner(1).exe
2013-10-08 18:44 - 2013-10-08 22:49 - 00061756 _____ C:\Users\Joan\Desktop\Extras.Txt
2013-10-08 18:42 - 2013-10-08 22:49 - 00227356 _____ C:\Users\Joan\Desktop\OTL.Txt
2013-10-08 18:29 - 2013-10-08 18:29 - 00602112 _____ (OldTimer Tools) C:\Users\Joan\Desktop\OTL.exe
2013-10-08 07:04 - 2013-10-08 07:04 - 00000447 _____ C:\Users\Joan\Desktop\eset.txt
2013-10-07 22:38 - 2013-10-07 22:38 - 00159304 _____ C:\Windows\Minidump\Mini100713-02.dmp
2013-10-07 22:33 - 2013-10-07 22:33 - 00010387 _____ C:\Users\Joan\Desktop\attach.txt
2013-10-07 22:33 - 2013-10-07 22:32 - 00020139 _____ C:\Users\Joan\Desktop\dds.txt
2013-10-07 22:28 - 2013-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\Joan\Desktop\dds.scr
2013-10-07 22:28 - 2013-10-07 22:28 - 00014699 _____ C:\Users\Joan\Desktop\hijackthis.log
2013-10-07 22:27 - 2013-10-07 22:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joan\Desktop\HijackThis.exe
2013-10-07 22:10 - 2013-10-07 22:10 - 02347384 _____ (ESET) C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
2013-10-07 21:58 - 2013-10-07 21:58 - 00159304 _____ C:\Windows\Minidump\Mini100713-01.dmp
2013-10-07 21:56 - 2013-10-08 21:01 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:55 - 2013-10-07 21:55 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joan\Desktop\mbam-setup.exe
2013-10-07 21:28 - 2013-10-09 18:08 - 00000000 ____D C:\Users\Joan\AppData\Local\GC
2013-10-07 16:21 - 2013-10-07 16:21 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-10-06 07:24 - 2013-10-06 07:25 - 00159304 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-04 20:22 - 2013-10-08 18:26 - 00000000 ____D C:\Program Files\RAR Password Unlocker
2013-10-03 21:25 - 2013-10-09 18:03 - 00000000 ____D C:\Users\Joan\AppData\Roaming\iPumper
2013-09-30 22:08 - 2013-10-09 11:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 12:31 - 2013-09-28 14:35 - 00000000 ____D C:\Users\Joan\Desktop\intro to health care
2013-09-20 00:10 - 2013-10-07 22:33 - 00000000 ____D C:\Users\Joan\Desktop\PubHlth 540
2013-09-18 18:42 - 2013-09-18 18:42 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-18 18:40 - 2013-09-18 18:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-18 18:40 - 2013-09-18 18:40 - 00000000 ____D C:\Program Files\iPod
2013-09-13 17:52 - 2013-09-13 17:52 - 00000000 ____D C:\Program Files\R
2013-09-11 22:01 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 22:01 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 22:01 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 22:01 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 22:01 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 22:01 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 22:01 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 22:01 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 22:01 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 22:01 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 22:01 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 22:01 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 22:01 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 22:01 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 22:01 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 22:01 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 05:54 - 2013-08-07 21:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 05:54 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\PDFBinder
2013-09-09 22:15 - 2013-10-08 18:19 - 00000075 _____ C:\DiskDefrag.log
2013-09-09 14:05 - 2013-09-20 00:13 - 00000107 _____ C:\Users\Joan\Desktop\hospital bill.txt

==================== One Month Modified Files and Folders =======

2013-10-09 18:13 - 2013-10-09 18:13 - 05131844 _____ (Swearware) C:\Users\Joan\Desktop\ComboFix.exe
2013-10-09 18:09 - 2012-06-04 21:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-09 18:08 - 2013-10-08 22:16 - 00000000 ____D C:\FRST
2013-10-09 18:08 - 2013-10-07 21:28 - 00000000 ____D C:\Users\Joan\AppData\Local\GC
2013-10-09 18:06 - 2012-05-27 00:32 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 18:06 - 2012-03-17 18:00 - 00061934 _____ C:\Windows\PFRO.log
2013-10-09 18:06 - 2011-11-27 14:27 - 00000000 ____D C:\Program Files\Yahoo!
2013-10-09 18:06 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 18:06 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:06 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:05 - 2006-11-02 09:01 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 18:04 - 2011-11-27 03:03 - 01913588 _____ C:\Windows\WindowsUpdate.log
2013-10-09 18:03 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Joan\AppData\Roaming\iPumper
2013-10-09 18:01 - 2013-10-09 18:01 - 01087213 _____ (Farbar) C:\Users\Joan\Desktop\FRST.exe
2013-10-09 17:57 - 2013-10-09 11:49 - 00000000 ____D C:\Users\Joan\Desktop\New Folder
2013-10-09 17:44 - 2012-04-08 12:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 17:22 - 2012-05-27 00:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 17:21 - 2013-06-18 18:26 - 00000360 _____ C:\Windows\Tasks\WpsUpdateTask_Joan.job
2013-10-09 11:45 - 2011-11-27 14:29 - 00000000 ____D C:\ProgramData\Yahoo!
2013-10-09 11:44 - 2008-02-16 17:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 _____ C:\Windows\system32\REN558E.tmp
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 _____ C:\Windows\system32\REN558D.tmp
2013-10-09 11:39 - 2013-09-30 22:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-09 04:44 - 2012-10-25 18:23 - 00595552 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-10-09 04:44 - 2012-10-25 18:23 - 00025696 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-10-09 04:44 - 2012-10-25 18:23 - 00025696 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-10-09 04:44 - 2012-06-19 18:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-09 03:44 - 2012-04-08 12:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 03:44 - 2011-11-27 04:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 00:26 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 22:52 - 2013-10-08 22:17 - 00243175 _____ C:\Users\Joan\Desktop\post.txt
2013-10-08 22:49 - 2013-10-08 18:44 - 00061756 _____ C:\Users\Joan\Desktop\Extras.Txt
2013-10-08 22:49 - 2013-10-08 18:42 - 00227356 _____ C:\Users\Joan\Desktop\OTL.Txt
2013-10-08 22:27 - 2013-10-08 22:27 - 00891167 _____ C:\Users\Joan\Desktop\SecurityCheck.exe
2013-10-08 22:22 - 2013-10-08 22:19 - 00022940 _____ C:\Users\Joan\Desktop\Addition.txt
2013-10-08 22:21 - 2012-09-15 22:50 - 00000000 ____D C:\Users\Joan\Desktop\Rasstam
2013-10-08 22:16 - 2013-10-08 22:16 - 00002470 _____ C:\Users\Joan\Desktop\aswMBR.txt
2013-10-08 22:16 - 2013-10-08 22:16 - 00000512 _____ C:\Users\Joan\Desktop\MBR.dat
2013-10-08 21:15 - 2013-10-08 21:15 - 04745728 _____ (AVAST Software) C:\Users\Joan\Desktop\aswmbr.exe
2013-10-08 21:14 - 2013-10-08 21:14 - 00012318 _____ C:\Users\Joan\Desktop\JRT.txt
2013-10-08 21:10 - 2013-10-08 21:10 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 21:09 - 2013-10-08 21:09 - 01032220 _____ (Thisisu) C:\Users\Joan\Desktop\JRT.exe
2013-10-08 21:06 - 2013-10-08 21:06 - 00006846 _____ C:\Users\Joan\Desktop\AdwCleaner[S0].txt
2013-10-08 21:06 - 2012-02-04 20:39 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Skype
2013-10-08 21:01 - 2013-10-07 21:56 - 00000000 ____D C:\AdwCleaner
2013-10-08 20:58 - 2013-10-08 20:58 - 01045226 _____ C:\Users\Joan\Desktop\AdwCleaner(1).exe
2013-10-08 18:29 - 2013-10-08 18:29 - 00602112 _____ (OldTimer Tools) C:\Users\Joan\Desktop\OTL.exe
2013-10-08 18:26 - 2013-10-04 20:22 - 00000000 ____D C:\Program Files\RAR Password Unlocker
2013-10-08 18:19 - 2013-09-09 22:15 - 00000075 _____ C:\DiskDefrag.log
2013-10-08 18:19 - 2013-03-21 17:44 - 00000000 ____D C:\Users\Joan\AppData\Roaming\GlarySoft
2013-10-08 07:04 - 2013-10-08 07:04 - 00000447 _____ C:\Users\Joan\Desktop\eset.txt
2013-10-07 22:38 - 2013-10-07 22:38 - 00159304 _____ C:\Windows\Minidump\Mini100713-02.dmp
2013-10-07 22:38 - 2012-04-13 11:48 - 280635584 _____ C:\Windows\MEMORY.DMP
2013-10-07 22:38 - 2011-11-30 08:31 - 00000000 ____D C:\Windows\Minidump
2013-10-07 22:33 - 2013-10-07 22:33 - 00010387 _____ C:\Users\Joan\Desktop\attach.txt
2013-10-07 22:33 - 2013-09-20 00:10 - 00000000 ____D C:\Users\Joan\Desktop\PubHlth 540
2013-10-07 22:32 - 2013-10-07 22:33 - 00020139 _____ C:\Users\Joan\Desktop\dds.txt
2013-10-07 22:28 - 2013-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\Joan\Desktop\dds.scr
2013-10-07 22:28 - 2013-10-07 22:28 - 00014699 _____ C:\Users\Joan\Desktop\hijackthis.log
2013-10-07 22:27 - 2013-10-07 22:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joan\Desktop\HijackThis.exe
2013-10-07 22:10 - 2013-10-07 22:10 - 02347384 _____ (ESET) C:\Users\Joan\Desktop\esetsmartinstaller_enu.exe
2013-10-07 21:58 - 2013-10-07 21:58 - 00159304 _____ C:\Windows\Minidump\Mini100713-01.dmp
2013-10-07 21:55 - 2013-10-07 21:55 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joan\Desktop\mbam-setup.exe
2013-10-07 16:21 - 2013-10-07 16:21 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-10-07 16:16 - 2011-11-27 03:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-07 16:15 - 2006-11-02 06:23 - 00000219 _____ C:\Windows\win.ini
2013-10-06 14:58 - 2013-09-01 19:11 - 00000000 ____D C:\Users\Joan\Desktop\APA 2013
2013-10-06 07:25 - 2013-10-06 07:24 - 00159304 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-05 03:32 - 2013-03-14 12:03 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-02 17:10 - 2013-06-15 14:41 - 00000000 ____D C:\Users\Joan\Desktop\Family TPS
2013-10-01 18:32 - 2012-10-11 18:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-30 23:37 - 2013-03-31 14:19 - 00115905 _____ C:\test.xml
2013-09-28 14:35 - 2013-09-28 12:31 - 00000000 ____D C:\Users\Joan\Desktop\intro to health care
2013-09-28 14:16 - 2013-04-26 18:39 - 00000000 ____D C:\Users\Joan\Desktop\bills
2013-09-20 00:13 - 2013-09-09 14:05 - 00000107 _____ C:\Users\Joan\Desktop\hospital bill.txt
2013-09-20 00:07 - 2013-05-05 17:53 - 00000000 ____D C:\Users\Joan\Desktop\MPH laptop copy
2013-09-19 22:34 - 2006-11-02 06:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 18:42 - 2013-09-18 18:42 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-18 18:42 - 2013-09-18 18:40 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-18 18:42 - 2013-09-06 14:40 - 00000000 ____D C:\Program Files\iTunes
2013-09-18 18:40 - 2013-09-18 18:40 - 00000000 ____D C:\Program Files\iPod
2013-09-18 18:40 - 2011-11-27 16:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-18 18:33 - 2011-11-27 00:48 - 00000000 ____D C:\Users\Joan
2013-09-16 16:18 - 2008-02-16 17:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-13 17:52 - 2013-09-13 17:52 - 00000000 ____D C:\Program Files\R
2013-09-11 22:08 - 2006-11-02 08:47 - 00373080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 21:50 - 2013-08-15 03:10 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:42 - 2006-11-02 06:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\PDFBinder
2013-09-09 22:10 - 2012-05-17 19:17 - 00000000 ____D C:\ProgramData\A-PDF

Some content of TEMP:
====================
C:\Users\Joan\AppData\Local\temp\advapi32.dll
C:\Users\Joan\AppData\Local\temp\dnsapi.dll
C:\Users\Joan\AppData\Local\temp\gdi32.dll
C:\Users\Joan\AppData\Local\temp\ieframe.dll
C:\Users\Joan\AppData\Local\temp\imm32.dll
C:\Users\Joan\AppData\Local\temp\kernel32.dll
C:\Users\Joan\AppData\Local\temp\lpk.dll
C:\Users\Joan\AppData\Local\temp\msctf.dll
C:\Users\Joan\AppData\Local\temp\msvcrt.dll
C:\Users\Joan\AppData\Local\temp\nsi.dll
C:\Users\Joan\AppData\Local\temp\ntdll.dll
C:\Users\Joan\AppData\Local\temp\ole32.dll
C:\Users\Joan\AppData\Local\temp\rpcrt4.dll
C:\Users\Joan\AppData\Local\temp\rsaenh.dll
C:\Users\Joan\AppData\Local\temp\secur32.dll
C:\Users\Joan\AppData\Local\temp\shell32.dll
C:\Users\Joan\AppData\Local\temp\shlwapi.dll
C:\Users\Joan\AppData\Local\temp\SLC.dll
C:\Users\Joan\AppData\Local\temp\user32.dll
C:\Users\Joan\AppData\Local\temp\userenv.dll
C:\Users\Joan\AppData\Local\temp\usp10.dll
C:\Users\Joan\AppData\Local\temp\ws2_32.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-09 18:13

