Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Combined Malware Infection: Winzip Registry Optimizer and Photoshop El

Started by technoobie , Oct 14 2013 06:03 PM

  • This topic is locked This topic is locked

#1
technoobie
Posted 14 October 2013 - 06:03 PM

technoobie

    Member

  • Member
  • PipPip
  • 20 posts
Hi there,

I think I've been infected with a type of malware called Winzip Registry Optimizer. I contracted it when I downloaded Utorrent. It manifests itself in the form of a popup when I start up my netbook and I'm unable to close the program. It has also installed itself on my computer. The popup displays a fake virus scan and prompts me to fix the errors (which I have not done). It seems to have circumvented my antivirus, I'm currently running AVG free antivirus edition, and worse still malware bytes is unable to remove it. At first I thought it was just a type of adware and was content to ignore it but it seems to be messing around with my netbook. Mainly in the form of slowing down the operating speed of the device.

The situation gets more complicated as last Thursday (10/10/13) I downloaded what I thought was a trial version of Photoshop Elements but I think it was another type of malware. Upon downloading this the device's speed slowed right, right down and things started freezing and it became pretty apparent that I was infected. I decided to run a full system scan using Malwarebytes and it found 53 infections and I thought I removed them and that would be the end of my malware woes. I was wrong, the next day the device still wasn't working properly (running really slowly and freezing when doing very simple tasks such as trying to open chrome) so I decided to run another full system scan using Malwarebytes, this time it found almost 250 infections and again I tried to remove them. By this point I figured my very limited tech knowledge was not going to be enough to fix the problem so I posted on whirlpool forums and they sent me over here for help.

I've also taken the device for two second opinions at a computer store and ICT help desk respectively and one person said it was likely I had a trojan and that they're difficult to remove and I'd be best rebooting, the other said pretty much the same thing.

I'm not keen to reboot as I don't have the windows operating system program with me and since I'm using a netbook, I also don't have an optical drive, so can't reinstall via that way anyway. I appreciate any help you can offer. Thanks so much in advance :) :) :).

OTL logfile created on: 14/10/2013 5:35:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.28% Memory free
3.84 Gb Paging File | 3.04 Gb Available in Paging File | 79.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 69.07 Gb Free Space | 49.68% Space Free | Partition Type: NTFS

Computer Name: TECHNOOBIE | User Name: TechnoobieFamily | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/14 17:34:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads\OTL.exe
PRC - [2013/10/03 17:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/02 16:49:47 | 002,404,376 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/10/02 16:49:46 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/02 16:49:46 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/09/25 06:37:14 | 000,181,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2013/08/15 12:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 20:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 02:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 16:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 16:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 16:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/12 22:47:05 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/13 12:07:58 | 007,437,184 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) -- C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
PRC - [2010/05/23 16:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2009/10/07 18:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/08/24 13:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2008/07/04 10:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/18 16:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/18 16:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/11 19:24:39 | 013,584,776 | ---- | M] () -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
MOD - [2013/10/03 17:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 17:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 17:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/10/02 16:49:47 | 002,404,376 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/10/02 16:49:47 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/02 16:49:47 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/02 16:49:46 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 23:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 23:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/12/10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/02 16:49:46 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/09/25 06:37:14 | 000,181,152 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor12.0)
SRV - [2013/07/23 20:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 16:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/23 16:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2009/08/24 13:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2008/04/18 16:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/02 16:49:47 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 02:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 02:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 02:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 02:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 02:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 02:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 02:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2009/08/31 21:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/22 15:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/07 13:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/02 16:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...94wu45r44526295
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...x15rsb&tsp=5031
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enAU369
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-re...n=&geo=AU&ver=1
IE - HKCU\..\SearchScopes\{BCE2E110-EB24-4A2E-A941-CEA4BBA6DF9F}: "URL" = http://search.condui...7671162130&UM=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2010/08/05 09:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]

[2013/10/11 00:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: PricePeep = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Easy Speed PC] C:\Program Files\Probit Software\Easy Speed PC\ESPCLauncher.exe (Probit Software LTD)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WROReminder] C:\Program Files\WinZip Registry Optimizer\Winzipro.exe (WinZip Computing, S.L. (WinZip Computing))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.70.28.1 10.70.28.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5339E1D-D626-4CBD-82BB-C91DF648FB97}: DhcpNameServer = 10.70.28.1 10.70.28.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 03:59:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4188bcc5-2cd2-11e0-b2b7-705ab6313b65}\Shell\AutoRun\command - "" = D:\EHealthConference2010.exe
O33 - MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\Shell\open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\Shell\open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/14 13:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong
[2013/10/14 00:06:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/10/11 00:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Probit Software
[2013/10/11 00:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\avgchrome
[2013/10/11 00:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/10/11 00:53:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2013/10/11 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\BitGuard
[2013/10/11 00:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/10/11 00:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/11 00:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitGuard
[2013/10/11 00:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\YCanPDF
[2013/10/11 00:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/10/11 00:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\UniPDF
[2013/10/11 00:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\UniPDF
[2013/10/11 00:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.mauby
[2013/10/11 00:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/10/11 00:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/10/10 21:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Adobe Photoshop Elements 12
[2013/10/10 21:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/10/10 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2009/11/10 06:32:23 | 000,036,136 | ---- | C] (Oberon Media) -- C:\Documents and Settings\All Users\FullRemove.exe
[26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/14 13:27:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/14 13:27:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/14 13:27:06 | 2136,936,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/14 13:02:49 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/13 02:56:18 | 001,378,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/13 02:35:42 | 000,835,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/13 02:35:42 | 000,221,232 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/13 02:25:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/13 02:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TECHNOOBIE-TechnoobieFamily.job
[2013/10/13 00:37:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/11 01:02:40 | 021,742,470 | ---- | M] () -- C:\Documents and Settings\TechnoobieFamily\Desktop\TECHNOOBIEFAMILY TN (3).rtf
[2013/10/11 00:48:54 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\TechnoobieFamily\Desktop\UniPDF.lnk
[2013/10/10 23:13:50 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 12.lnk
[2013/10/10 21:23:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2013/10/06 15:01:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/10/02 22:48:08 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/10/02 16:49:47 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/11 00:54:22 | 021,742,470 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Desktop\TECHNOOBIEFAMILY TN (3).rtf
[2013/10/11 00:53:53 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Help.lnk
[2013/10/11 00:53:53 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Easy Speed PC.lnk
[2013/10/11 00:53:53 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Uninstall.lnk
[2013/10/11 00:53:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Easy Speed PC on the Web.lnk
[2013/10/11 00:48:54 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Desktop\UniPDF.lnk
[2013/10/11 00:42:13 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2013/10/11 00:10:37 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-Technoobie-TechnoobieFamily.job
[2013/10/10 23:13:50 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 12.lnk
[2013/10/10 23:13:50 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 12.lnk
[2013/10/10 21:23:02 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2013/10/10 21:23:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/05/14 00:40:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/06 11:57:43 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\TechnoobieFamily\Application Data\Sys6925.Config Collection.sys
[2011/01/31 11:51:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/31 11:46:43 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/07 20:53:05 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/11/10 04:03:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 23:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 23:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/31 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013/02/05 22:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/10/11 00:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/10/14 00:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitGuard
[2013/02/05 21:48:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/10 06:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eMachines
[2013/10/14 22:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/31 20:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2013/10/11 00:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/15 10:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/07/15 11:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/15 19:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/04 01:55:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\.#
[2013/07/06 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\AVG Secure Search
[2013/07/04 00:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\AVG2013
[2013/10/10 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/10/11 00:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.mauby
[2013/10/11 00:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/26 19:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\MSNInstaller
[2013/06/12 22:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\Nico Mak Computing
[2013/10/14 13:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong
[2013/07/04 00:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\TuneUp Software
[2013/10/14 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent
[2010/07/15 23:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\Windows Desktop Search
[2010/08/05 09:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\Windows Search
[2011/09/28 10:22:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\wyUpdate AU
[2013/10/11 00:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\YCanPDF