==================== End Of Log ============================


Combofix log

ComboFix 13-10-09.01 - Joan 10/09/2013 18:27:36.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.963.1033.18.2038.953 [GMT -4:00]
Running from: c:\users\Joan\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\519ffdd9ec61e9.89170750.js
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\background.html
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\content.js
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\lsdb.js
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\manifest.json
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\sqlite.js
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpmdkebcojjgflhkkkblajpkpeihmoko_0.localstorage-journal
c:\users\Joan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpmdkebcojjgflhkkkblajpkpeihmoko_0.localstorage
c:\windows\$NtUninstallKB58393$
.
.
((((((((((((((((((((((((( Files Created from 2013-09-09 to 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 22:41 . 2013-10-09 22:44 -------- d-----w- c:\users\Joan\AppData\Local\temp
2013-10-09 22:41 . 2013-10-09 22:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-09 22:41 . 2013-10-09 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-09 22:41 . 2013-10-09 22:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-10-09 15:43 . 2013-10-09 15:43 0 ----a-w- c:\windows\system32\REN558E.tmp
2013-10-09 15:43 . 2013-10-09 15:43 0 ----a-w- c:\windows\system32\REN558D.tmp
2013-10-09 02:16 . 2013-10-09 22:08 -------- d-----w- C:\FRST
2013-10-09 01:10 . 2013-10-09 01:10 -------- d-----w- c:\windows\ERUNT
2013-10-08 11:39 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D582D07A-E3DB-40F1-87DA-10FCF9FD7CF6}\mpengine.dll
2013-10-08 01:56 . 2013-10-09 01:01 -------- d-----w- C:\AdwCleaner
2013-10-08 01:28 . 2013-10-09 22:08 -------- d-----w- c:\users\Joan\AppData\Local\GC
2013-10-07 20:21 . 2013-10-07 20:21 -------- d-----w- c:\programdata\WindowsSearch
2013-10-04 01:25 . 2013-10-09 22:03 -------- d-----w- c:\users\Joan\AppData\Roaming\iPumper
2013-09-18 22:40 . 2013-09-18 22:40 -------- d-----w- c:\program files\iPod
2013-09-18 22:40 . 2013-09-18 22:42 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-13 21:52 . 2013-09-13 21:52 -------- d-----w- c:\program files\R
2013-09-11 09:54 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 09:54 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-10 02:45 . 2013-09-10 02:45 -------- d-----w- c:\users\Joan\AppData\Roaming\Absolute Uninstaller
2013-09-10 02:41 . 2013-09-10 02:41 -------- d-----w- c:\program files\PDFBinder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 08:44 . 2012-10-25 22:23 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-09 08:44 . 2012-10-25 22:23 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-10-09 08:44 . 2012-06-19 22:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-10-09 07:44 . 2012-04-08 16:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 07:44 . 2011-11-27 08:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 08:22 . 2012-03-17 23:42 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 02:48 . 2013-08-27 17:16 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-14 08:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-12 21:33 . 2013-10-01 02:08 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 23:15 . 2013-10-01 02:08 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 21:37 . 2013-10-01 02:08 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 21:35 . 2013-10-01 02:08 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 21:34 . 2013-10-01 02:08 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 21:32 . 2013-10-01 02:08 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 21:35 . 2013-10-01 02:08 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 21:34 . 2013-10-01 02:08 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 17:42 . 2013-10-01 02:08 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 21:37 . 2013-10-01 02:08 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ----a-w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-09 356128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-08 12:35 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 19:16 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Joan\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 21:15 49152 ----a-w- c:\windows\vmsnap3.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ApplePhotoStreams"=c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"iCloudServices"=c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
"Amazon Cloud Drive"=c:\users\Joan\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe"
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXMediaServer"=c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe"
"Athan"="c:\program files\Athan\Athan.exe"
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
UxTuneUp
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
uiusys
vmm
BcmSqlStartupSvc
DCamUSBSQTECH
KLOGNT
aha154x
netrcacm
smartscaps
de_serv
abp480n5
bufserv
ofcpfwsvc
nv4
zpnodecollector
lxcr_device
tdrpman174
OEM02Dev
BCMModem
hotspotshieldservice
serialkeys
cisvc
vusbbus
perc2
awlegacy
aec
cdudf_xp
tcpipBM
pav_security
WscNetDr
stcagent
lbtserv
SE2Cmgmt
procmon10
akshhl
s116unic
smapint
sisperf
SGHIDI
mstdc
USIUDF
EACSvrMngr
pfmodnt
PSDFilter
naveng
z800mgmt
cnxtdiag
As6frin
hnmsvc
UWProSys
smcirda
rtl8029
mldserv
NWSAP
merakpop3
ftdisk
oracle_load_balancer_60_client-forms6ip9
steamdvr
websenselogserver
cwafreportscheduler
wanatw
NIPALK
USBDongle
mrobeservice
MRESP50
KMW_USB
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AppMgmt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 05:14 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 07:44]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 04:32]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 04:32]
.
2013-10-09 c:\windows\Tasks\WpsUpdateTask_Joan.job
- c:\program files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-06-03 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
Trusted Zone: umassmemorial.org\umassvdi
TCP: DhcpNameServer = 216.195.0.131 216.195.0.226 216.195.0.227
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mrmcweb.org/+CSCOL+/csvrloader32.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://mrmcweb.org/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvji7k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.arccosine.com/search.php?q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 18:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\internet explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\internet explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dd,f8,11,27,d8,ff,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\internet explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,a4,2f,96,0e,83,59,4b,80,f7,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,a4,2f,96,0e,83,59,4b,80,f7,3c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6828)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\windows\system32\PSIService.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\System32\WUDFHost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conime.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-10-09 18:51:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-09 22:51
.
Pre-Run: 56,135,983,104 bytes free
Post-Run: 56,514,582,528 bytes free
.
- - End Of File - - 61B1B1DE004ABFB0FD20FEA1651EFAFA
5C616939100B85E558DA92B899A0FC36