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838

< End of report >

***Edited to add in the extras from OTL:

OTL Extras logfile created on: 14/10/2013 5:35:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.28% Memory free
3.84 Gb Paging File | 3.04 Gb Available in Paging File | 79.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 69.07 Gb Free Space | 49.68% Space Free | Partition Type: NTFS

Computer Name: TECHNOOBIE | User Name: TechnoobieFamily| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\ApexDC++\ApexDC.exe" = C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\7zS5D.tmp\SymNRT.exe" = C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\7zS5D.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}" = PSE12 STI Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera
"{777B751F-C904-4BD7-8DFF-81F97A3C0BC5}" = Adobe Photoshop Elements 12
"{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F9D71EC-A86E-4001-A108-D2055591451A}" = MPM
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D80A7B7-DC01-485D-AE93-710D559B5C56}" = Elements 12 Organizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9371941-0FDE-4ed3-A426-B6D9B2CCFA27}" = K5300
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext
"{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FFF14233-FE39-4671-A38E-76FD8F24A879}" = e-tax 2013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 12" = Adobe Photoshop Elements 12
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Speed PC" = Easy Speed PC
"eMachines Screensaver" = eMachines ScreenSaver
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Identity Card" = Identity Card
"ie8" = Windows Internet Explorer 8
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"UniPDF" = UniPDF 1.0.5
"uTorrent" = µTorrent
"uTorrentControl_v6 Toolbar" = uTorrentControl_v6 Toolbar
"VLC media player" = VLC media player 2.0.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip Registry Optimizer_is1" = WinZip Registry Optimizer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/09/2013 1:10:57 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2656

Error - 30/09/2013 1:10:57 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2656

Error - 30/09/2013 10:12:41 PM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/09/2013 10:12:41 PM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2422

Error - 30/09/2013 10:12:41 PM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2422

Error - 1/10/2013 3:20:45 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/10/2013 3:20:45 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1623219

Error - 1/10/2013 3:20:45 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1623219

Error - 1/10/2013 3:20:48 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/10/2013 3:20:48 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1626766

[ System Events ]
Error - 12/10/2013 11:39:15 AM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 13/10/2013 8:56:58 AM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NSL service.

Error - 13/10/2013 9:07:39 AM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 13/10/2013 9:56:17 PM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NSL service.

Error - 13/10/2013 9:56:48 PM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NSL service.

Error - 13/10/2013 9:57:35 PM | Computer Name = TECHNOOBIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address C417FED9ADF0 has been denied by the DHCP server 10.70.28.1 (The DHCP Server
sent a DHCPNACK message).

Error - 14/10/2013 2:24:37 AM | Computer Name = TECHNOOBIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.16.118.210 on
the Network Card with network address C417FED9ADF0.

Error - 14/10/2013 2:25:14 AM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NSL service.

Error - 14/10/2013 2:25:44 AM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NSL service.

Error - 14/10/2013 2:26:14 AM | Computer Name = TECHNOOBIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NSL service.


< End of report >

Edited by technoobie, 14 October 2013 - 08:32 PM.

  • 0

Advertisements

#2
DonnaB
Posted 14 October 2013 - 10:06 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi technoobie,

Thank you for the Extras log. I am presently reviewing your logs. In your post above you mentioned that you ran Malwarebytes (MBAM) though it was unable to remove it. Could you open MBAM and click on the Logs tab and paste the log in a reply that was generated, please?

Back soon with a fix.

Thank you,
Donna :)
  • 0

#3
technoobie
Posted 15 October 2013 - 12:11 AM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks Donna, I really appreciate the help :).

Here's the malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TechnoobieFamily :: Technoobie [administrator]

13/10/2013 8:07:33 PM
mbam-log-2013-10-13 (20-07-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348839
Time elapsed: 2 hour(s), 40 minute(s), 15 second(s)

Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 184 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 3508 -> Delete on reboot.

Memory Modules Detected: 1
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.Protector) -> Delete on reboot.

Registry Keys Detected: 35
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440444154460} (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550455155560} (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041560.BHO.1 (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041560.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041560.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041560.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\Software\TubeSaver-1 (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\Software\TubeSaver-1 (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TubeSaver-1 (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.delta-sea...x15rsb&tsp=5031 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKCU\Software\Crossrider|Verifier (PUP.Optional.CrossRider.A) -> Data: 11979d91e2b2689b11f5a0b041d0b6ae -> Quarantined and deleted successfully.
HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Data: http://www.delta-sea...x15rsb&tsp=5031 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www.delta-sea...x15rsb&tsp=5031 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Data: C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Protector) -> Bad: (c:\docume~1\alluse~1\applic~1\bitguard\261694~1.246\{c16c1~1\bitguard.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www.delta-sea...x15rsb&tsp=5031) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 23
C:\Program Files\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Program Files\TubeSaver-1 (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\userCode (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\icons (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\icons\actions (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\api (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

Files Detected: 169
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.Protector) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
C:\Program Files\TubeSaver-1\TubeSaver-1-bho.dll (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\2F2C3F17-BAB0-7891-82AF-F6EF970B33AE\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temporary Internet Files\Content.IE5\9S8ZY2NE\TubeSaver_2070-2021_v122[1].exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temporary Internet Files\Content.IE5\9S8ZY2NE\unipdf_7975[1].exe (PUP.Optional.InstallMonetizer.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Temporary Internet Files\Content.IE5\9S8ZY2NE\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-bg.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-buttonutil.dll (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-buttonutil.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-chromeinstaller.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-codedownloader.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-enabler.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-updater.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\utils.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\EPUpdater.job (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\unutil.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\TubeSaver-1-chromeinstaller.job (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\TubeSaver-1-codedownloader.job (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\TubeSaver-1-enabler.job (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\TubeSaver-1-updater.job (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\5938.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoonieFamily\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Program Files\TubeSaver-1\41560.crx (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\background.html (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\Installer.log (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1-helper.exe (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\TubeSaver-1.ico (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Program Files\TubeSaver-1\Uninstall.exe (PUP.Optional.TubeSaver.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\background.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\crossriderManifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\manifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\popup.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\manifest.xml (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\142_intext_fa_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\101_cortica_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\102_dealply_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\103_intext_5_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\104_jollywallet_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\105_corticas_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\107_coupish_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\108_icm_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\116_ads_only_5_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\117_coupons_intext_ads_5_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\119_similar_web_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\120_luck_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\14_CrossriderUtils.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\155_ibario_pops_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\159_cortica_rollover_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\170_icm1_5_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\171_arcadi2_sourceID_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\17_jQuery.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\19_CHAppAPIWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\1_base.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\21_debug.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\22_resources.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\28_initializer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\47_resources_background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\4_jquery_1_7_1.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\123_intext_adv_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\125_arcadi2_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\126_revizer_ws_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\127_revizer_p_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\128_superfish_pricora_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\129_widdit_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\135_arcadi3_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\138_getdeal_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\13_CrossriderAppUtils.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\141_corticas_ru_m.js.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\64_appApiMessage.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\72_appApiValidation.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\78_CrossriderInfo.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\7_hooks.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\80_CHPopupAppAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\87_ginyas_wrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\91_monetizationLoader.js.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\92_superfish_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\93_superfish_no_coupons_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\97_resourceApiWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\plugins\9_search_engine_hook.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\userCode\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\extensionData\userCode\extension.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\icons\icon128.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\icons\icon16.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\icons\icon48.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\icons\actions\1.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\main.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\api\chrome.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\api\cookie.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\api\message.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\api\pageAction.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\api\pageActionBG.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\bg_app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\consts.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\cookie_store.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\crossriderAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\delegate.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\events.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\extensionDataStore.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\installer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\logFile.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\logging.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\onBGDocumentLoad.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\reports.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\storageWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\updateManager.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\util.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\xhr.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\popupResource\newPopup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\TechnooobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.25.20_0\js\lib\popupResource\popup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

(end)
  • 0

#4
DonnaB
Posted 15 October 2013 - 12:58 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
You're welcome. At this time, make sure not to use any USB's on the Netbook.