TDSSkiller log

18:54:37.0720 6360 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:54:38.0211 6360 ============================================================
18:54:38.0211 6360 Current date / time: 2013/10/09 18:54:38.0211
18:54:38.0211 6360 SystemInfo:
18:54:38.0211 6360
18:54:38.0211 6360 OS Version: 6.0.6002 ServicePack: 2.0
18:54:38.0211 6360 Product type: Workstation
18:54:38.0211 6360 ComputerName: JOAN-PC
18:54:38.0211 6360 UserName: Joan
18:54:38.0211 6360 Windows directory: C:\Windows
18:54:38.0211 6360 System windows directory: C:\Windows
18:54:38.0211 6360 Processor architecture: Intel x86
18:54:38.0211 6360 Number of processors: 2
18:54:38.0211 6360 Page size: 0x1000
18:54:38.0211 6360 Boot type: Normal boot
18:54:38.0211 6360 ============================================================
18:54:39.0404 6360 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:39.0431 6360 ============================================================
18:54:39.0431 6360 \Device\Harddisk0\DR0:
18:54:39.0432 6360 MBR partitions:
18:54:39.0432 6360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFD7800, BlocksNum 0x1031EFF8
18:54:39.0432 6360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x112F6800, BlocksNum 0x61A7800
18:54:39.0432 6360 ============================================================
18:54:39.0578 6360 C: <-> \Device\Harddisk0\DR0\Partition1
18:54:39.0659 6360 F: <-> \Device\Harddisk0\DR0\Partition2
18:54:39.0659 6360 ============================================================
18:54:39.0659 6360 Initialize success
18:54:39.0659 6360 ============================================================
18:54:57.0236 6924 ============================================================
18:54:57.0236 6924 Scan started
18:54:57.0236 6924 Mode: Manual;
18:54:57.0236 6924 ============================================================
18:55:02.0475 6924 ================ Scan system memory ========================
18:55:02.0475 6924 System memory - ok
18:55:02.0476 6924 ================ Scan services =============================
18:55:02.0703 6924 abp480n5 - ok
18:55:02.0791 6924 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:55:02.0795 6924 ACPI - ok
18:55:02.0919 6924 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:55:02.0921 6924 AdobeARMservice - ok
18:55:03.0159 6924 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:55:03.0163 6924 AdobeFlashPlayerUpdateSvc - ok
18:55:03.0336 6924 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:55:03.0344 6924 adp94xx - ok
18:55:03.0467 6924 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:55:03.0473 6924 adpahci - ok
18:55:03.0527 6924 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:55:03.0530 6924 adpu160m - ok
18:55:03.0563 6924 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:55:03.0567 6924 adpu320 - ok
18:55:03.0642 6924 aec - ok
18:55:03.0701 6924 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:55:03.0702 6924 AeLookupSvc - ok
18:55:03.0893 6924 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:55:03.0893 6924 AFD - ok
18:55:03.0956 6924 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:55:03.0956 6924 agp440 - ok
18:55:04.0018 6924 aha154x - ok
18:55:04.0080 6924 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:55:04.0096 6924 aic78xx - ok
18:55:04.0096 6924 akshhl - ok
18:55:04.0143 6924 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:55:04.0143 6924 ALG - ok
18:55:04.0190 6924 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:55:04.0190 6924 aliide - ok
18:55:04.0252 6924 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:55:04.0252 6924 amdagp - ok
18:55:04.0283 6924 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:55:04.0283 6924 amdide - ok
18:55:04.0377 6924 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:55:04.0377 6924 AmdK7 - ok
18:55:04.0486 6924 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:55:04.0486 6924 AmdK8 - ok
18:55:04.0580 6924 [ 18BFF317BDB10C64A35E1CA85F1EC051 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:55:04.0580 6924 ApfiltrService - ok
18:55:04.0736 6924 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:55:04.0736 6924 Appinfo - ok
18:55:04.0923 6924 [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:55:04.0923 6924 Apple Mobile Device - ok
18:55:04.0985 6924 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:55:05.0001 6924 arc - ok
18:55:05.0126 6924 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:55:05.0126 6924 arcsas - ok
18:55:05.0157 6924 As6frin - ok
18:55:05.0219 6924 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:55:05.0235 6924 AsyncMac - ok
18:55:05.0282 6924 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:55:05.0282 6924 atapi - ok
18:55:05.0406 6924 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:55:05.0422 6924 AudioEndpointBuilder - ok
18:55:05.0422 6924 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:55:05.0422 6924 Audiosrv - ok
18:55:05.0531 6924 AVP - ok
18:55:05.0547 6924 awlegacy - ok
18:55:05.0578 6924 BCMModem - ok
18:55:05.0625 6924 BcmSqlStartupSvc - ok
18:55:05.0672 6924 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:55:05.0687 6924 Beep - ok
18:55:05.0890 6924 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:55:05.0906 6924 BFE - ok
18:55:06.0077 6924 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
18:55:06.0108 6924 BITS - ok
18:55:06.0171 6924 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:55:06.0171 6924 blbdrive - ok
18:55:06.0280 6924 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:55:06.0296 6924 Bonjour Service - ok
18:55:06.0358 6924 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:55:06.0358 6924 bowser - ok
18:55:06.0452 6924 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:55:06.0452 6924 BrFiltLo - ok
18:55:06.0498 6924 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:55:06.0498 6924 BrFiltUp - ok
18:55:06.0576 6924 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:55:06.0576 6924 Browser - ok
18:55:06.0670 6924 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:55:06.0670 6924 Brserid - ok
18:55:06.0732 6924 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:55:06.0732 6924 BrSerWdm - ok
18:55:06.0779 6924 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:55:06.0779 6924 BrUsbMdm - ok
18:55:06.0904 6924 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:55:06.0966 6924 BrUsbSer - ok
18:55:07.0107 6924 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:55:07.0107 6924 BTHMODEM - ok
18:55:07.0185 6924 bufserv - ok
18:55:07.0216 6924 catchme - ok
18:55:07.0263 6924 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:55:07.0263 6924 cdfs - ok
18:55:07.0341 6924 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:55:07.0341 6924 cdrom - ok
18:55:07.0356 6924 cdudf_xp - ok
18:55:07.0512 6924 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:55:07.0512 6924 CertPropSvc - ok
18:55:07.0544 6924 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:55:07.0544 6924 circlass - ok
18:55:07.0559 6924 cisvc - ok
18:55:07.0606 6924 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:55:07.0606 6924 CLFS - ok
18:55:07.0731 6924 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:07.0731 6924 clr_optimization_v2.0.50727_32 - ok
18:55:07.0824 6924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:07.0871 6924 clr_optimization_v4.0.30319_32 - ok
18:55:07.0949 6924 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:55:07.0949 6924 CmBatt - ok
18:55:07.0980 6924 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:55:07.0980 6924 cmdide - ok
18:55:07.0996 6924 cnxtdiag - ok
18:55:08.0027 6924 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:55:08.0027 6924 Compbatt - ok
18:55:08.0027 6924 COMSysApp - ok
18:55:08.0043 6924 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:55:08.0043 6924 crcdisk - ok
18:55:08.0058 6924 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:55:08.0058 6924 Crusoe - ok
18:55:08.0214 6924 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:55:08.0214 6924 CryptSvc - ok
18:55:08.0339 6924 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:55:08.0355 6924 ctxusbm - ok
18:55:08.0433 6924 cwafreportscheduler - ok
18:55:08.0448 6924 DCamUSBSQTECH - ok
18:55:08.0604 6924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:55:08.0620 6924 DcomLaunch - ok
18:55:08.0636 6924 de_serv - ok
18:55:08.0667 6924 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:55:08.0667 6924 DfsC - ok
18:55:08.0932 6924 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:55:09.0166 6924 DFSR - ok
18:55:09.0291 6924 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:55:09.0291 6924 Dhcp - ok
18:55:09.0462 6924 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:55:09.0478 6924 disk - ok
18:55:09.0774 6924 [ 9F07FFACD9BC7620369118410126FCEF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
18:55:10.0008 6924 DisplayLinkService - ok
18:55:10.0040 6924 [ A978A92393A57D99817ACAF5718FB3E0 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.3.24903.0.sys
18:55:10.0040 6924 DisplayLinkUsbPort - ok
18:55:10.0086 6924 dlkmd - ok
18:55:10.0118 6924 dlkmdldr - ok
18:55:10.0149 6924 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
18:55:10.0149 6924 DMICall - ok
18:55:10.0180 6924 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:55:10.0196 6924 Dnscache - ok
18:55:10.0258 6924 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:55:10.0258 6924 dot3svc - ok
18:55:10.0289 6924 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:55:10.0305 6924 DPS - ok
18:55:10.0352 6924 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:55:10.0352 6924 drmkaud - ok
18:55:10.0398 6924 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:55:10.0398 6924 dsNcAdpt - ok
18:55:10.0476 6924 [ 824C188936FDC1B20FB32192B57CDEBA ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
18:55:10.0476 6924 dsNcService - ok
18:55:10.0570 6924 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:55:10.0570 6924 DXGKrnl - ok
18:55:10.0648 6924 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:55:10.0648 6924 E1G60 - ok
18:55:10.0648 6924 EACSvrMngr - ok
18:55:10.0710 6924 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:55:10.0726 6924 EapHost - ok
18:55:10.0788 6924 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:55:10.0788 6924 Ecache - ok
18:55:10.0866 6924 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:55:10.0866 6924 ehRecvr - ok
18:55:10.0898 6924 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:55:10.0898 6924 ehSched - ok
18:55:10.0929 6924 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:55:10.0929 6924 ehstart - ok
18:55:11.0007 6924 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:55:11.0007 6924 elxstor - ok
18:55:11.0116 6924 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:55:11.0116 6924 EMDMgmt - ok
18:55:11.0178 6924 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:55:11.0210 6924 ErrDev - ok
18:55:11.0303 6924 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:55:11.0303 6924 EventSystem - ok
18:55:11.0366 6924 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:55:11.0366 6924 exfat - ok
18:55:11.0412 6924 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:55:11.0428 6924 fastfat - ok
18:55:11.0475 6924 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:55:11.0475 6924 fdc - ok
18:55:11.0568 6924 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:55:11.0568 6924 fdPHost - ok
18:55:11.0600 6924 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:55:11.0600 6924 FDResPub - ok
18:55:11.0631 6924 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:55:11.0646 6924 FileInfo - ok
18:55:11.0662 6924 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:55:11.0662 6924 Filetrace - ok
18:55:11.0693 6924 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:55:11.0693 6924 flpydisk - ok
18:55:11.0756 6924 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:55:11.0756 6924 FltMgr - ok
18:55:11.0927 6924 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll
18:55:11.0927 6924 FontCache - ok
18:55:12.0036 6924 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:55:12.0036 6924 FontCache3.0.0.0 - ok
18:55:12.0114 6924 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:55:12.0114 6924 Fs_Rec - ok
18:55:12.0114 6924 ftdisk - ok
18:55:12.0161 6924 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:55:12.0161 6924 gagp30kx - ok
18:55:12.0192 6924 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:55:12.0192 6924 GEARAspiWDM - ok
18:55:12.0270 6924 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:55:12.0270 6924 gpsvc - ok
18:55:12.0348 6924 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:55:12.0348 6924 gupdate - ok
18:55:12.0364 6924 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:55:12.0380 6924 gupdatem - ok
18:55:12.0489 6924 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:55:12.0504 6924 HdAudAddService - ok
18:55:12.0551 6924 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:55:12.0567 6924 HDAudBus - ok
18:55:12.0582 6924 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:55:12.0598 6924 HidBth - ok
18:55:12.0629 6924 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:55:12.0629 6924 HidIr - ok
18:55:12.0676 6924 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:55:12.0676 6924 hidserv - ok
18:55:12.0723 6924 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:55:12.0723 6924 HidUsb - ok
18:55:12.0770 6924 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:55:12.0770 6924 hkmsvc - ok
18:55:12.0801 6924 hnmsvc - ok
18:55:12.0816 6924 hotspotshieldservice - ok
18:55:12.0863 6924 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:55:12.0863 6924 HpCISSs - ok
18:55:12.0941 6924 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:55:12.0941 6924 HSFHWAZL - ok
18:55:13.0035 6924 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:55:13.0050 6924 HSF_DPV - ok
18:55:13.0113 6924 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:55:13.0128 6924 HSXHWAZL - ok
18:55:13.0175 6924 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:55:13.0175 6924 HTTP - ok
18:55:13.0222 6924 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:55:13.0222 6924 i2omp - ok
18:55:13.0300 6924 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:55:13.0300 6924 i8042prt - ok
18:55:13.0472 6924 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:55:13.0487 6924 IAANTMON - ok
18:55:13.0596 6924 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:55:13.0596 6924 iaStor - ok
18:55:13.0628 6924 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:55:13.0628 6924 iaStorV - ok
18:55:13.0690 6924 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:55:13.0690 6924 IDriverT - ok
18:55:13.0862 6924 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:55:13.0877 6924 idsvc - ok
18:55:14.0064 6924 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:55:14.0158 6924 igfx - ok
18:55:14.0205 6924 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:55:14.0205 6924 iirsp - ok
18:55:14.0267 6924 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:55:14.0283 6924 IKEEXT - ok
18:55:14.0376 6924 [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:55:14.0408 6924 IntcAzAudAddService - ok
18:55:14.0439 6924 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:55:14.0439 6924 intelide - ok
18:55:14.0486 6924 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:55:14.0486 6924 intelppm - ok
18:55:14.0532 6924 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:55:14.0532 6924 IPBusEnum - ok
18:55:14.0548 6924 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:14.0564 6924 IpFilterDriver - ok
18:55:14.0626 6924 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:55:14.0626 6924 iphlpsvc - ok
18:55:14.0642 6924 IpInIp - ok
18:55:14.0688 6924 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:55:14.0688 6924 IPMIDRV - ok
18:55:14.0704 6924 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:55:14.0720 6924 IPNAT - ok
18:55:14.0766 6924 [ C00149A7027081539A66DC5A46695EAD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:55:14.0782 6924 iPod Service - ok
18:55:14.0798 6924 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:55:14.0798 6924 IRENUM - ok
18:55:14.0829 6924 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:55:14.0829 6924 isapnp - ok
18:55:14.0876 6924 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:55:14.0891 6924 iScsiPrt - ok
18:55:14.0907 6924 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:55:14.0907 6924 iteatapi - ok
18:55:14.0938 6924 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:55:14.0938 6924 iteraid - ok
18:55:14.0969 6924 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:55:14.0969 6924 IviRegMgr - ok
18:55:15.0000 6924 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:15.0000 6924 kbdclass - ok
18:55:15.0032 6924 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:55:15.0032 6924 kbdhid - ok
18:55:15.0047 6924 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:55:15.0047 6924 KeyIso - ok
18:55:15.0110 6924 [ 2AD446E7A867C48099227415DD66FB34 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
18:55:15.0110 6924 KL1 - ok
18:55:15.0172 6924 [ 8C547EB6709BF41E0625EFCDF13C63CE ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:55:15.0188 6924 KLIF - ok
18:55:15.0219 6924 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:55:15.0219 6924 KLIM6 - ok
18:55:15.0266 6924 [ 249A266AF74ADE44AE8424E78D145E09 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
18:55:15.0266 6924 klkbdflt - ok
18:55:15.0297 6924 [ 035724BA6D5676B76FD3AFB66AB4F1E3 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:55:15.0297 6924 klmouflt - ok
18:55:15.0312 6924 KLOGNT - ok
18:55:15.0375 6924 [ 8FD802F86D4AB3FB329B8E51517BFF2A ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
18:55:15.0375 6924 kltdi - ok
18:55:15.0437 6924 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
18:55:15.0437 6924 KMWDFILTER - ok
18:55:15.0437 6924 KMW_USB - ok
18:55:15.0484 6924 [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps C:\Windows\system32\DRIVERS\kneps.sys
18:55:15.0484 6924 kneps - ok
18:55:15.0593 6924 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:55:15.0609 6924 KSecDD - ok
18:55:15.0796 6924 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:55:15.0796 6924 KtmRm - ok
18:55:15.0843 6924 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:55:15.0843 6924 LanmanServer - ok
18:55:16.0014 6924 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:55:16.0030 6924 LanmanWorkstation - ok
18:55:16.0061 6924 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:55:16.0077 6924 lltdio - ok
18:55:16.0108 6924 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:55:16.0108 6924 lltdsvc - ok
18:55:16.0139 6924 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:55:16.0139 6924 lmhosts - ok
18:55:16.0170 6924 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:55:16.0170 6924 LSI_FC - ok
18:55:16.0202 6924 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:55:16.0202 6924 LSI_SAS - ok
18:55:16.0295 6924 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:55:16.0295 6924 LSI_SCSI - ok
18:55:16.0311 6924 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:55:16.0311 6924 luafv - ok
18:55:16.0373 6924 lxcr_device - ok
18:55:16.0404 6924 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2svc.dll
18:55:16.0404 6924 Mcx2Svc - ok
18:55:16.0451 6924 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:55:16.0451 6924 mdmxsdk - ok
18:55:16.0498 6924 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:55:16.0498 6924 megasas - ok
18:55:16.0560 6924 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:55:16.0576 6924 MegaSR - ok
18:55:16.0607 6924 merakpop3 - ok
18:55:16.0701 6924 Microsoft SharePoint Workspace Audit Service - ok
18:55:16.0701 6924 mldserv - ok
18:55:16.0763 6924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:55:16.0763 6924 MMCSS - ok
18:55:16.0794 6924 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:55:16.0794 6924 Modem - ok
18:55:16.0857 6924 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:55:16.0857 6924 monitor - ok
18:55:16.0888 6924 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:55:16.0888 6924 mouclass - ok
18:55:16.0904 6924 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:55:16.0904 6924 mouhid - ok
18:55:16.0919 6924 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:55:16.0919 6924 MountMgr - ok
18:55:17.0028 6924 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:55:17.0028 6924 MozillaMaintenance - ok
18:55:17.0138 6924 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:55:17.0138 6924 mpio - ok
18:55:17.0169 6924 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:55:17.0169 6924 mpsdrv - ok
18:55:17.0294 6924 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:55:17.0309 6924 MpsSvc - ok
18:55:17.0372 6924 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:55:17.0372 6924 Mraid35x - ok
18:55:17.0372 6924 MRESP50 - ok
18:55:17.0387 6924 mrobeservice - ok
18:55:17.0418 6924 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:55:17.0418 6924 MRxDAV - ok
18:55:17.0496 6924 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:17.0496 6924 mrxsmb - ok
18:55:17.0621 6924 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:17.0621 6924 mrxsmb10 - ok
18:55:17.0637 6924 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:17.0637 6924 mrxsmb20 - ok
18:55:17.0684 6924 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:55:17.0684 6924 msahci - ok
18:55:17.0840 6924 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:55:17.0840 6924 MSCSPTISRV - ok
18:55:17.0855 6924 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:55:17.0871 6924 msdsm - ok
18:55:17.0902 6924 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:55:17.0918 6924 MSDTC - ok
18:55:17.0949 6924 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:55:17.0949 6924 Msfs - ok
18:55:17.0980 6924 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:55:17.0996 6924 msisadrv - ok
18:55:18.0027 6924 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:55:18.0042 6924 MSiSCSI - ok
18:55:18.0042 6924 msiserver - ok
18:55:18.0058 6924 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:55:18.0058 6924 MSKSSRV - ok
18:55:18.0089 6924 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:18.0089 6924 MSPCLOCK - ok
18:55:18.0105 6924 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:55:18.0105 6924 MSPQM - ok
18:55:18.0152 6924 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:55:18.0152 6924 MsRPC - ok
18:55:18.0198 6924 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:18.0198 6924 mssmbios - ok
18:55:18.0198 6924 mstdc - ok
18:55:18.0261 6924 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:55:18.0261 6924 MSTEE - ok
18:55:18.0292 6924 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:55:18.0292 6924 Mup - ok
18:55:18.0339 6924 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:55:18.0339 6924 napagent - ok
18:55:18.0401 6924 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:55:18.0401 6924 NativeWifiP - ok
18:55:18.0401 6924 naveng - ok
18:55:18.0464 6924 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:55:18.0464 6924 NDIS - ok
18:55:18.0510 6924 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:18.0510 6924 NdisTapi - ok
18:55:18.0526 6924 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:18.0526 6924 Ndisuio - ok
18:55:18.0526 6924 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:18.0526 6924 NdisWan - ok
18:55:18.0557 6924 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:55:18.0557 6924 NDProxy - ok
18:55:18.0557 6924 NecUsb3 - ok
18:55:18.0573 6924 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:55:18.0573 6924 NetBIOS - ok
18:55:18.0588 6924 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:55:18.0604 6924 netbt - ok
18:55:18.0620 6924 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:55:18.0620 6924 Netlogon - ok
18:55:18.0651 6924 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:55:18.0666 6924 Netman - ok
18:55:18.0698 6924 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:55:18.0698 6924 netprofm - ok
18:55:18.0698 6924 netrcacm - ok
18:55:18.0744 6924 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:18.0744 6924 NetTcpPortSharing - ok
18:55:18.0854 6924 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
18:55:18.0900 6924 NETw3v32 - ok
18:55:19.0056 6924 [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
18:55:19.0088 6924 NETw4v32 - ok
18:55:19.0119 6924 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:55:19.0119 6924 nfrd960 - ok
18:55:19.0119 6924 NIPALK - ok
18:55:19.0166 6924 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:55:19.0166 6924 NlaSvc - ok
18:55:19.0197 6924 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:55:19.0197 6924 Npfs - ok
18:55:19.0212 6924 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:55:19.0212 6924 nsi - ok
18:55:19.0244 6924 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:55:19.0244 6924 nsiproxy - ok
18:55:19.0290 6924 [ 42CE5E77721E60F39858FF2A35450342 ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
18:55:19.0290 6924 NSUService - ok
18:55:19.0446 6924 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:55:19.0478 6924 Ntfs - ok
18:55:19.0540 6924 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:55:19.0540 6924 ntrigdigi - ok
18:55:19.0571 6924 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:55:19.0571 6924 Null - ok
18:55:19.0587 6924 nv4 - ok
18:55:19.0618 6924 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:55:19.0618 6924 nvraid - ok
18:55:19.0649 6924 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:55:19.0649 6924 nvstor - ok
18:55:19.0680 6924 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:55:19.0680 6924 nv_agp - ok
18:55:19.0696 6924 NwlnkFlt - ok
18:55:19.0712 6924 NwlnkFwd - ok
18:55:19.0727 6924 NWSAP - ok
18:55:19.0743 6924 OEM02Dev - ok
18:55:19.0758 6924 ofcpfwsvc - ok
18:55:19.0805 6924 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:55:19.0805 6924 ohci1394 - ok
18:55:19.0805 6924 oracle_load_balancer_60_client-forms6ip9 - ok
18:55:19.0883 6924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:19.0883 6924 ose - ok
18:55:20.0086 6924 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:55:20.0226 6924 osppsvc - ok
18:55:20.0523 6924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:55:20.0523 6924 p2pimsvc - ok
18:55:20.0538 6924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:55:20.0554 6924 p2psvc - ok
18:55:20.0570 6924 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:55:20.0585 6924 PACSPTISVR - ok
18:55:20.0616 6924 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:55:20.0616 6924 Parport - ok
18:55:20.0648 6924 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:55:20.0648 6924 partmgr - ok
18:55:20.0679 6924 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:55:20.0679 6924 Parvdm - ok
18:55:20.0679 6924 pav_security - ok
18:55:20.0710 6924 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:55:20.0710 6924 PcaSvc - ok
18:55:20.0726 6924 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:55:20.0726 6924 pci - ok
18:55:20.0741 6924 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:55:20.0741 6924 pciide - ok
18:55:20.0772 6924 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:20.0772 6924 pcmcia - ok
18:55:20.0835 6924 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:55:20.0850 6924 PEAUTH - ok
18:55:20.0850 6924 perc2 - ok
18:55:20.0882 6924 pfmodnt - ok
18:55:21.0084 6924 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:55:21.0147 6924 pla - ok
18:55:21.0162 6924 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:55:21.0178 6924 PlugPlay - ok
18:55:21.0225 6924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:55:21.0240 6924 PNRPAutoReg - ok
18:55:21.0240 6924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:55:21.0256 6924 PNRPsvc - ok
18:55:21.0396 6924 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:55:21.0396 6924 PolicyAgent - ok
18:55:21.0428 6924 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:55:21.0428 6924 PptpMiniport - ok
18:55:21.0459 6924 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:55:21.0459 6924 Processor - ok
18:55:21.0490 6924 ProcObsrv - ok
18:55:21.0521 6924 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:55:21.0521 6924 ProfSvc - ok
18:55:21.0552 6924 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:55:21.0552 6924 ProtectedStorage - ok
18:55:21.0599 6924 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
18:55:21.0599 6924 ProtexisLicensing - ok
18:55:21.0646 6924 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:55:21.0646 6924 PSched - ok
18:55:21.0646 6924 PSDFilter - ok
18:55:21.0662 6924 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:55:21.0677 6924 PxHelp20 - ok
18:55:21.0771 6924 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:55:21.0802 6924 ql2300 - ok
18:55:21.0818 6924 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:55:21.0818 6924 ql40xx - ok
18:55:21.0864 6924 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:55:21.0864 6924 QWAVE - ok
18:55:21.0880 6924 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:55:21.0880 6924 QWAVEdrv - ok
18:55:21.0911 6924 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:55:21.0911 6924 RasAcd - ok
18:55:21.0927 6924 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:55:21.0927 6924 RasAuto - ok
18:55:21.0958 6924 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:21.0958 6924 Rasl2tp - ok
18:55:21.0989 6924 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:55:22.0005 6924 RasMan - ok
18:55:22.0036 6924 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:22.0036 6924 RasPppoe - ok
18:55:22.0036 6924 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:55:22.0036 6924 RasSstp - ok
18:55:22.0083 6924 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:55:22.0098 6924 rdbss - ok
18:55:22.0145 6924 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:22.0145 6924 RDPCDD - ok
18:55:22.0161 6924 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:55:22.0176 6924 rdpdr - ok
18:55:22.0176 6924 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:55:22.0176 6924 RDPENCDD - ok
18:55:22.0208 6924 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:55:22.0208 6924 RDPWD - ok
18:55:22.0239 6924 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
18:55:22.0239 6924 regi - ok
18:55:22.0286 6924 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:55:22.0286 6924 RemoteAccess - ok
18:55:22.0332 6924 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:55:22.0332 6924 RemoteRegistry - ok
18:55:22.0364 6924 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:55:22.0364 6924 RpcLocator - ok
18:55:22.0395 6924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
18:55:22.0410 6924 RpcSs - ok
18:55:22.0457 6924 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:55:22.0457 6924 rspndr - ok
18:55:22.0473 6924 rtl8029 - ok
18:55:22.0488 6924 RTL8192su - ok
18:55:22.0488 6924 s116unic - ok
18:55:22.0520 6924 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:55:22.0520 6924 SamSs - ok
18:55:22.0535 6924 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:55:22.0551 6924 sbp2port - ok
18:55:22.0582 6924 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:55:22.0582 6924 SCardSvr - ok
18:55:22.0644 6924 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:55:22.0644 6924 Schedule - ok
18:55:22.0691 6924 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:55:22.0691 6924 SCPolicySvc - ok
18:55:22.0707 6924 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:55:22.0707 6924 SDRSVC - ok
18:55:22.0738 6924 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:55:22.0754 6924 secdrv - ok
18:55:22.0800 6924 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:55:22.0816 6924 seclogon - ok
18:55:22.0847 6924 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:55:22.0847 6924 SENS - ok
18:55:22.0941 6924 [ AC1F2A09B76B57356F906EEDA43CCC2A ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
18:55:22.0941 6924 Ser2pl - ok
18:55:22.0972 6924 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:55:22.0988 6924 Serenum - ok
18:55:23.0034 6924 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:55:23.0050 6924 Serial - ok
18:55:23.0050 6924 serialkeys - ok
18:55:23.0067 6924 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:55:23.0082 6924 sermouse - ok
18:55:23.0113 6924 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:55:23.0129 6924 SessionEnv - ok
18:55:23.0145 6924 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
18:55:23.0145 6924 SFEP - ok
18:55:23.0160 6924 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:55:23.0176 6924 sffdisk - ok
18:55:23.0191 6924 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:55:23.0191 6924 sffp_mmc - ok
18:55:23.0223 6924 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:55:23.0223 6924 sffp_sd - ok
18:55:23.0238 6924 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:55:23.0238 6924 sfloppy - ok
18:55:23.0254 6924 SGHIDI - ok
18:55:23.0316 6924 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:55:23.0316 6924 SharedAccess - ok
18:55:23.0347 6924 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:55:23.0347 6924 ShellHWDetection - ok
18:55:23.0394 6924 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:55:23.0394 6924 sisagp - ok
18:55:23.0394 6924 sisperf - ok
18:55:23.0425 6924 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:55:23.0425 6924 SiSRaid2 - ok
18:55:23.0441 6924 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:55:23.0441 6924 SiSRaid4 - ok
18:55:23.0535 6924 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:55:23.0535 6924 SkypeUpdate - ok
18:55:24.0112 6924 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:55:24.0252 6924 slsvc - ok
18:55:24.0283 6924 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:55:24.0299 6924 SLUINotify - ok
18:55:24.0299 6924 smapint - ok
18:55:24.0315 6924 smartscaps - ok
18:55:24.0346 6924 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:55:24.0361 6924 Smb - ok
18:55:24.0361 6924 smcirda - ok
18:55:24.0408 6924 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:55:24.0408 6924 SNMPTRAP - ok
18:55:24.0439 6924 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:55:24.0439 6924 spldr - ok
18:55:24.0455 6924 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:55:24.0471 6924 Spooler - ok
18:55:24.0502 6924 [ 68103A2B441BBF3908EBB587F0704D6C ] sptd C:\Windows\System32\Drivers\sptd.sys
18:55:24.0517 6924 sptd - ok
18:55:24.0549 6924 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:55:24.0549 6924 SPTISRV - ok
18:55:24.0564 6924 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:55:24.0564 6924 srv - ok
18:55:24.0595 6924 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:55:24.0611 6924 srv2 - ok
18:55:24.0658 6924 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:55:24.0658 6924 srvnet - ok
18:55:24.0689 6924 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:55:24.0689 6924 SSDPSRV - ok
18:55:24.0736 6924 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:55:24.0736 6924 SstpSvc - ok
18:55:24.0751 6924 stcagent - ok
18:55:24.0751 6924 steamdvr - ok
18:55:24.0814 6924 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:55:24.0829 6924 stisvc - ok
18:55:24.0861 6924 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:55:24.0861 6924 swenum - ok
18:55:24.0892 6924 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:55:24.0907 6924 swprv - ok
18:55:24.0939 6924 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:55:24.0939 6924 Symc8xx - ok
18:55:24.0970 6924 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:55:24.0970 6924 Sym_hi - ok
18:55:24.0985 6924 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:55:24.0985 6924 Sym_u3 - ok
18:55:25.0032 6924 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:55:25.0048 6924 SysMain - ok
18:55:25.0079 6924 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:55:25.0079 6924 TabletInputService - ok
18:55:25.0110 6924 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:55:25.0126 6924 TapiSrv - ok
18:55:25.0157 6924 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:55:25.0157 6924 TBS - ok
18:55:25.0266 6924 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:55:25.0282 6924 Tcpip - ok
18:55:25.0297 6924 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:55:25.0313 6924 Tcpip6 - ok
18:55:25.0313 6924 tcpipBM - ok
18:55:25.0344 6924 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:55:25.0344 6924 tcpipreg - ok
18:55:25.0375 6924 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:55:25.0375 6924 TDPIPE - ok
18:55:25.0391 6924 tdrpman174 - ok
18:55:25.0407 6924 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:55:25.0407 6924 TDTCP - ok
18:55:25.0453 6924 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:55:25.0453 6924 tdx - ok
18:55:26.0889 6924 [ F67C21CC4195F6AFC447418FE163E156 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:55:27.0606 6924 TeamViewer8 - ok
18:55:27.0637 6924 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:55:27.0637 6924 TermDD - ok
18:55:27.0684 6924 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:55:27.0700 6924 TermService - ok
18:55:27.0715 6924 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:55:27.0715 6924 Themes - ok
18:55:27.0762 6924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:55:27.0762 6924 THREADORDER - ok
18:55:27.0856 6924 [ 909CD987B54A8179C9AEE874D754721A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
18:55:27.0871 6924 ti21sony - ok
18:55:27.0903 6924 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:55:27.0918 6924 TrkWks - ok
18:55:27.0996 6924 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:55:27.0996 6924 TrustedInstaller - ok
18:55:28.0043 6924 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:28.0043 6924 tssecsrv - ok
18:55:28.0152 6924 [ 86CD728FB5F6A409112662E1596D987B ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
18:55:28.0183 6924 TuneUp.UtilitiesSvc - ok
18:55:28.0215 6924 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
18:55:28.0215 6924 TuneUpUtilitiesDrv - ok
18:55:28.0230 6924 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:55:28.0230 6924 tunmp - ok
18:55:28.0261 6924 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:55:28.0261 6924 tunnel - ok
18:55:28.0293 6924 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:55:28.0293 6924 uagp35 - ok
18:55:28.0339 6924 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:55:28.0339 6924 udfs - ok
18:55:28.0386 6924 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:55:28.0386 6924 UI0Detect - ok
18:55:28.0402 6924 uiusys - ok
18:55:28.0417 6924 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:55:28.0417 6924 uliagpkx - ok
18:55:28.0449 6924 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:55:28.0449 6924 uliahci - ok
18:55:28.0480 6924 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:55:28.0495 6924 UlSata - ok
18:55:28.0511 6924 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:55:28.0511 6924 ulsata2 - ok
18:55:28.0542 6924 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:55:28.0542 6924 umbus - ok
18:55:28.0573 6924 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
18:55:28.0573 6924 UMPass - ok
18:55:28.0605 6924 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:55:28.0605 6924 upnphost - ok
18:55:28.0651 6924 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:55:28.0651 6924 USBAAPL - ok
18:55:28.0714 6924 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:55:28.0714 6924 usbaudio - ok
18:55:28.0761 6924 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:28.0761 6924 usbccgp - ok
18:55:28.0854 6924 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:55:28.0854 6924 usbcir - ok
18:55:28.0870 6924 USBDongle - ok
18:55:28.0917 6924 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:55:28.0917 6924 usbehci - ok
18:55:28.0948 6924 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:55:28.0948 6924 usbhub - ok