Please do the following:

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    PRC - [2013/02/13 12:07:58 | 007,437,184 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) -- C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...x15rsb&tsp=5031
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enAU369
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-re...n=&geo=AU&ver=1
    IE - HKCU\..\SearchScopes\{BCE2E110-EB24-4A2E-A941-CEA4BBA6DF9F}: "URL" = http://search.condui...7671162130&UM=1
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O33 - MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
    O33 - MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\Shell\open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
    O33 - MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
    O33 - MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\Shell\open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
    [2013/10/14 13:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong
    [2013/10/11 00:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
    [2013/10/11 00:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2013/10/06 15:01:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
    [2013/10/02 22:48:08 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
    [2011/02/06 11:57:43 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\TechnoobieFamily\Application Data\Sys6925.Config Collection.sys
    [2011/01/31 11:51:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/01/31 11:46:43 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/09/07 20:53:05 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/11 00:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2010/09/04 01:55:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\.#
    [2013/10/14 13:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong

    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Registry Optimizer]

    :Commands
    [resethosts]
    [emptytemp]

  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.

Please post the contents of following 3 logs into your next reply:
C:\_OTL\Moved Files
OTL.txt
Extras.txt

Thank you,
Donna :)
  • 0

#5
technoobie
Posted 15 October 2013 - 07:10 AM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Donna,

here's the first log you requested, I'll update and edit this post with the other two in a bit :).

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named Winzipro.exe was found!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCE2E110-EB24-4A2E-A941-CEA4BBA6DF9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCE2E110-EB24-4A2E-A941-CEA4BBA6DF9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Folder C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\ not found.
C:\Program Files\Delta\Delta folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job moved successfully.
C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job moved successfully.
File C:\Documents and Settings\TechnoobieFamily\Application Data\Sys6925.Config Collection.sys not found.
File C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini not found.
C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini moved successfully.
File C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\TechnoobieFamily\Application Data\.#\ not found.
Folder C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Registry Optimizer\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 34819437 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57868 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 335750 bytes

User: TechnoobieFamily
->Temp folder emptied: 496002852 bytes
->Temporary Internet Files folder emptied: 126543097 bytes
->Google Chrome cache emptied: 25906929 bytes
->Flash cache emptied: 83941 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33276 bytes

User: SisterOne
->Temp folder emptied: 239791206 bytes
->Temporary Internet Files folder emptied: 21647573 bytes
->Google Chrome cache emptied: 395610689 bytes
->Flash cache emptied: 59508 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 12238865 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 434533732 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1528879277 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 4217064148 bytes

Total Files Cleaned = 7,185.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10152013_234522

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_748.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
DonnaB
Posted 15 October 2013 - 09:59 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Technoobie,

Please paste the remaining logs in a new reply. Since I have now reviewed your thread, I will not receive an email notification if you edit your post above to insert the other 2 logs. I don't want to miss your reply and leave you wondering what happened to me.

How is the netbook behaving now? Just because all symptoms appear to have been resolved does not necessarily mean you are clean.

Thank you,
Donna :)
  • 0

#7
technoobie
Posted 15 October 2013 - 11:56 PM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Donna,

I'm a bit confused because I don't think that the first bit of code you had me enter in to OTL under the custom scans/fixes box worked correctly so I ran the fix again and here's the log it generated:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named Winzipro.exe was found!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCE2E110-EB24-4A2E-A941-CEA4BBA6DF9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCE2E110-EB24-4A2E-A941-CEA4BBA6DF9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75a7f667-2cd1-11e0-b2b5-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19001d6-308a-11df-b228-705ab6313b65}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong folder moved successfully.
C:\Program Files\Delta folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
File C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job not found.
File C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job not found.
C:\Documents and Settings\TechnoobieFamily\Application Data\Sys6925.Config Collection.sys moved successfully.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini moved successfully.
File C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini not found.
C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
C:\Documents and Settings\TechnoobieFamily\Application Data\.# folder moved successfully.
Folder C:\Documents and Settings\TechnoobieFamily\Application Data\PriceGong\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Registry Optimizer\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TechnoobieFamily
->Temp folder emptied: 737217 bytes
->Temporary Internet Files folder emptied: 1018013 bytes
->Google Chrome cache emptied: 10631347 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: SisterOne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 203962 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10162013_001813

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
technoobie
Posted 16 October 2013 - 12:02 AM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here are the other two logs you requested as well:

OTL logfile created on: 16/10/2013 12:26:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.75% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 75.96 Gb Free Space | 54.63% Space Free | Partition Type: NTFS

Computer Name: EMACHINES | User Name: TechnoobieFamily | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/15 23:34:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads\OTL (1).exe
PRC - [2013/10/02 16:49:47 | 002,404,376 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/10/02 16:49:46 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/02 16:49:46 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/09/25 06:37:14 | 000,181,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2013/08/15 12:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 20:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 02:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 16:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 16:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 16:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/12 22:47:05 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/13 12:07:58 | 007,437,184 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) -- C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
PRC - [2010/05/23 16:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2009/10/07 18:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/08/24 13:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2008/07/04 10:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/18 16:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/18 16:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/02 16:49:47 | 002,404,376 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/10/02 16:49:47 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/02 16:49:47 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/02 16:49:46 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/12/10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/02 16:49:46 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/09/25 06:37:14 | 000,181,152 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor12.0)
SRV - [2013/07/23 20:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 16:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/23 16:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2009/08/24 13:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2008/04/18 16:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/02 16:49:47 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 02:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 02:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 02:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 02:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 02:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 02:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 02:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2009/08/31 21:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/22 15:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/07 13:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/02 16:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...94wu45r44526295
IE - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2010/08/05 09:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]

[2013/10/11 00:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: PricePeep = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/16 00:18:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007..\Run: [Easy Speed PC] C:\Program Files\Probit Software\Easy Speed PC\ESPCLauncher.exe (Probit Software LTD)
O4 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe File not found
O4 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007..\Run: [uTorrent] C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007..\Run: [WROReminder] C:\Program Files\WinZip Registry Optimizer\Winzipro.exe (WinZip Computing, S.L. (WinZip Computing))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1110412475-670770235-1538417202-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5339E1D-D626-4CBD-82BB-C91DF648FB97}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 03:59:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4188bcc5-2cd2-11e0-b2b7-705ab6313b65}\Shell\AutoRun\command - "" = D:\EHealthConference2010.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/15 23:45:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/14 00:06:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/10/11 19:19:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/11 19:19:36 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/11 19:19:36 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/11 19:18:30 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/11 19:18:30 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/11 00:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Probit Software
[2013/10/11 00:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\avgchrome
[2013/10/11 00:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/10/11 00:53:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2013/10/11 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\BitGuard
[2013/10/11 00:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/11 00:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitGuard
[2013/10/11 00:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\YCanPDF
[2013/10/11 00:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\UniPDF
[2013/10/11 00:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\UniPDF
[2013/10/11 00:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.mauby
[2013/10/11 00:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/10/11 00:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/10/10 21:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Adobe Photoshop Elements 12
[2013/10/10 21:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TechnoobieFamily\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/10/10 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2009/11/10 06:32:23 | 000,036,136 | ---- | C] (Oberon Media) -- C:\Documents and Settings\All Users\FullRemove.exe

========== Files Created - No Company Name ==========

[2013/10/11 00:54:22 | 021,742,470 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Desktop\TECHNOOBIEFAMILY B (3).rtf
[2013/10/11 00:53:53 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Help.lnk
[2013/10/11 00:53:53 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Easy Speed PC.lnk
[2013/10/11 00:53:53 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Uninstall.lnk
[2013/10/11 00:53:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\Easy Speed PC on the Web.lnk
[2013/10/11 00:48:54 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\TechnoobieFamily\Desktop\UniPDF.lnk
[2013/10/11 00:42:13 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2013/10/11 00:10:37 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TECHNOOBIE-TechnoobieFamily.job
[2013/10/10 23:13:50 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 12.lnk
[2013/10/10 23:13:50 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 12.lnk
[2013/10/10 21:23:02 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2013/10/10 21:23:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/05/14 00:40:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2009/11/10 04:03:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 23:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 23:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838