18:55:28.0979 6924 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:55:28.0979 6924 usbohci - ok
18:55:29.0010 6924 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:55:29.0010 6924 usbprint - ok
18:55:29.0057 6924 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:55:29.0073 6924 usbscan - ok
18:55:29.0088 6924 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:29.0088 6924 USBSTOR - ok
18:55:29.0119 6924 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:55:29.0119 6924 usbuhci - ok
18:55:29.0119 6924 USIUDF - ok
18:55:29.0135 6924 UWProSys - ok
18:55:29.0166 6924 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:55:29.0166 6924 UxSms - ok
18:55:29.0213 6924 [ DE2C51E244E543ED4C649052BA66DC0D ] UxTuneUp C:\Windows\System32\uxtuneup.dll
18:55:29.0213 6924 UxTuneUp - ok
18:55:29.0291 6924 [ AFBCD738DF9DE3B6D71AFC704E7F27FB ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:55:29.0291 6924 VAIO Entertainment TV Device Arbitration Service - ok
18:55:29.0369 6924 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
18:55:29.0369 6924 VAIO Event Service - ok
18:55:30.0071 6924 [ 4B8F85BFC82B849D52FD4F3F32259DBC ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
18:55:30.0165 6924 VAIOMediaPlatform-IntegratedServer-AppServer - ok
18:55:30.0227 6924 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:55:30.0227 6924 VAIOMediaPlatform-IntegratedServer-HTTP - ok
18:55:30.0430 6924 [ 58558F3DC2FEF127B697D1138A8D7AFB ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:55:30.0539 6924 VAIOMediaPlatform-IntegratedServer-UPnP - ok
18:55:30.0586 6924 [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
18:55:30.0586 6924 VAIOMediaPlatform-UCLS-AppServer - ok
18:55:30.0617 6924 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:55:30.0617 6924 VAIOMediaPlatform-UCLS-HTTP - ok
18:55:30.0648 6924 [ 58558F3DC2FEF127B697D1138A8D7AFB ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:55:30.0648 6924 VAIOMediaPlatform-UCLS-UPnP - ok
18:55:30.0742 6924 [ 6EF45DF2FCC4AE35C715A6C9B5C68B17 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:55:30.0742 6924 VcmIAlzMgr - ok
18:55:30.0835 6924 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
18:55:30.0851 6924 VcmXmlIfHelper - ok
18:55:30.0851 6924 Vcsw - ok
18:55:30.0929 6924 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:55:30.0929 6924 vds - ok
18:55:30.0960 6924 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:30.0976 6924 vga - ok
18:55:31.0007 6924 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:55:31.0007 6924 VgaSave - ok
18:55:31.0023 6924 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:55:31.0038 6924 viaagp - ok
18:55:31.0054 6924 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:55:31.0054 6924 ViaC7 - ok
18:55:31.0069 6924 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:55:31.0069 6924 viaide - ok
18:55:31.0069 6924 vmm - ok
18:55:31.0101 6924 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:55:31.0101 6924 volmgr - ok
18:55:31.0194 6924 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:55:31.0194 6924 volmgrx - ok
18:55:31.0225 6924 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:55:31.0225 6924 volsnap - ok
18:55:31.0288 6924 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:55:31.0288 6924 vsmraid - ok
18:55:31.0350 6924 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:55:31.0366 6924 VSS - ok
18:55:31.0881 6924 [ 416F115DC1003BB624D03E019C3D563D ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
18:55:31.0959 6924 VUAgent - ok
18:55:31.0959 6924 vusbbus - ok
18:55:32.0005 6924 [ 212F0BE9ECA72CB56F9C30E4FE1858E2 ] vvftav303 C:\Windows\system32\drivers\vvftav303.sys
18:55:32.0021 6924 vvftav303 - ok
18:55:32.0068 6924 [ 2E785F4F92C4C67CEBB61DD55ED1F6A1 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:55:32.0068 6924 VzCdbSvc - ok
18:55:32.0099 6924 [ 2D876CAD8C7FFB08179DFF361FF851E6 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:55:32.0099 6924 VzFw - ok
18:55:32.0130 6924 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:55:32.0146 6924 W32Time - ok
18:55:32.0161 6924 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:55:32.0177 6924 WacomPen - ok
18:55:32.0193 6924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:55:32.0193 6924 Wanarp - ok
18:55:32.0193 6924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:55:32.0193 6924 Wanarpv6 - ok
18:55:32.0208 6924 wanatw - ok
18:55:32.0333 6924 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:55:32.0333 6924 wcncsvc - ok
18:55:32.0411 6924 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:55:32.0427 6924 WcsPlugInService - ok
18:55:32.0458 6924 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:55:32.0458 6924 Wd - ok
18:55:32.0505 6924 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:55:32.0520 6924 Wdf01000 - ok
18:55:32.0536 6924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:55:32.0536 6924 WdiServiceHost - ok
18:55:32.0536 6924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:55:32.0551 6924 WdiSystemHost - ok
18:55:32.0583 6924 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:55:32.0583 6924 WebClient - ok
18:55:32.0598 6924 websenselogserver - ok
18:55:32.0629 6924 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:55:32.0645 6924 Wecsvc - ok
18:55:32.0707 6924 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:55:32.0707 6924 wercplsupport - ok
18:55:32.0739 6924 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:55:32.0739 6924 WerSvc - ok
18:55:32.0770 6924 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:55:32.0785 6924 WimFltr - ok
18:55:32.0832 6924 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:55:32.0848 6924 winachsf - ok
18:55:32.0895 6924 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:55:32.0910 6924 WinDefend - ok
18:55:32.0910 6924 WinHttpAutoProxySvc - ok
18:55:33.0004 6924 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:55:33.0004 6924 Winmgmt - ok
18:55:33.0082 6924 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:55:33.0113 6924 WinRM - ok
18:55:33.0144 6924 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb C:\Windows\system32\DRIVERS\winusb.sys
18:55:33.0144 6924 winusb - ok
18:55:33.0191 6924 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:55:33.0191 6924 Wlansvc - ok
18:55:33.0628 6924 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:55:33.0675 6924 wlidsvc - ok
18:55:33.0721 6924 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:55:33.0721 6924 WmiAcpi - ok
18:55:33.0768 6924 [ 43BE3875207DCB62A85C8C49970B66CC ] WmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:55:33.0768 6924 WmiApSrv - ok
18:55:34.0065 6924 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:55:34.0111 6924 WMPNetworkSvc - ok
18:55:34.0143 6924 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:55:34.0143 6924 WPCSvc - ok
18:55:34.0158 6924 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:55:34.0174 6924 WPDBusEnum - ok
18:55:34.0205 6924 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:55:34.0205 6924 WpdUsb - ok
18:55:34.0517 6924 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:55:34.0595 6924 WPFFontCache_v0400 - ok
18:55:34.0626 6924 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:55:34.0626 6924 ws2ifsl - ok
18:55:34.0642 6924 WscNetDr - ok
18:55:34.0673 6924 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:55:34.0689 6924 wscsvc - ok
18:55:34.0689 6924 WSearch - ok
18:55:34.0845 6924 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:55:34.0891 6924 wuauserv - ok
18:55:34.0923 6924 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:55:34.0923 6924 WudfPf - ok
18:55:34.0969 6924 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:34.0969 6924 WUDFRd - ok
18:55:35.0001 6924 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:55:35.0001 6924 wudfsvc - ok
18:55:35.0047 6924 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:55:35.0047 6924 XAudio - ok
18:55:35.0063 6924 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:55:35.0079 6924 XAudioService - ok
18:55:35.0094 6924 [ 2D07E65ED0023BB10B13A912B27DFB1A ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:55:35.0094 6924 yukonwlh - ok
18:55:35.0110 6924 z800mgmt - ok
18:55:35.0110 6924 zpnodecollector - ok
18:55:35.0297 6924 [ 51DF76D8F9DDF0E0012639448652956D ] ZSMC0303 C:\Windows\system32\Drivers\usbVM303.sys
18:55:35.0375 6924 ZSMC0303 - ok
18:55:35.0406 6924 ================ Scan global ===============================
18:55:35.0437 6924 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:55:35.0469 6924 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:55:35.0484 6924 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:55:35.0531 6924 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:55:35.0531 6924 [Global] - ok
18:55:35.0531 6924 ================ Scan MBR ==================================
18:55:35.0562 6924 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:55:35.0921 6924 \Device\Harddisk0\DR0 - ok
18:55:35.0921 6924 ================ Scan VBR ==================================
18:55:35.0968 6924 [ E0DD9EDC4AD5F1E7F8523439DDC4CBC2 ] \Device\Harddisk0\DR0\Partition1
18:55:35.0968 6924 \Device\Harddisk0\DR0\Partition1 - ok
18:55:35.0983 6924 [ 8A56A6FCD73201DFF9D4197898DFF041 ] \Device\Harddisk0\DR0\Partition2
18:55:35.0983 6924 \Device\Harddisk0\DR0\Partition2 - ok
18:55:35.0983 6924 ============================================================
18:55:35.0983 6924 Scan finished
18:55:35.0983 6924 ============================================================
18:55:36.0015 8136 Detected object count: 0
18:55:36.0015 8136 Actual detected object count: 0
18:56:10.0023 5412 ============================================================
18:56:10.0023 5412 Scan started
18:56:10.0023 5412 Mode: Manual; SigCheck; TDLFS;
18:56:10.0023 5412 ============================================================
18:56:10.0179 5412 ================ Scan system memory ========================
18:56:10.0179 5412 System memory - ok
18:56:10.0179 5412 ================ Scan services =============================
18:56:10.0444 5412 abp480n5 - ok
18:56:10.0600 5412 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:56:10.0725 5412 ACPI - ok
18:56:10.0865 5412 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:56:10.0881 5412 AdobeARMservice - ok
18:56:11.0115 5412 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:56:11.0130 5412 AdobeFlashPlayerUpdateSvc - ok
18:56:11.0239 5412 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:56:11.0271 5412 adp94xx - ok
18:56:11.0302 5412 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:56:11.0317 5412 adpahci - ok
18:56:11.0364 5412 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:56:11.0380 5412 adpu160m - ok
18:56:11.0411 5412 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:56:11.0427 5412 adpu320 - ok
18:56:11.0442 5412 aec - ok
18:56:11.0473 5412 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:56:11.0505 5412 AeLookupSvc - ok
18:56:11.0645 5412 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:56:11.0661 5412 AFD - ok
18:56:11.0739 5412 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:56:11.0754 5412 agp440 - ok
18:56:11.0770 5412 aha154x - ok
18:56:11.0832 5412 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:56:11.0848 5412 aic78xx - ok
18:56:11.0863 5412 akshhl - ok
18:56:11.0895 5412 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:56:11.0973 5412 ALG - ok
18:56:12.0004 5412 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:56:12.0004 5412 aliide - ok
18:56:12.0019 5412 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:56:12.0035 5412 amdagp - ok
18:56:12.0066 5412 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:56:12.0082 5412 amdide - ok
18:56:12.0113 5412 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:56:12.0191 5412 AmdK7 - ok
18:56:12.0191 5412 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:56:12.0238 5412 AmdK8 - ok
18:56:12.0316 5412 [ 18BFF317BDB10C64A35E1CA85F1EC051 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:56:12.0331 5412 ApfiltrService - ok
18:56:12.0363 5412 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:56:12.0394 5412 Appinfo - ok
18:56:12.0550 5412 [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:56:12.0550 5412 Apple Mobile Device - ok
18:56:12.0721 5412 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:56:12.0737 5412 arc - ok
18:56:12.0768 5412 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:56:12.0784 5412 arcsas - ok
18:56:12.0784 5412 As6frin - ok
18:56:12.0846 5412 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:12.0924 5412 AsyncMac - ok
18:56:12.0955 5412 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:56:12.0971 5412 atapi - ok
18:56:13.0065 5412 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:56:13.0096 5412 AudioEndpointBuilder - ok
18:56:13.0111 5412 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:56:13.0143 5412 Audiosrv - ok
18:56:13.0174 5412 AVP - ok
18:56:13.0174 5412 awlegacy - ok
18:56:13.0189 5412 BCMModem - ok
18:56:13.0205 5412 BcmSqlStartupSvc - ok
18:56:13.0267 5412 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:56:13.0345 5412 Beep - ok
18:56:13.0392 5412 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:56:13.0439 5412 BFE - ok
18:56:13.0564 5412 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
18:56:13.0673 5412 BITS - ok
18:56:13.0704 5412 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:56:13.0767 5412 blbdrive - ok
18:56:13.0891 5412 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:56:13.0938 5412 Bonjour Service - ok
18:56:13.0985 5412 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:56:14.0032 5412 bowser - ok
18:56:14.0063 5412 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:56:14.0094 5412 BrFiltLo - ok
18:56:14.0110 5412 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:56:14.0141 5412 BrFiltUp - ok
18:56:14.0172 5412 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:56:14.0219 5412 Browser - ok
18:56:14.0235 5412 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:56:14.0344 5412 Brserid - ok
18:56:14.0391 5412 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:56:14.0469 5412 BrSerWdm - ok
18:56:14.0484 5412 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:56:14.0547 5412 BrUsbMdm - ok
18:56:14.0562 5412 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:56:14.0656 5412 BrUsbSer - ok
18:56:14.0687 5412 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:56:14.0749 5412 BTHMODEM - ok
18:56:14.0765 5412 bufserv - ok
18:56:14.0765 5412 catchme - ok
18:56:14.0796 5412 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:56:14.0827 5412 cdfs - ok
18:56:14.0859 5412 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:56:14.0921 5412 cdrom - ok
18:56:14.0921 5412 cdudf_xp - ok
18:56:15.0015 5412 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:56:15.0077 5412 CertPropSvc - ok
18:56:15.0108 5412 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:56:15.0155 5412 circlass - ok
18:56:15.0155 5412 cisvc - ok
18:56:15.0233 5412 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:56:15.0249 5412 CLFS - ok
18:56:15.0467 5412 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:56:15.0483 5412 clr_optimization_v2.0.50727_32 - ok
18:56:15.0607 5412 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:56:15.0623 5412 clr_optimization_v4.0.30319_32 - ok
18:56:15.0670 5412 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:15.0732 5412 CmBatt - ok
18:56:15.0763 5412 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:56:15.0779 5412 cmdide - ok
18:56:15.0779 5412 cnxtdiag - ok
18:56:15.0841 5412 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:56:15.0857 5412 Compbatt - ok
18:56:15.0873 5412 COMSysApp - ok
18:56:15.0888 5412 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:56:15.0904 5412 crcdisk - ok
18:56:15.0935 5412 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:56:15.0982 5412 Crusoe - ok
18:56:16.0013 5412 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:56:16.0060 5412 CryptSvc - ok
18:56:16.0107 5412 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:56:16.0122 5412 ctxusbm - ok
18:56:16.0122 5412 cwafreportscheduler - ok
18:56:16.0138 5412 DCamUSBSQTECH - ok
18:56:16.0247 5412 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:56:16.0309 5412 DcomLaunch - ok
18:56:16.0309 5412 de_serv - ok
18:56:16.0356 5412 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:56:16.0403 5412 DfsC - ok
18:56:16.0481 5412 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:56:16.0606 5412 DFSR - ok
18:56:16.0653 5412 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:56:16.0699 5412 Dhcp - ok
18:56:16.0731 5412 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:56:16.0746 5412 disk - ok
18:56:17.0136 5412 [ 9F07FFACD9BC7620369118410126FCEF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
18:56:17.0323 5412 DisplayLinkService - ok
18:56:17.0386 5412 [ A978A92393A57D99817ACAF5718FB3E0 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.3.24903.0.sys
18:56:17.0464 5412 DisplayLinkUsbPort - ok
18:56:17.0464 5412 dlkmd - ok
18:56:17.0479 5412 dlkmdldr - ok
18:56:17.0495 5412 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
18:56:17.0511 5412 DMICall - ok
18:56:17.0620 5412 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:56:17.0713 5412 Dnscache - ok
18:56:17.0760 5412 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:56:17.0807 5412 dot3svc - ok
18:56:17.0823 5412 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:56:17.0885 5412 DPS - ok
18:56:17.0916 5412 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:56:17.0994 5412 drmkaud - ok
18:56:18.0010 5412 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:56:18.0025 5412 dsNcAdpt - ok
18:56:18.0057 5412 [ 824C188936FDC1B20FB32192B57CDEBA ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
18:56:18.0150 5412 dsNcService - ok
18:56:18.0213 5412 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:56:18.0244 5412 DXGKrnl - ok
18:56:18.0291 5412 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:56:18.0353 5412 E1G60 - ok
18:56:18.0353 5412 EACSvrMngr - ok
18:56:18.0415 5412 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:56:18.0462 5412 EapHost - ok
18:56:18.0493 5412 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:56:18.0509 5412 Ecache - ok
18:56:18.0634 5412 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:56:18.0696 5412 ehRecvr - ok
18:56:18.0712 5412 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:56:18.0790 5412 ehSched - ok
18:56:18.0805 5412 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:56:18.0821 5412 ehstart - ok
18:56:18.0852 5412 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:56:18.0868 5412 elxstor - ok
18:56:19.0008 5412 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:56:19.0071 5412 EMDMgmt - ok
18:56:19.0102 5412 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:56:19.0149 5412 ErrDev - ok
18:56:19.0195 5412 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:56:19.0258 5412 EventSystem - ok
18:56:19.0289 5412 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:56:19.0320 5412 exfat - ok
18:56:19.0336 5412 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:56:19.0383 5412 fastfat - ok
18:56:19.0414 5412 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:56:19.0445 5412 fdc - ok
18:56:19.0476 5412 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:56:19.0507 5412 fdPHost - ok
18:56:19.0648 5412 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:56:19.0757 5412 FDResPub - ok
18:56:19.0897 5412 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:56:19.0913 5412 FileInfo - ok
18:56:20.0069 5412 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:56:20.0147 5412 Filetrace - ok
18:56:20.0163 5412 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:20.0209 5412 flpydisk - ok
18:56:20.0319 5412 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:56:20.0334 5412 FltMgr - ok
18:56:20.0662 5412 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll
18:56:20.0740 5412 FontCache - ok
18:56:20.0818 5412 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:56:20.0833 5412 FontCache3.0.0.0 - ok
18:56:20.0911 5412 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:56:20.0958 5412 Fs_Rec - ok
18:56:20.0974 5412 ftdisk - ok
18:56:21.0005 5412 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:56:21.0021 5412 gagp30kx - ok
18:56:21.0145 5412 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:56:21.0161 5412 GEARAspiWDM - ok
18:56:21.0208 5412 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:56:21.0286 5412 gpsvc - ok
18:56:21.0411 5412 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:21.0426 5412 gupdate - ok
18:56:21.0426 5412 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:21.0442 5412 gupdatem - ok
18:56:21.0504 5412 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:56:21.0598 5412 HdAudAddService - ok
18:56:21.0676 5412 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:56:21.0738 5412 HDAudBus - ok
18:56:21.0801 5412 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:56:21.0910 5412 HidBth - ok
18:56:21.0941 5412 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:56:22.0035 5412 HidIr - ok
18:56:22.0113 5412 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:56:22.0253 5412 hidserv - ok
18:56:22.0315 5412 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:56:22.0362 5412 HidUsb - ok
18:56:22.0393 5412 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:56:22.0471 5412 hkmsvc - ok
18:56:22.0487 5412 hnmsvc - ok
18:56:22.0503 5412 hotspotshieldservice - ok
18:56:22.0565 5412 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:56:22.0581 5412 HpCISSs - ok
18:56:22.0627 5412 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:56:22.0690 5412 HSFHWAZL - ok
18:56:22.0815 5412 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:56:22.0893 5412 HSF_DPV - ok
18:56:22.0924 5412 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:56:22.0955 5412 HSXHWAZL - ok
18:56:22.0986 5412 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:56:23.0080 5412 HTTP - ok
18:56:23.0189 5412 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:56:23.0205 5412 i2omp - ok
18:56:23.0236 5412 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:56:23.0267 5412 i8042prt - ok
18:56:23.0454 5412 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:56:23.0470 5412 IAANTMON - ok
18:56:23.0532 5412 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:56:23.0548 5412 iaStor - ok
18:56:23.0579 5412 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:56:23.0610 5412 iaStorV - ok
18:56:23.0673 5412 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:56:23.0704 5412 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:56:23.0704 5412 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:56:24.0000 5412 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:56:24.0031 5412 idsvc - ok
18:56:24.0219 5412 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:56:24.0281 5412 igfx - ok
18:56:24.0437 5412 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:56:24.0453 5412 iirsp - ok
18:56:24.0531 5412 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:56:24.0593 5412 IKEEXT - ok
18:56:24.0749 5412 [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:56:24.0796 5412 IntcAzAudAddService - ok
18:56:24.0921 5412 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:56:24.0936 5412 intelide - ok
18:56:25.0123 5412 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:56:25.0170 5412 intelppm - ok
18:56:25.0201 5412 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:56:25.0264 5412 IPBusEnum - ok
18:56:25.0279 5412 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:25.0326 5412 IpFilterDriver - ok
18:56:25.0357 5412 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:56:25.0404 5412 iphlpsvc - ok
18:56:25.0420 5412 IpInIp - ok
18:56:25.0451 5412 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:56:25.0513 5412 IPMIDRV - ok
18:56:25.0545 5412 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:56:25.0576 5412 IPNAT - ok
18:56:25.0779 5412 [ C00149A7027081539A66DC5A46695EAD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:56:25.0794 5412 iPod Service - ok
18:56:25.0825 5412 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:56:25.0857 5412 IRENUM - ok
18:56:25.0888 5412 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:56:25.0903 5412 isapnp - ok
18:56:26.0013 5412 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:56:26.0044 5412 iScsiPrt - ok
18:56:26.0075 5412 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:56:26.0091 5412 iteatapi - ok
18:56:26.0200 5412 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:56:26.0215 5412 iteraid - ok
18:56:26.0293 5412 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:56:26.0309 5412 IviRegMgr - ok
18:56:26.0356 5412 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:56:26.0371 5412 kbdclass - ok
18:56:26.0543 5412 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:56:26.0605 5412 kbdhid - ok
18:56:26.0637 5412 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:56:26.0683 5412 KeyIso - ok
18:56:26.0730 5412 [ 2AD446E7A867C48099227415DD66FB34 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
18:56:26.0746 5412 KL1 - ok
18:56:26.0902 5412 [ 8C547EB6709BF41E0625EFCDF13C63CE ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:56:27.0011 5412 KLIF - ok
18:56:27.0058 5412 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:56:27.0058 5412 KLIM6 - ok
18:56:27.0105 5412 [ 249A266AF74ADE44AE8424E78D145E09 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
18:56:27.0120 5412 klkbdflt - ok
18:56:27.0167 5412 [ 035724BA6D5676B76FD3AFB66AB4F1E3 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:56:27.0167 5412 klmouflt - ok
18:56:27.0183 5412 KLOGNT - ok
18:56:27.0229 5412 [ 8FD802F86D4AB3FB329B8E51517BFF2A ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
18:56:27.0245 5412 kltdi - ok
18:56:27.0323 5412 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
18:56:27.0401 5412 KMWDFILTER - ok
18:56:27.0401 5412 KMW_USB - ok
18:56:27.0463 5412 [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps C:\Windows\system32\DRIVERS\kneps.sys
18:56:27.0479 5412 kneps - ok
18:56:27.0916 5412 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:56:27.0978 5412 KSecDD - ok
18:56:28.0041 5412 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:56:28.0119 5412 KtmRm - ok
18:56:28.0165 5412 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:56:28.0243 5412 LanmanServer - ok
18:56:28.0306 5412 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:56:28.0353 5412 LanmanWorkstation - ok
18:56:28.0384 5412 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:56:28.0415 5412 lltdio - ok
18:56:28.0462 5412 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:56:28.0493 5412 lltdsvc - ok
18:56:28.0555 5412 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:56:28.0602 5412 lmhosts - ok
18:56:28.0649 5412 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:56:28.0665 5412 LSI_FC - ok
18:56:28.0821 5412 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:56:28.0836 5412 LSI_SAS - ok
18:56:29.0023 5412 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:56:29.0039 5412 LSI_SCSI - ok
18:56:29.0101 5412 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:56:29.0195 5412 luafv - ok
18:56:29.0195 5412 lxcr_device - ok
18:56:29.0226 5412 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2svc.dll
18:56:29.0257 5412 Mcx2Svc - ok
18:56:29.0289 5412 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:56:29.0304 5412 mdmxsdk - ok
18:56:29.0335 5412 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:56:29.0351 5412 megasas - ok
18:56:29.0382 5412 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:56:29.0413 5412 MegaSR - ok
18:56:29.0413 5412 merakpop3 - ok
18:56:29.0507 5412 Microsoft SharePoint Workspace Audit Service - ok
18:56:29.0523 5412 mldserv - ok
18:56:29.0538 5412 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:56:29.0569 5412 MMCSS - ok
18:56:29.0663 5412 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:56:29.0725 5412 Modem - ok
18:56:29.0757 5412 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:56:29.0819 5412 monitor - ok
18:56:29.0850 5412 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:56:29.0850 5412 mouclass - ok
18:56:29.0897 5412 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:56:29.0944 5412 mouhid - ok
18:56:29.0959 5412 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:56:29.0975 5412 MountMgr - ok
18:56:30.0178 5412 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:56:30.0193 5412 MozillaMaintenance - ok
18:56:30.0334 5412 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:56:30.0349 5412 mpio - ok
18:56:30.0381 5412 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:56:30.0396 5412 mpsdrv - ok
18:56:30.0505 5412 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:56:30.0599 5412 MpsSvc - ok
18:56:30.0646 5412 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:56:30.0646 5412 Mraid35x - ok
18:56:30.0661 5412 MRESP50 - ok
18:56:30.0661 5412 mrobeservice - ok
18:56:31.0005 5412 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:56:31.0067 5412 MRxDAV - ok
18:56:31.0114 5412 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:31.0161 5412 mrxsmb - ok
18:56:31.0192 5412 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:31.0207 5412 mrxsmb10 - ok
18:56:31.0207 5412 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:31.0254 5412 mrxsmb20 - ok
18:56:31.0285 5412 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:56:31.0317 5412 msahci - ok
18:56:31.0395 5412 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:56:31.0426 5412 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:56:31.0426 5412 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:56:31.0457 5412 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:56:31.0488 5412 msdsm - ok
18:56:31.0551 5412 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:56:31.0613 5412 MSDTC - ok
18:56:31.0644 5412 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:56:31.0691 5412 Msfs - ok
18:56:31.0707 5412 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:56:31.0722 5412 msisadrv - ok
18:56:31.0878 5412 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:56:31.0956 5412 MSiSCSI - ok
18:56:31.0956 5412 msiserver - ok
18:56:31.0987 5412 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:56:32.0019 5412 MSKSSRV - ok
18:56:32.0034 5412 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:32.0081 5412 MSPCLOCK - ok
18:56:32.0097 5412 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:56:32.0143 5412 MSPQM - ok
18:56:32.0175 5412 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:56:32.0190 5412 MsRPC - ok
18:56:32.0221 5412 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:56:32.0237 5412 mssmbios - ok
18:56:32.0237 5412 mstdc - ok
18:56:32.0284 5412 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:56:32.0315 5412 MSTEE - ok
18:56:32.0580 5412 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:56:32.0596 5412 Mup - ok
18:56:32.0705 5412 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:56:32.0799 5412 napagent - ok
18:56:32.0830 5412 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:56:32.0892 5412 NativeWifiP - ok
18:56:32.0892 5412 naveng - ok
18:56:32.0939 5412 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:56:32.0970 5412 NDIS - ok
18:56:33.0033 5412 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:33.0095 5412 NdisTapi - ok
18:56:33.0111 5412 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:33.0142 5412 Ndisuio - ok
18:56:33.0298 5412 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:33.0329 5412 NdisWan - ok
18:56:33.0360 5412 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:56:33.0376 5412 NDProxy - ok
18:56:33.0391 5412 NecUsb3 - ok
18:56:33.0516 5412 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:56:33.0563 5412 NetBIOS - ok
18:56:33.0594 5412 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:56:33.0657 5412 netbt - ok
18:56:33.0672 5412 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:56:33.0688 5412 Netlogon - ok
18:56:33.0797 5412 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:56:33.0906 5412 Netman - ok
18:56:33.0922 5412 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:56:33.0969 5412 netprofm - ok
18:56:33.0969 5412 netrcacm - ok
18:56:34.0015 5412 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:56:34.0015 5412 NetTcpPortSharing - ok
18:56:34.0421 5412 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
18:56:34.0515 5412 NETw3v32 - ok
18:56:35.0217 5412 [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
18:56:35.0341 5412 NETw4v32 - ok
18:56:35.0388 5412 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:56:35.0404 5412 nfrd960 - ok
18:56:35.0419 5412 NIPALK - ok
18:56:35.0482 5412 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:56:35.0560 5412 NlaSvc - ok
18:56:35.0622 5412 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:56:35.0685 5412 Npfs - ok
18:56:35.0700 5412 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:56:35.0763 5412 nsi - ok
18:56:35.0794 5412 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:56:35.0841 5412 nsiproxy - ok
18:56:35.0887 5412 [ 42CE5E77721E60F39858FF2A35450342 ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
18:56:35.0903 5412 NSUService ( UnsignedFile.Multi.Generic ) - warning
18:56:35.0903 5412 NSUService - detected UnsignedFile.Multi.Generic (1)
18:56:36.0589 5412 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:56:36.0714 5412 Ntfs - ok
18:56:36.0761 5412 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:56:36.0808 5412 ntrigdigi - ok
18:56:36.0870 5412 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:56:36.0948 5412 Null - ok
18:56:36.0964 5412 nv4 - ok
18:56:36.0995 5412 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:56:37.0011 5412 nvraid - ok
18:56:37.0057 5412 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:56:37.0073 5412 nvstor - ok
18:56:37.0151 5412 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:56:37.0167 5412 nv_agp - ok
18:56:37.0182 5412 NwlnkFlt - ok
18:56:37.0182 5412 NwlnkFwd - ok
18:56:37.0198 5412 NWSAP - ok
18:56:37.0198 5412 OEM02Dev - ok
18:56:37.0213 5412 ofcpfwsvc - ok
18:56:37.0276 5412 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:56:37.0338 5412 ohci1394 - ok
18:56:37.0338 5412 oracle_load_balancer_60_client-forms6ip9 - ok
18:56:37.0401 5412 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:56:37.0416 5412 ose - ok
18:56:39.0335 5412 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:56:39.0491 5412 osppsvc - ok
18:56:39.0819 5412 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:56:39.0959 5412 p2pimsvc - ok
18:56:40.0614 5412 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:56:40.0755 5412 p2psvc - ok
18:56:40.0786 5412 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:56:40.0817 5412 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:56:40.0817 5412 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:56:41.0082 5412 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:56:41.0129 5412 Parport - ok
18:56:41.0191 5412 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:56:41.0207 5412 partmgr - ok
18:56:41.0316 5412 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:56:41.0379 5412 Parvdm - ok
18:56:41.0394 5412 pav_security - ok
18:56:41.0425 5412 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:56:41.0503 5412 PcaSvc - ok
18:56:41.0550 5412 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:56:41.0566 5412 pci - ok
18:56:41.0566 5412 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:56:41.0597 5412 pciide - ok
18:56:41.0691 5412 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:56:41.0706 5412 pcmcia - ok
18:56:42.0049 5412 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:56:42.0205 5412 PEAUTH - ok
18:56:42.0205 5412 perc2 - ok
18:56:42.0237 5412 pfmodnt - ok
18:56:42.0595 5412 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:56:42.0705 5412 pla - ok
18:56:42.0736 5412 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:56:42.0767 5412 PlugPlay - ok
18:56:42.0814 5412 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:56:42.0861 5412 PNRPAutoReg - ok
18:56:42.0876 5412 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:56:42.0939 5412 PNRPsvc - ok
18:56:43.0063 5412 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:56:43.0126 5412 PolicyAgent - ok
18:56:43.0204 5412 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:56:43.0266 5412 PptpMiniport - ok
18:56:43.0297 5412 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:56:43.0329 5412 Processor - ok
18:56:43.0329 5412 ProcObsrv - ok
18:56:43.0578 5412 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:56:43.0609 5412 ProfSvc - ok
18:56:43.0656 5412 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:56:43.0672 5412 ProtectedStorage - ok
18:56:43.0765 5412 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
18:56:43.0781 5412 ProtexisLicensing - ok
18:56:43.0812 5412 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:56:43.0875 5412 PSched - ok
18:56:43.0875 5412 PSDFilter - ok
18:56:43.0890 5412 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:56:43.0906 5412 PxHelp20 - ok
18:56:44.0077 5412 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:56:44.0109 5412 ql2300 - ok
18:56:44.0140 5412 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:56:44.0155 5412 ql40xx - ok
18:56:44.0218 5412 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:56:44.0265 5412 QWAVE - ok
18:56:44.0280 5412 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:56:44.0296 5412 QWAVEdrv - ok
18:56:44.0327 5412 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:56:44.0374 5412 RasAcd - ok
18:56:44.0421 5412 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:56:44.0483 5412 RasAuto - ok
18:56:44.0530 5412 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:44.0561 5412 Rasl2tp - ok
18:56:44.0717 5412 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:56:44.0779 5412 RasMan - ok
18:56:44.0811 5412 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:44.0842 5412 RasPppoe - ok
18:56:44.0857 5412 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:56:44.0873 5412 RasSstp - ok
18:56:44.0904 5412 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:56:44.0935 5412 rdbss - ok
18:56:44.0967 5412 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:45.0013 5412 RDPCDD - ok
18:56:45.0045 5412 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:56:45.0076 5412 rdpdr - ok
18:56:45.0076 5412 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:56:45.0138 5412 RDPENCDD - ok
18:56:45.0185 5412 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:56:45.0247 5412 RDPWD - ok
18:56:45.0279 5412 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
18:56:45.0294 5412 regi - ok
18:56:45.0341 5412 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:56:45.0372 5412 RemoteAccess - ok
18:56:45.0450 5412 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:56:45.0481 5412 RemoteRegistry - ok
18:56:45.0528 5412 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:56:45.0575 5412 RpcLocator - ok
18:56:45.0606 5412 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
18:56:45.0653 5412 RpcSs - ok
18:56:45.0684 5412 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:56:45.0747 5412 rspndr - ok
18:56:45.0747 5412 rtl8029 - ok
18:56:45.0762 5412 RTL8192su - ok
18:56:45.0762 5412 s116unic - ok
18:56:45.0809 5412 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:56:45.0825 5412 SamSs - ok
18:56:45.0903 5412 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:56:45.0918 5412 sbp2port - ok
18:56:45.0965 5412 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:56:46.0012 5412 SCardSvr - ok
18:56:46.0059 5412 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:56:46.0183 5412 Schedule - ok
18:56:46.0230 5412 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:56:46.0261 5412 SCPolicySvc - ok
18:56:46.0449 5412 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:56:46.0558 5412 SDRSVC - ok