< End of report >

OTL Extras logfile created on: 16/10/2013 12:26:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.75% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 75.96 Gb Free Space | 54.63% Space Free | Partition Type: NTFS

Computer Name: EMACHINES | User Name: TechNoobieFamily | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1110412475-670770235-1538417202-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\ApexDC++\ApexDC.exe" = C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\7zS5D.tmp\SymNRT.exe" = C:\Documents and Settings\TechnoobieFamily\Local Settings\Temp\7zS5D.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\TechnoobieFamily\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}" = PSE12 STI Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera
"{777B751F-C904-4BD7-8DFF-81F97A3C0BC5}" = Adobe Photoshop Elements 12
"{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F9D71EC-A86E-4001-A108-D2055591451A}" = MPM
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D80A7B7-DC01-485D-AE93-710D559B5C56}" = Elements 12 Organizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9371941-0FDE-4ed3-A426-B6D9B2CCFA27}" = K5300
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext
"{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FFF14233-FE39-4671-A38E-76FD8F24A879}" = e-tax 2013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 12" = Adobe Photoshop Elements 12
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Speed PC" = Easy Speed PC
"eMachines Screensaver" = eMachines ScreenSaver
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Identity Card" = Identity Card
"ie8" = Windows Internet Explorer 8
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"UniPDF" = UniPDF 1.0.5
"uTorrent" = µTorrent
"uTorrentControl_v6 Toolbar" = uTorrentControl_v6 Toolbar
"VLC media player" = VLC media player 2.0.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip Registry Optimizer_is1" = WinZip Registry Optimizer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2013 12:42:41 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 90078

Error - 28/09/2013 12:42:41 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 90078

Error - 29/09/2013 5:16:00 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/09/2013 5:16:01 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2672

Error - 29/09/2013 5:16:01 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2672

Error - 30/09/2013 1:10:57 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/09/2013 1:10:57 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2656

Error - 30/09/2013 1:10:57 AM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2656

Error - 30/09/2013 10:12:41 PM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/09/2013 10:12:41 PM | Computer Name = TECHNOOBIE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2422

[ System Events ]
Error - 15/10/2013 8:45:26 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The Updater Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/10/2013 8:45:26 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater17.0.12 service terminated unexpectedly. It has
done this 1 time(s).

Error - 15/10/2013 9:18:14 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V12 service terminated unexpectedly.
It has done this 1 time(s).

Error - 15/10/2013 9:18:14 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 15/10/2013 9:18:15 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/10/2013 9:18:15 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The Dritek WMI Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/10/2013 9:18:15 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 15/10/2013 9:18:15 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7031
Description = The Norton Safe Web Lite service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 15/10/2013 9:18:16 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The Updater Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/10/2013 9:18:16 AM | Computer Name = EMACHINES | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater17.0.12 service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

Edited by technoobie, 16 October 2013 - 12:19 AM.

  • 0

#9
technoobie
Posted 16 October 2013 - 12:16 AM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
In regards to your previous question of how the netbook is running, it seems ok as far as speed goes, but I'm still suspicious that there's malware still on it as the original popup that heralded all these problems is still there.I tried to take a screen shot of it but I don't know how to paste it in the reply section here, sorry.
  • 0

#10
DonnaB
Posted 16 October 2013 - 09:47 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
We need to approach this in more aggressive manner.

Please uninstall µTorrent since you concur that this is how Winzip Registry Optimizer came to be installed on your system. I feel that I must warn you that P2P Programs are of the highest nature that infections are invited into your computer, as you have found. Personally, this being a netbook, and you have limited options to restore this device to proper working condition, I would not re-install nor use P2P Programs at all.

To uninstall µTorrent, go to Start > Control Panel > Add\Remove Programs double click to uninstall.

While you are there, please uninstall Winzip Registry Optimizer as well:

Next:

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

I have posted 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not both of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
iExplore.exe (renamed rKill.exe)
  • Please be patient as a binary box will appear after you click the link(s) above. Once it does appear, please click on the Save File button found within the binary box.
  • Double-click on the Rkill desktop icon to run the tool.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • Do not reboot your computer after running RKill as the malware programs will start again.
  • If the tool does not run from any of the links provided, please let me know.
    If normal mode still doesn't work, run the tool from safe mode.
When the scan is complete, Notepad will open with rKill log.
Please save the log to post in your next reply.
NOTE: rKill.txt log can also be found on your desktop.


Next:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (e,g. TDSSKiller.2.4.0.0_27.09.2013_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Next:

Please download Junkware Removal Tool to your desktop.

  • Disable your AV protection software now to avoid potential conflicts.
  • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Once scan is finished, please re-enable your AV protection.

In your next reply, please post the following logs:
rKill.txt
TDSSKiller_version_date_time_log.txt
JRT.txt


Thank you,
Donna :)
  • 0

Advertisements

#11
technoobie
Posted 16 October 2013 - 07:16 PM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Donna,
Thanks for all your help so far, don't worry my days of using Utorrent are well and truly over after experiencing all this! So I think I managed to uninstall both Utorrent and Winzip Registry Optimizer *Yay*.

Here are the logs you asked for (the TDSSKiller.exe program didn't find anything, so I won't post that log).

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 10/17/2013 11:03:38 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t



Program finished at: 10/17/2013 11:05:34 AM
Execution time: 0 hours(s), 1 minute(s), and 56 seconds(s)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by TechnoobieFamily on Thu 17/10/2013 at 11:57:42.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422152260}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466156660}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466156660}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Folder] C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 17/10/2013 at 12:05:40.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by technoobie, 16 October 2013 - 07:18 PM.

  • 0

#12
DonnaB
Posted 16 October 2013 - 07:32 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi technoobie,

You're very welcome. :yes:

Here are the logs you asked for (the TDSSKiller.exe program didn't find anything, so I won't post that log).


Not that I doubt your abilities to read the TDSSKiller log, but I would personally like to review the log to ensure something is not overlooked. Could you post it please? :)

Also, I need you to run a few more scans to ensure we have removed all the nasties I see in the OTL logs above. I want to make sure nothing is left behind that may return to haunt you.

Just a few more scans and I'll turn you loose! ;)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Thank you,
Donna
  • 0

#13
technoobie
Posted 16 October 2013 - 08:18 PM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Donna,

Here's the TDSSKiller log. I had a bit of trouble following your initial instructions as I wasn't sure how to get it on the desktop, but I've run it through a couple of times and it keeps saying no threats found.

13:08:45.0625 0x0220 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
13:08:55.0046 0x0220 ============================================================
13:08:55.0046 0x0220 Current date / time: 2013/10/17 13:08:55.0046
13:08:55.0046 0x0220 SystemInfo:
13:08:55.0046 0x0220
13:08:55.0046 0x0220 OS Version: 5.1.2600 ServicePack: 3.0
13:08:55.0046 0x0220 Product type: Workstation
13:08:55.0046 0x0220 ComputerName: EMACHINES
13:08:55.0046 0x0220 UserName: TechnoobieFamily
13:08:55.0046 0x0220 Windows directory: C:\WINDOWS
13:08:55.0046 0x0220 System windows directory: C:\WINDOWS
13:08:55.0046 0x0220 Processor architecture: Intel x86
13:08:55.0046 0x0220 Number of processors: 2
13:08:55.0046 0x0220 Page size: 0x1000
13:08:55.0046 0x0220 Boot type: Normal boot
13:08:55.0046 0x0220 ============================================================
13:08:58.0203 0x0220 System UUID: {6409FC97-51AE-458B-DE68-6BD44AB533E8}
13:09:00.0500 0x0220 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:09:00.0718 0x0220 ============================================================
13:09:00.0718 0x0220 \Device\Harddisk0\DR0:
13:09:00.0718 0x0220 MBR partitions:
13:09:00.0718 0x0220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x11616800
13:09:00.0718 0x0220 ============================================================
13:09:00.0765 0x0220 C: <-> \Device\Harddisk0\DR0\Partition1
13:09:00.0765 0x0220 ============================================================
13:09:00.0765 0x0220 Initialize success
13:09:00.0765 0x0220 ============================================================
13:09:55.0125 0x00a4 ============================================================
13:09:55.0125 0x00a4 Scan started
13:09:55.0125 0x00a4 Mode: Manual;
13:09:55.0125 0x00a4 ============================================================
13:09:55.0125 0x00a4 KSN ping started
13:09:58.0000 0x00a4 KSN ping finished: true
13:09:58.0406 0x00a4 ================ Scan system memory ========================
13:09:58.0406 0x00a4 System memory - ok
13:09:58.0406 0x00a4 ================ Scan services =============================
13:09:58.0578 0x00a4 Abiosdsk - ok
13:09:58.0609 0x00a4 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:09:58.0609 0x00a4 abp480n5 - ok
13:09:58.0859 0x00a4 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:09:58.0875 0x00a4 ACPI - ok
13:09:58.0890 0x00a4 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:09:58.0890 0x00a4 ACPIEC - ok
13:09:59.0031 0x00a4 [ 430C19CB511FD6E0DDCD44B42B1810DA, 2EE9FFB0B6DEC653327D8932EC731D81FF86C64A67CD37AABD2022CF04AA487C ] AdobeActiveFileMonitor12.0 C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
13:09:59.0296 0x00a4 AdobeActiveFileMonitor12.0 - ok
13:09:59.0328 0x00a4 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:09:59.0343 0x00a4 adpu160m - ok
13:09:59.0375 0x00a4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:09:59.0390 0x00a4 aec - ok
13:09:59.0453 0x00a4 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:09:59.0453 0x00a4 AFD - ok
13:09:59.0484 0x00a4 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:09:59.0500 0x00a4 agp440 - ok
13:09:59.0515 0x00a4 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:09:59.0515 0x00a4 agpCPQ - ok
13:09:59.0546 0x00a4 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:09:59.0546 0x00a4 Aha154x - ok
13:09:59.0578 0x00a4 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:09:59.0578 0x00a4 aic78u2 - ok
13:09:59.0609 0x00a4 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:09:59.0609 0x00a4 aic78xx - ok
13:09:59.0656 0x00a4 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:09:59.0656 0x00a4 Alerter - ok
13:09:59.0687 0x00a4 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
13:09:59.0687 0x00a4 ALG - ok
13:09:59.0718 0x00a4 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:09:59.0718 0x00a4 AliIde - ok
13:09:59.0765 0x00a4 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:09:59.0765 0x00a4 alim1541 - ok
13:09:59.0968 0x00a4 [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:10:00.0078 0x00a4 Ambfilt - ok
13:10:00.0125 0x00a4 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:10:00.0125 0x00a4 amdagp - ok
13:10:00.0171 0x00a4 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:10:00.0171 0x00a4 amsint - ok
13:10:00.0265 0x00a4 [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:10:00.0265 0x00a4 Apple Mobile Device - ok
13:10:00.0281 0x00a4 AppMgmt - ok
13:10:00.0453 0x00a4 [ 41074707BA49D02E240C7B960217AABE, CC62B24C5B1E80FB1E8BC0073DDE31889CF42E0513AC22F63FE0D4BB0BABA704 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
13:10:00.0546 0x00a4 AR5416 - ok
13:10:00.0593 0x00a4 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:10:00.0593 0x00a4 asc - ok
13:10:00.0625 0x00a4 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:10:00.0625 0x00a4 asc3350p - ok
13:10:00.0656 0x00a4 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:10:00.0656 0x00a4 asc3550 - ok
13:10:00.0781 0x00a4 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:10:00.0796 0x00a4 aspnet_state - ok
13:10:00.0828 0x00a4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:10:00.0843 0x00a4 AsyncMac - ok
13:10:00.0875 0x00a4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:10:00.0875 0x00a4 atapi - ok
13:10:00.0890 0x00a4 Atdisk - ok
13:10:00.0937 0x00a4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:10:00.0937 0x00a4 Atmarpc - ok
13:10:00.0984 0x00a4 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:10:00.0984 0x00a4 AudioSrv - ok
13:10:01.0031 0x00a4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:10:01.0031 0x00a4 audstub - ok
13:10:01.0078 0x00a4 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
13:10:01.0078 0x00a4 avgtp - ok
13:10:01.0093 0x00a4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:10:01.0093 0x00a4 Beep - ok
13:10:01.0171 0x00a4 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
13:10:01.0187 0x00a4 BITS - ok
13:10:01.0296 0x00a4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:10:01.0343 0x00a4 Bonjour Service - ok
13:10:01.0406 0x00a4 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
13:10:01.0421 0x00a4 Browser - ok
13:10:01.0468 0x00a4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:10:01.0484 0x00a4 cbidf - ok
13:10:01.0500 0x00a4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:10:01.0500 0x00a4 cbidf2k - ok
13:10:01.0546 0x00a4 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:10:01.0546 0x00a4 CCDECODE - ok
13:10:01.0578 0x00a4 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:10:01.0578 0x00a4 cd20xrnt - ok
13:10:01.0625 0x00a4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:10:01.0625 0x00a4 Cdaudio - ok
13:10:01.0687 0x00a4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:10:01.0687 0x00a4 Cdfs - ok
13:10:01.0734 0x00a4 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:10:01.0734 0x00a4 Cdrom - ok
13:10:01.0765 0x00a4 Changer - ok
13:10:01.0796 0x00a4 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:10:01.0796 0x00a4 CiSvc - ok
13:10:01.0828 0x00a4 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:10:01.0843 0x00a4 ClipSrv - ok
13:10:01.0921 0x00a4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:10:01.0937 0x00a4 clr_optimization_v2.0.50727_32 - ok
13:10:02.0000 0x00a4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:10:02.0078 0x00a4 clr_optimization_v4.0.30319_32 - ok
13:10:02.0125 0x00a4 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:10:02.0125 0x00a4 CmBatt - ok
13:10:02.0171 0x00a4 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:10:02.0171 0x00a4 CmdIde - ok
13:10:02.0218 0x00a4 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:10:02.0218 0x00a4 Compbatt - ok
13:10:02.0234 0x00a4 COMSysApp - ok
13:10:02.0312 0x00a4 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:10:02.0312 0x00a4 Cpqarray - ok
13:10:02.0359 0x00a4 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:10:02.0359 0x00a4 CryptSvc - ok
13:10:02.0406 0x00a4 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:10:02.0421 0x00a4 dac2w2k - ok
13:10:02.0453 0x00a4 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:10:02.0453 0x00a4 dac960nt - ok
13:10:02.0515 0x00a4 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:10:02.0546 0x00a4 DcomLaunch - ok
13:10:02.0593 0x00a4 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:10:02.0609 0x00a4 Dhcp - ok