18:56:46.0605 5412 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:56:46.0667 5412 secdrv - ok
18:56:46.0683 5412 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:56:46.0745 5412 seclogon - ok
18:56:46.0745 5412 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:56:46.0792 5412 SENS - ok
18:56:46.0839 5412 [ AC1F2A09B76B57356F906EEDA43CCC2A ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
18:56:46.0870 5412 Ser2pl - ok
18:56:46.0885 5412 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:56:46.0948 5412 Serenum - ok
18:56:47.0104 5412 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:56:47.0182 5412 Serial - ok
18:56:47.0197 5412 serialkeys - ok
18:56:47.0229 5412 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:56:47.0260 5412 sermouse - ok
18:56:47.0338 5412 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:56:47.0369 5412 SessionEnv - ok
18:56:47.0478 5412 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
18:56:47.0478 5412 SFEP - ok
18:56:47.0509 5412 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:56:47.0525 5412 sffdisk - ok
18:56:47.0603 5412 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:56:47.0650 5412 sffp_mmc - ok
18:56:47.0665 5412 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:56:47.0728 5412 sffp_sd - ok
18:56:47.0743 5412 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:56:47.0806 5412 sfloppy - ok
18:56:47.0806 5412 SGHIDI - ok
18:56:47.0853 5412 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:56:47.0899 5412 SharedAccess - ok
18:56:47.0946 5412 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:56:47.0977 5412 ShellHWDetection - ok
18:56:48.0024 5412 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:56:48.0040 5412 sisagp - ok
18:56:48.0040 5412 sisperf - ok
18:56:48.0071 5412 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:56:48.0087 5412 SiSRaid2 - ok
18:56:48.0133 5412 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:56:48.0149 5412 SiSRaid4 - ok
18:56:48.0289 5412 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:56:48.0289 5412 SkypeUpdate - ok
18:56:49.0147 5412 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:56:49.0303 5412 slsvc - ok
18:56:49.0335 5412 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:56:49.0397 5412 SLUINotify - ok
18:56:49.0397 5412 smapint - ok
18:56:49.0413 5412 smartscaps - ok
18:56:49.0428 5412 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:56:49.0475 5412 Smb - ok
18:56:49.0491 5412 smcirda - ok
18:56:49.0522 5412 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:56:49.0537 5412 SNMPTRAP - ok
18:56:49.0569 5412 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:56:49.0584 5412 spldr - ok
18:56:49.0693 5412 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:56:49.0756 5412 Spooler - ok
18:56:49.0787 5412 [ 68103A2B441BBF3908EBB587F0704D6C ] sptd C:\Windows\System32\Drivers\sptd.sys
18:56:49.0803 5412 sptd - ok
18:56:49.0849 5412 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:56:49.0865 5412 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:56:49.0865 5412 SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:56:49.0865 5412 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:56:49.0896 5412 srv - ok
18:56:49.0974 5412 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:56:49.0990 5412 srv2 - ok
18:56:50.0005 5412 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:56:50.0068 5412 srvnet - ok
18:56:50.0146 5412 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:56:50.0208 5412 SSDPSRV - ok
18:56:50.0224 5412 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:56:50.0255 5412 SstpSvc - ok
18:56:50.0255 5412 stcagent - ok
18:56:50.0255 5412 steamdvr - ok
18:56:50.0395 5412 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:56:50.0473 5412 stisvc - ok
18:56:50.0520 5412 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:56:50.0551 5412 swenum - ok
18:56:50.0614 5412 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:56:50.0645 5412 swprv - ok
18:56:50.0770 5412 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:56:50.0785 5412 Symc8xx - ok
18:56:50.0832 5412 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:56:50.0848 5412 Sym_hi - ok
18:56:50.0941 5412 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:56:50.0957 5412 Sym_u3 - ok
18:56:51.0082 5412 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:56:51.0175 5412 SysMain - ok
18:56:51.0222 5412 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:56:51.0285 5412 TabletInputService - ok
18:56:51.0316 5412 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:56:51.0363 5412 TapiSrv - ok
18:56:51.0394 5412 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:56:51.0425 5412 TBS - ok
18:56:51.0472 5412 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:56:51.0503 5412 Tcpip - ok
18:56:51.0519 5412 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:56:51.0565 5412 Tcpip6 - ok
18:56:51.0565 5412 tcpipBM - ok
18:56:51.0612 5412 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:56:51.0628 5412 tcpipreg - ok
18:56:51.0675 5412 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:56:51.0737 5412 TDPIPE - ok
18:56:51.0737 5412 tdrpman174 - ok
18:56:51.0768 5412 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:56:51.0799 5412 TDTCP - ok
18:56:51.0877 5412 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:56:51.0909 5412 tdx - ok
18:56:53.0827 5412 [ F67C21CC4195F6AFC447418FE163E156 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:56:54.0015 5412 TeamViewer8 - ok
18:56:54.0046 5412 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:56:54.0061 5412 TermDD - ok
18:56:54.0576 5412 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:56:54.0685 5412 TermService - ok
18:56:54.0795 5412 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:56:54.0810 5412 Themes - ok
18:56:54.0919 5412 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:56:54.0951 5412 THREADORDER - ok
18:56:55.0216 5412 [ 909CD987B54A8179C9AEE874D754721A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
18:56:55.0247 5412 ti21sony - ok
18:56:55.0294 5412 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:56:55.0356 5412 TrkWks - ok
18:56:55.0434 5412 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:56:55.0497 5412 TrustedInstaller - ok
18:56:55.0528 5412 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:55.0559 5412 tssecsrv - ok
18:56:56.0464 5412 [ 86CD728FB5F6A409112662E1596D987B ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
18:56:56.0511 5412 TuneUp.UtilitiesSvc - ok
18:56:56.0667 5412 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
18:56:56.0682 5412 TuneUpUtilitiesDrv - ok
18:56:56.0776 5412 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:56:56.0823 5412 tunmp - ok
18:56:56.0854 5412 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:56:56.0885 5412 tunnel - ok
18:56:56.0901 5412 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:56:56.0916 5412 uagp35 - ok
18:56:56.0947 5412 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:56:56.0963 5412 udfs - ok
18:56:57.0103 5412 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:56:57.0135 5412 UI0Detect - ok
18:56:57.0135 5412 uiusys - ok
18:56:57.0166 5412 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:56:57.0181 5412 uliagpkx - ok
18:56:57.0291 5412 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:56:57.0306 5412 uliahci - ok
18:56:57.0353 5412 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:56:57.0369 5412 UlSata - ok
18:56:57.0400 5412 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:56:57.0415 5412 ulsata2 - ok
18:56:57.0447 5412 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:56:57.0509 5412 umbus - ok
18:56:57.0525 5412 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
18:56:57.0571 5412 UMPass - ok
18:56:57.0603 5412 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:56:57.0665 5412 upnphost - ok
18:56:57.0681 5412 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:56:57.0743 5412 USBAAPL - ok
18:56:57.0774 5412 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:56:57.0821 5412 usbaudio - ok
18:56:57.0852 5412 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:57.0899 5412 usbccgp - ok
18:56:57.0946 5412 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:56:58.0024 5412 usbcir - ok
18:56:58.0024 5412 USBDongle - ok
18:56:58.0149 5412 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:56:58.0195 5412 usbehci - ok
18:56:58.0351 5412 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:56:58.0383 5412 usbhub - ok
18:56:58.0492 5412 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:56:58.0539 5412 usbohci - ok
18:56:58.0695 5412 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:56:58.0726 5412 usbprint - ok
18:56:58.0866 5412 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:56:58.0944 5412 usbscan - ok
18:56:58.0975 5412 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:59.0022 5412 USBSTOR - ok
18:56:59.0053 5412 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:56:59.0085 5412 usbuhci - ok
18:56:59.0085 5412 USIUDF - ok
18:56:59.0100 5412 UWProSys - ok
18:56:59.0209 5412 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:56:59.0241 5412 UxSms - ok
18:56:59.0397 5412 [ DE2C51E244E543ED4C649052BA66DC0D ] UxTuneUp C:\Windows\System32\uxtuneup.dll
18:56:59.0412 5412 UxTuneUp - ok
18:56:59.0490 5412 [ AFBCD738DF9DE3B6D71AFC704E7F27FB ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:56:59.0506 5412 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:56:59.0506 5412 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:56:59.0646 5412 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
18:56:59.0662 5412 VAIO Event Service - ok
18:57:00.0036 5412 [ 4B8F85BFC82B849D52FD4F3F32259DBC ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
18:57:00.0114 5412 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
18:57:00.0114 5412 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
18:57:00.0192 5412 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:57:00.0223 5412 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
18:57:00.0223 5412 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
18:57:00.0348 5412 [ 58558F3DC2FEF127B697D1138A8D7AFB ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:57:00.0426 5412 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
18:57:00.0426 5412 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
18:57:00.0535 5412 [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
18:57:00.0567 5412 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning
18:57:00.0567 5412 VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)
18:57:00.0598 5412 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:57:00.0645 5412 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning
18:57:00.0645 5412 VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)
18:57:00.0879 5412 [ 58558F3DC2FEF127B697D1138A8D7AFB ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:57:01.0035 5412 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning
18:57:01.0035 5412 VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)
18:57:01.0425 5412 [ 6EF45DF2FCC4AE35C715A6C9B5C68B17 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:57:01.0440 5412 VcmIAlzMgr - ok
18:57:01.0487 5412 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
18:57:01.0503 5412 VcmXmlIfHelper - ok
18:57:01.0503 5412 Vcsw - ok
18:57:01.0971 5412 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:57:02.0017 5412 vds - ok
18:57:02.0049 5412 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:02.0111 5412 vga - ok
18:57:02.0142 5412 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:57:02.0173 5412 VgaSave - ok
18:57:02.0189 5412 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:57:02.0205 5412 viaagp - ok
18:57:02.0236 5412 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:57:02.0267 5412 ViaC7 - ok
18:57:02.0407 5412 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:57:02.0423 5412 viaide - ok
18:57:02.0439 5412 vmm - ok
18:57:02.0485 5412 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:57:02.0501 5412 volmgr - ok
18:57:02.0579 5412 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:57:02.0610 5412 volmgrx - ok
18:57:02.0673 5412 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:57:02.0688 5412 volsnap - ok
18:57:02.0735 5412 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:57:02.0751 5412 vsmraid - ok
18:57:02.0844 5412 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:57:02.0907 5412 VSS - ok
18:57:03.0078 5412 [ 416F115DC1003BB624D03E019C3D563D ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
18:57:03.0125 5412 VUAgent - ok
18:57:03.0125 5412 vusbbus - ok
18:57:03.0219 5412 [ 212F0BE9ECA72CB56F9C30E4FE1858E2 ] vvftav303 C:\Windows\system32\drivers\vvftav303.sys
18:57:03.0297 5412 vvftav303 - ok
18:57:03.0375 5412 [ 2E785F4F92C4C67CEBB61DD55ED1F6A1 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:57:03.0390 5412 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
18:57:03.0390 5412 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
18:57:03.0437 5412 [ 2D876CAD8C7FFB08179DFF361FF851E6 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:57:03.0453 5412 VzFw ( UnsignedFile.Multi.Generic ) - warning
18:57:03.0453 5412 VzFw - detected UnsignedFile.Multi.Generic (1)
18:57:03.0499 5412 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:57:03.0531 5412 W32Time - ok
18:57:03.0546 5412 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:57:03.0609 5412 WacomPen - ok
18:57:03.0640 5412 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:57:03.0655 5412 Wanarp - ok
18:57:03.0671 5412 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:57:03.0687 5412 Wanarpv6 - ok
18:57:03.0702 5412 wanatw - ok
18:57:03.0780 5412 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:57:03.0827 5412 wcncsvc - ok
18:57:03.0858 5412 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:57:03.0889 5412 WcsPlugInService - ok
18:57:03.0936 5412 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:57:03.0952 5412 Wd - ok
18:57:03.0999 5412 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:57:04.0030 5412 Wdf01000 - ok
18:57:04.0092 5412 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:57:04.0139 5412 WdiServiceHost - ok
18:57:04.0139 5412 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:57:04.0170 5412 WdiSystemHost - ok
18:57:04.0233 5412 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:57:04.0264 5412 WebClient - ok
18:57:04.0279 5412 websenselogserver - ok
18:57:04.0311 5412 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:57:04.0357 5412 Wecsvc - ok
18:57:04.0389 5412 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:57:04.0404 5412 wercplsupport - ok
18:57:04.0467 5412 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:57:04.0498 5412 WerSvc - ok
18:57:04.0529 5412 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:57:04.0545 5412 WimFltr - ok
18:57:04.0623 5412 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:57:04.0638 5412 winachsf - ok
18:57:04.0732 5412 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:57:04.0747 5412 WinDefend - ok
18:57:04.0763 5412 WinHttpAutoProxySvc - ok
18:57:04.0841 5412 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:57:04.0872 5412 Winmgmt - ok
18:57:05.0013 5412 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:57:05.0122 5412 WinRM - ok
18:57:05.0169 5412 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb C:\Windows\system32\DRIVERS\winusb.sys
18:57:05.0215 5412 winusb - ok
18:57:05.0340 5412 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:57:05.0418 5412 Wlansvc - ok
18:57:05.0559 5412 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:57:05.0637 5412 wlidsvc - ok
18:57:05.0715 5412 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:57:05.0730 5412 WmiAcpi - ok
18:57:05.0777 5412 [ 43BE3875207DCB62A85C8C49970B66CC ] WmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:57:05.0824 5412 WmiApSrv - ok
18:57:05.0995 5412 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:57:06.0058 5412 WMPNetworkSvc - ok
18:57:06.0105 5412 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:57:06.0151 5412 WPCSvc - ok
18:57:06.0183 5412 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:57:06.0229 5412 WPDBusEnum - ok
18:57:06.0245 5412 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:57:06.0261 5412 WpdUsb - ok
18:57:06.0479 5412 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:57:06.0510 5412 WPFFontCache_v0400 - ok
18:57:06.0541 5412 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:57:06.0604 5412 ws2ifsl - ok
18:57:06.0604 5412 WscNetDr - ok
18:57:06.0635 5412 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:57:06.0666 5412 wscsvc - ok
18:57:06.0682 5412 WSearch - ok
18:57:06.0900 5412 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:57:06.0978 5412 wuauserv - ok
18:57:07.0025 5412 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:57:07.0056 5412 WudfPf - ok
18:57:07.0072 5412 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:07.0103 5412 WUDFRd - ok
18:57:07.0119 5412 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:57:07.0150 5412 wudfsvc - ok
18:57:07.0197 5412 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:57:07.0243 5412 XAudio - ok
18:57:07.0275 5412 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:57:07.0321 5412 XAudioService - ok
18:57:07.0368 5412 [ 2D07E65ED0023BB10B13A912B27DFB1A ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:57:07.0384 5412 yukonwlh - ok
18:57:07.0399 5412 z800mgmt - ok
18:57:07.0399 5412 zpnodecollector - ok
18:57:07.0493 5412 [ 51DF76D8F9DDF0E0012639448652956D ] ZSMC0303 C:\Windows\system32\Drivers\usbVM303.sys
18:57:07.0587 5412 ZSMC0303 - ok
18:57:07.0602 5412 ================ Scan global ===============================
18:57:07.0649 5412 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:57:07.0680 5412 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:57:07.0696 5412 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:57:07.0774 5412 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:57:07.0774 5412 [Global] - ok
18:57:07.0774 5412 ================ Scan MBR ==================================
18:57:07.0805 5412 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:57:08.0273 5412 \Device\Harddisk0\DR0 - ok
18:57:08.0273 5412 ================ Scan VBR ==================================
18:57:08.0320 5412 [ E0DD9EDC4AD5F1E7F8523439DDC4CBC2 ] \Device\Harddisk0\DR0\Partition1
18:57:08.0320 5412 \Device\Harddisk0\DR0\Partition1 - ok
18:57:08.0367 5412 [ 8A56A6FCD73201DFF9D4197898DFF041 ] \Device\Harddisk0\DR0\Partition2
18:57:08.0367 5412 \Device\Harddisk0\DR0\Partition2 - ok
18:57:08.0367 5412 ============================================================
18:57:08.0367 5412 Scan finished
18:57:08.0367 5412 ============================================================
18:57:08.0382 5400 Detected object count: 14
18:57:08.0382 5400 Actual detected object count: 14
18:57:48.0381 5400 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0381 5400 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0381 5400 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0381 5400 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0381 5400 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0381 5400 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0381 5400 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0381 5400 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0381 5400 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0381 5400 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0396 5400 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0396 5400 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0412 5400 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0412 5400 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:48.0412 5400 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:48.0412 5400 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:57.0475 7388 Deinitialize success