13:10:02.0656 0x00a4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:10:02.0656 0x00a4 Disk - ok
13:10:02.0718 0x00a4 [ 66C8D2405D9ACC629125782DE9538F6E, 9F39F9442CA82D295FAACA0547AC60A496B943CAA75CDB1DFE5E49CE2711E1B3 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
13:10:02.0718 0x00a4 DKbFltr - ok
13:10:02.0734 0x00a4 dmadmin - ok
13:10:02.0828 0x00a4 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:10:02.0890 0x00a4 dmboot - ok
13:10:02.0937 0x00a4 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:10:02.0937 0x00a4 dmio - ok
13:10:02.0968 0x00a4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:10:02.0968 0x00a4 dmload - ok
13:10:03.0015 0x00a4 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
13:10:03.0015 0x00a4 dmserver - ok
13:10:03.0062 0x00a4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:10:03.0062 0x00a4 DMusic - ok
13:10:03.0125 0x00a4 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:10:03.0140 0x00a4 Dnscache - ok
13:10:03.0187 0x00a4 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:10:03.0203 0x00a4 Dot3svc - ok
13:10:03.0234 0x00a4 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:10:03.0234 0x00a4 dpti2o - ok
13:10:03.0250 0x00a4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:10:03.0265 0x00a4 drmkaud - ok
13:10:03.0343 0x00a4 [ EDF7343ACAAB182C082F26EA97706E83, 7D56045D9A53B947B2B47A52CB5E08D155945C985AE480E25D1113431310AC3D ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
13:10:03.0359 0x00a4 DsiWMIService - ok
13:10:03.0406 0x00a4 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:10:03.0406 0x00a4 EapHost - ok
13:10:03.0421 0x00a4 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:10:03.0437 0x00a4 ERSvc - ok
13:10:03.0500 0x00a4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
13:10:03.0500 0x00a4 Eventlog - ok
13:10:03.0578 0x00a4 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
13:10:03.0609 0x00a4 EventSystem - ok
13:10:03.0703 0x00a4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:10:03.0718 0x00a4 Fastfat - ok
13:10:03.0812 0x00a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:10:03.0828 0x00a4 FastUserSwitchingCompatibility - ok
13:10:03.0921 0x00a4 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
13:10:03.0953 0x00a4 Fax - ok
13:10:03.0984 0x00a4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:10:03.0984 0x00a4 Fdc - ok
13:10:04.0015 0x00a4 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:10:04.0031 0x00a4 Fips - ok
13:10:04.0062 0x00a4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:10:04.0062 0x00a4 Flpydisk - ok
13:10:04.0109 0x00a4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:10:04.0125 0x00a4 FltMgr - ok
13:10:04.0203 0x00a4 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:10:04.0203 0x00a4 FontCache3.0.0.0 - ok
13:10:04.0234 0x00a4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:10:04.0234 0x00a4 Fs_Rec - ok
13:10:04.0265 0x00a4 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:10:04.0265 0x00a4 Ftdisk - ok
13:10:04.0281 0x00a4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:10:04.0281 0x00a4 Gpc - ok
13:10:04.0375 0x00a4 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1cabe9ebffc9b56 C:\Program Files\Google\Update\GoogleUpdate.exe
13:10:04.0375 0x00a4 gupdate1cabe9ebffc9b56 - ok
13:10:04.0390 0x00a4 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:10:04.0406 0x00a4 gupdatem - ok
13:10:04.0484 0x00a4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:10:04.0484 0x00a4 gusvc - ok
13:10:04.0515 0x00a4 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:10:04.0531 0x00a4 HDAudBus - ok
13:10:04.0593 0x00a4 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:10:04.0687 0x00a4 helpsvc - ok
13:10:04.0718 0x00a4 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:10:04.0718 0x00a4 HidServ - ok
13:10:04.0750 0x00a4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:10:04.0765 0x00a4 HidUsb - ok
13:10:04.0812 0x00a4 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:10:04.0812 0x00a4 hkmsvc - ok
13:10:04.0843 0x00a4 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:10:04.0859 0x00a4 hpn - ok
13:10:04.0953 0x00a4 [ AF81F7BA6A09119006FE041A2F2F3ECE, 3488569086A851CEC0946601C4287A7C83BE6CB82F0160F5817C873A3B16FAFA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:10:04.0984 0x00a4 hpqcxs08 - ok
13:10:05.0015 0x00a4 [ 7244F63DB8EA883B3DC8E730C645D073, DB83BA959D06945CEF5CC41EDF6DBBBA5691A2F52BA1BF507B79E22A0EED7FF8 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:10:05.0250 0x00a4 hpqddsvc - ok
13:10:05.0281 0x00a4 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:10:05.0296 0x00a4 HPZid412 - ok
13:10:05.0296 0x00a4 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:10:05.0312 0x00a4 HPZipr12 - ok
13:10:05.0328 0x00a4 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:10:05.0343 0x00a4 HPZius12 - ok
13:10:05.0390 0x00a4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:10:05.0421 0x00a4 HTTP - ok
13:10:05.0468 0x00a4 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:10:05.0484 0x00a4 HTTPFilter - ok
13:10:05.0515 0x00a4 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:10:05.0515 0x00a4 i2omgmt - ok
13:10:05.0546 0x00a4 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:10:05.0546 0x00a4 i2omp - ok
13:10:05.0593 0x00a4 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:10:05.0593 0x00a4 i8042prt - ok
13:10:05.0718 0x00a4 [ 3AD7614C487C948ADD435662265750FB, 90E5A0E3FB63490CD72B240FE5F9B93AC0FE7FEF58E24D42D79941FC71B5BE99 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:10:05.0734 0x00a4 IAANTMON - ok
13:10:06.0296 0x00a4 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:10:06.0718 0x00a4 ialm - ok
13:10:06.0812 0x00a4 [ DB0CC620B27A928D968C1A1E9CD9CB87, 62F2FAF027C217A3A035759AF47D848AEFFA7A94C54B4C424B67459D464B8AA8 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
13:10:06.0828 0x00a4 iaStor - ok
13:10:06.0937 0x00a4 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:10:06.0984 0x00a4 idsvc - ok
13:10:07.0031 0x00a4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:10:07.0046 0x00a4 Imapi - ok
13:10:07.0093 0x00a4 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
13:10:07.0093 0x00a4 ImapiService - ok
13:10:07.0140 0x00a4 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:10:07.0140 0x00a4 ini910u - ok
13:10:07.0687 0x00a4 [ 3FA02C6E3E9EBE8523A2D4E51D0ECE1F, D2AA1CA754F83AAA7C4D5478934A1F83E362131818505B01C2848E85FA077789 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:10:08.0125 0x00a4 IntcAzAudAddService - ok
13:10:08.0187 0x00a4 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:10:08.0187 0x00a4 IntelIde - ok
13:10:08.0234 0x00a4 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:10:08.0234 0x00a4 intelppm - ok
13:10:08.0281 0x00a4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:10:08.0281 0x00a4 Ip6Fw - ok
13:10:08.0312 0x00a4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:10:08.0312 0x00a4 IpFilterDriver - ok
13:10:08.0343 0x00a4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:10:08.0343 0x00a4 IpInIp - ok
13:10:08.0375 0x00a4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:10:08.0390 0x00a4 IpNat - ok
13:10:08.0406 0x00a4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:10:08.0421 0x00a4 IPSec - ok
13:10:08.0453 0x00a4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:10:08.0453 0x00a4 IRENUM - ok
13:10:08.0484 0x00a4 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:10:08.0500 0x00a4 isapnp - ok
13:10:08.0515 0x00a4 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:10:08.0515 0x00a4 Kbdclass - ok
13:10:08.0562 0x00a4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:10:08.0562 0x00a4 kmixer - ok
13:10:08.0578 0x00a4 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:10:08.0593 0x00a4 KSecDD - ok
13:10:08.0640 0x00a4 [ 6C8658587E91EA25B0FD2E71781AD228, EFD9D5E73264175C7E598D8B2DB2CE44A70A0D8B18290338E4FBDE585AA607AF ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
13:10:08.0640 0x00a4 L1c - ok
13:10:08.0687 0x00a4 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:10:08.0703 0x00a4 LanmanServer - ok
13:10:08.0765 0x00a4 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:10:08.0781 0x00a4 lanmanworkstation - ok
13:10:08.0796 0x00a4 lbrtfdc - ok
13:10:08.0843 0x00a4 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:10:08.0859 0x00a4 LmHosts - ok
13:10:08.0890 0x00a4 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:10:08.0890 0x00a4 Messenger - ok
13:10:08.0984 0x00a4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:10:09.0000 0x00a4 Microsoft Office Groove Audit Service - ok
13:10:09.0046 0x00a4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:10:09.0046 0x00a4 mnmdd - ok
13:10:09.0093 0x00a4 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:10:09.0093 0x00a4 mnmsrvc - ok
13:10:09.0125 0x00a4 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:10:09.0125 0x00a4 Modem - ok
13:10:09.0296 0x00a4 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:10:09.0421 0x00a4 Monfilt - ok
13:10:09.0500 0x00a4 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:10:09.0500 0x00a4 Mouclass - ok
13:10:09.0531 0x00a4 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:10:09.0531 0x00a4 mouhid - ok
13:10:09.0578 0x00a4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:10:09.0578 0x00a4 MountMgr - ok
13:10:09.0625 0x00a4 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:10:09.0640 0x00a4 MpFilter - ok
13:10:09.0765 0x00a4 [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKslaef09ad8 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B21829DC-EFE5-4B47-AFEB-A0EAB0C0A052}\MpKslaef09ad8.sys
13:10:09.0765 0x00a4 MpKslaef09ad8 - ok
13:10:09.0781 0x00a4 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:10:09.0781 0x00a4 mraid35x - ok
13:10:09.0890 0x00a4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:10:09.0921 0x00a4 MRxDAV - ok
13:10:10.0062 0x00a4 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:10:10.0125 0x00a4 MRxSmb - ok
13:10:10.0187 0x00a4 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:10:10.0187 0x00a4 MSDTC - ok
13:10:10.0218 0x00a4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:10:10.0218 0x00a4 Msfs - ok
13:10:10.0234 0x00a4 MSIServer - ok
13:10:10.0281 0x00a4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:10:10.0281 0x00a4 MSKSSRV - ok
13:10:10.0359 0x00a4 [ 3EA6A1A744D79328AE7E2C6FAE4C4420, CB4F8F744B454FCC16D4C0D28126BC31B1B5C9F9FB5DAE3152D9B3B7F4165523 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:10:10.0375 0x00a4 MsMpSvc - ok
13:10:10.0406 0x00a4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:10:10.0406 0x00a4 MSPCLOCK - ok
13:10:10.0453 0x00a4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:10:10.0453 0x00a4 MSPQM - ok
13:10:10.0515 0x00a4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:10:10.0515 0x00a4 mssmbios - ok
13:10:10.0531 0x00a4 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:10:10.0531 0x00a4 MSTEE - ok
13:10:10.0593 0x00a4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:10:10.0593 0x00a4 Mup - ok
13:10:10.0656 0x00a4 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:10:10.0656 0x00a4 NABTSFEC - ok
13:10:10.0781 0x00a4 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:10:10.0796 0x00a4 napagent - ok
13:10:10.0875 0x00a4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:10:10.0875 0x00a4 NDIS - ok
13:10:10.0906 0x00a4 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:10:10.0906 0x00a4 NdisIP - ok
13:10:10.0953 0x00a4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:10:10.0953 0x00a4 NdisTapi - ok
13:10:10.0968 0x00a4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:10:10.0968 0x00a4 Ndisuio - ok
13:10:10.0984 0x00a4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:10:11.0000 0x00a4 NdisWan - ok
13:10:11.0046 0x00a4 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:10:11.0046 0x00a4 NDProxy - ok
13:10:11.0093 0x00a4 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:10:11.0093 0x00a4 Net Driver HPZ12 - ok
13:10:11.0156 0x00a4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:10:11.0156 0x00a4 NetBIOS - ok
13:10:11.0187 0x00a4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:10:11.0187 0x00a4 NetBT - ok
13:10:11.0234 0x00a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
13:10:11.0250 0x00a4 NetDDE - ok
13:10:11.0265 0x00a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:10:11.0265 0x00a4 NetDDEdsdm - ok
13:10:11.0312 0x00a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:10:11.0312 0x00a4 Netlogon - ok
13:10:11.0328 0x00a4 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
13:10:11.0343 0x00a4 Netman - ok
13:10:11.0437 0x00a4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:10:11.0453 0x00a4 NetTcpPortSharing - ok
13:10:11.0484 0x00a4 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
13:10:11.0500 0x00a4 Nla - ok
13:10:11.0546 0x00a4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:10:11.0546 0x00a4 Npfs - ok
13:10:11.0640 0x00a4 [ 436E7B2E6F42C2717C1D670220D03336, 5F2AD6D60531296EF4648D19E9EF9CF0ECBEDA0C8CE0EA96EBE66C9DB98A8780 ] NSL C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
13:10:11.0656 0x00a4 NSL - ok
13:10:11.0734 0x00a4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:10:11.0765 0x00a4 Ntfs - ok
13:10:11.0796 0x00a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:10:11.0796 0x00a4 NtLmSsp - ok
13:10:11.0859 0x00a4 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:10:11.0890 0x00a4 NtmsSvc - ok
13:10:11.0921 0x00a4 [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
13:10:11.0921 0x00a4 NuidFltr - ok
13:10:11.0953 0x00a4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
13:10:11.0953 0x00a4 Null - ok
13:10:12.0000 0x00a4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:10:12.0000 0x00a4 NwlnkFlt - ok
13:10:12.0015 0x00a4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:10:12.0015 0x00a4 NwlnkFwd - ok
13:10:12.0187 0x00a4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:10:12.0218 0x00a4 odserv - ok
13:10:12.0265 0x00a4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:10:12.0281 0x00a4 ose - ok
13:10:12.0328 0x00a4 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:10:12.0343 0x00a4 Parport - ok
13:10:12.0390 0x00a4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:10:12.0390 0x00a4 PartMgr - ok
13:10:12.0421 0x00a4 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:10:12.0421 0x00a4 ParVdm - ok
13:10:12.0437 0x00a4 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:10:12.0437 0x00a4 PCI - ok
13:10:12.0453 0x00a4 PCIDump - ok
13:10:12.0468 0x00a4 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:10:12.0468 0x00a4 PCIIde - ok
13:10:12.0500 0x00a4 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:10:12.0515 0x00a4 Pcmcia - ok
13:10:12.0515 0x00a4 PDCOMP - ok
13:10:12.0531 0x00a4 PDFRAME - ok
13:10:12.0546 0x00a4 PDRELI - ok
13:10:12.0562 0x00a4 PDRFRAME - ok
13:10:12.0593 0x00a4 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:10:12.0593 0x00a4 perc2 - ok
13:10:12.0625 0x00a4 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:10:12.0625 0x00a4 perc2hib - ok
13:10:12.0687 0x00a4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
13:10:12.0703 0x00a4 PlugPlay - ok
13:10:12.0734 0x00a4 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:10:12.0750 0x00a4 Pml Driver HPZ12 - ok
13:10:12.0765 0x00a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:10:12.0765 0x00a4 PolicyAgent - ok
13:10:12.0796 0x00a4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:10:12.0796 0x00a4 PptpMiniport - ok
13:10:12.0812 0x00a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:10:12.0812 0x00a4 ProtectedStorage - ok
13:10:12.0843 0x00a4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:10:12.0843 0x00a4 PSched - ok
13:10:12.0859 0x00a4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:10:12.0859 0x00a4 Ptilink - ok
13:10:12.0906 0x00a4 [ B6A1692FC131F1FE5162513D78A9B6FC, 193B12508E5D076B178AADDDA9BECB4F397307FB8D96B16540697D6E49D61C28 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:10:12.0921 0x00a4 PxHelp20 - ok
13:10:12.0937 0x00a4 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:10:12.0953 0x00a4 ql1080 - ok
13:10:12.0968 0x00a4 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:10:12.0968 0x00a4 Ql10wnt - ok
13:10:13.0000 0x00a4 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:10:13.0000 0x00a4 ql12160 - ok
13:10:13.0015 0x00a4 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:10:13.0015 0x00a4 ql1240 - ok
13:10:13.0046 0x00a4 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:10:13.0046 0x00a4 ql1280 - ok
13:10:13.0078 0x00a4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:10:13.0078 0x00a4 RasAcd - ok
13:10:13.0140 0x00a4 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:10:13.0156 0x00a4 RasAuto - ok
13:10:13.0187 0x00a4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:10:13.0187 0x00a4 Rasl2tp - ok
13:10:13.0234 0x00a4 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:10:13.0250 0x00a4 RasMan - ok
13:10:13.0265 0x00a4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:10:13.0265 0x00a4 RasPppoe - ok
13:10:13.0296 0x00a4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:10:13.0312 0x00a4 Raspti - ok
13:10:13.0343 0x00a4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:10:13.0359 0x00a4 Rdbss - ok
13:10:13.0375 0x00a4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:10:13.0375 0x00a4 RDPCDD - ok
13:10:13.0421 0x00a4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:10:13.0437 0x00a4 rdpdr - ok
13:10:13.0484 0x00a4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:10:13.0500 0x00a4 RDPWD - ok
13:10:13.0546 0x00a4 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:10:13.0546 0x00a4 RDSessMgr - ok
13:10:13.0578 0x00a4 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:10:13.0593 0x00a4 redbook - ok
13:10:13.0625 0x00a4 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:10:13.0625 0x00a4 RemoteAccess - ok
13:10:13.0671 0x00a4 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:10:13.0671 0x00a4 RpcLocator - ok
13:10:13.0734 0x00a4 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:10:13.0750 0x00a4 RpcSs - ok
13:10:13.0765 0x00a4 RSUSBSTOR - ok
13:10:13.0796 0x00a4 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:10:13.0812 0x00a4 RSVP - ok
13:10:13.0828 0x00a4 Rts516xIR - ok
13:10:13.0859 0x00a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
13:10:13.0859 0x00a4 SamSs - ok
13:10:13.0906 0x00a4 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:10:13.0921 0x00a4 SCardSvr - ok
13:10:13.0953 0x00a4 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:10:13.0968 0x00a4 Schedule - ok
13:10:14.0015 0x00a4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:10:14.0015 0x00a4 Secdrv - ok
13:10:14.0046 0x00a4 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:10:14.0046 0x00a4 seclogon - ok
13:10:14.0062 0x00a4 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
13:10:14.0078 0x00a4 SENS - ok
13:10:14.0093 0x00a4 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:10:14.0109 0x00a4 Serial - ok
13:10:14.0156 0x00a4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:10:14.0156 0x00a4 Sfloppy - ok
13:10:14.0218 0x00a4 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:10:14.0250 0x00a4 SharedAccess - ok
13:10:14.0281 0x00a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:10:14.0281 0x00a4 ShellHWDetection - ok
13:10:14.0296 0x00a4 Simbad - ok
13:10:14.0328 0x00a4 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:10:14.0328 0x00a4 sisagp - ok
13:10:14.0390 0x00a4 [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:10:14.0406 0x00a4 SkypeUpdate - ok
13:10:14.0437 0x00a4 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:10:14.0437 0x00a4 SLIP - ok
13:10:14.0609 0x00a4 [ C792610F7D2009352721C1AE38DA0619, 6391F31D49BE300E19340BC110BAA17CF3EE1FCAF96F845E4B49779331033B9E ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
13:10:14.0734 0x00a4 SNP2UVC - ok
13:10:14.0781 0x00a4 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:10:14.0781 0x00a4 Sparrow - ok
13:10:14.0812 0x00a4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:10:14.0812 0x00a4 splitter - ok
13:10:14.0875 0x00a4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:10:14.0875 0x00a4 Spooler - ok
13:10:14.0906 0x00a4 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:10:14.0906 0x00a4 sr - ok
13:10:14.0968 0x00a4 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
13:10:14.0984 0x00a4 srservice - ok
13:10:15.0015 0x00a4 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:10:15.0046 0x00a4 Srv - ok
13:10:15.0078 0x00a4 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:10:15.0078 0x00a4 SSDPSRV - ok
13:10:15.0125 0x00a4 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:10:15.0140 0x00a4 stisvc - ok
13:10:15.0171 0x00a4 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:10:15.0187 0x00a4 streamip - ok
13:10:15.0218 0x00a4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:10:15.0218 0x00a4 swenum - ok
13:10:15.0250 0x00a4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:10:15.0265 0x00a4 swmidi - ok
13:10:15.0281 0x00a4 SwPrv - ok
13:10:15.0312 0x00a4 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:10:15.0312 0x00a4 symc810 - ok
13:10:15.0343 0x00a4 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:10:15.0343 0x00a4 symc8xx - ok
13:10:15.0375 0x00a4 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:10:15.0375 0x00a4 sym_hi - ok
13:10:15.0390 0x00a4 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:10:15.0406 0x00a4 sym_u3 - ok
13:10:15.0453 0x00a4 [ E09C6AE9F84B5985979046E0A5896584, D3D3AEE190B968B2F16B9E9B2FDAE8CD013823004194E7B5D3D6FF24F29524B0 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:10:15.0468 0x00a4 SynTP - ok
13:10:15.0531 0x00a4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:10:15.0531 0x00a4 sysaudio - ok
13:10:15.0593 0x00a4 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:10:15.0593 0x00a4 SysmonLog - ok
13:10:15.0640 0x00a4 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:10:15.0671 0x00a4 TapiSrv - ok
13:10:15.0734 0x00a4 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:10:15.0750 0x00a4 Tcpip - ok
13:10:15.0781 0x00a4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:10:15.0781 0x00a4 TDPIPE - ok
13:10:15.0812 0x00a4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:10:15.0812 0x00a4 TDTCP - ok
13:10:15.0859 0x00a4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:10:15.0859 0x00a4 TermDD - ok
13:10:15.0921 0x00a4 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
13:10:15.0937 0x00a4 TermService - ok
13:10:15.0968 0x00a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
13:10:15.0968 0x00a4 Themes - ok
13:10:16.0000 0x00a4 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:10:16.0015 0x00a4 TosIde - ok
13:10:16.0031 0x00a4 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:10:16.0046 0x00a4 TrkWks - ok
13:10:16.0093 0x00a4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:10:16.0109 0x00a4 Udfs - ok
13:10:16.0140 0x00a4 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:10:16.0140 0x00a4 ultra - ok
13:10:16.0203 0x00a4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:10:16.0218 0x00a4 Update - ok
13:10:16.0328 0x00a4 [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
13:10:16.0343 0x00a4 Updater Service - ok
13:10:16.0390 0x00a4 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
13:10:16.0406 0x00a4 upnphost - ok
13:10:16.0421 0x00a4 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
13:10:16.0437 0x00a4 UPS - ok
13:10:16.0484 0x00a4 [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:10:16.0484 0x00a4 USBAAPL - ok
13:10:16.0515 0x00a4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:10:16.0515 0x00a4 usbccgp - ok
13:10:16.0531 0x00a4 USBCCID - ok
13:10:16.0562 0x00a4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:10:16.0562 0x00a4 usbehci - ok
13:10:16.0609 0x00a4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:10:16.0609 0x00a4 usbhub - ok
13:10:16.0656 0x00a4 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:10:16.0671 0x00a4 usbprint - ok
13:10:16.0703 0x00a4 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:10:16.0703 0x00a4 usbscan - ok
13:10:16.0750 0x00a4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:10:16.0750 0x00a4 usbstor - ok
13:10:16.0781 0x00a4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:10:16.0781 0x00a4 usbuhci - ok
13:10:16.0828 0x00a4 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:10:16.0843 0x00a4 usbvideo - ok
13:10:16.0890 0x00a4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:10:16.0890 0x00a4 VgaSave - ok
13:10:16.0921 0x00a4 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:10:16.0921 0x00a4 viaagp - ok
13:10:16.0937 0x00a4 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:10:16.0953 0x00a4 ViaIde - ok
13:10:16.0984 0x00a4 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:10:16.0984 0x00a4 VolSnap - ok
13:10:17.0031 0