Malwarebyts log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.09.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Joan :: JOAN-PC [administrator]

10/9/2013 7:00:25 PM
mbam-log-2013-10-09 (19-00-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219099
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1BCEDE99-16B9-A219-9E21-DE62B2314CE3} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\InstallMate\{DD486110-EFE7-42D7-A03C-A7C506AB43E6}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{DD486110-EFE7-42D7-A03C-A7C506AB43E6}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)


thanks again
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Sorry about the fixlist/filelist mix up. Glad you figured it out.

How is it running now? Are you still getting audio ads?
  • 0

#7
maxcool

maxcool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
so far ok , no more background audio

is it cleared?

Thanks
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

so far ok , no more background audio

is it cleared?


Looks good to me. If you want to be sure you can do an ESET online scan but it takes many hours:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#9
maxcool

maxcool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Sorry for the delay as I was out of town

her is the log from ESTE, it did find one :(

C:\Qoobox\Quarantine\C\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmdkebcojjgflhkkkblajpkpeihmoko\1\519ffdd9ec61e9.89170750.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined


Thanks again
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Yes but the file was in C:\Qoobox\Quarantine\ which is where Combofix puts the files it removes so ESET didn't really find anything active. You are good to go!
  • 0

#11
maxcool

maxcool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks so much again
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP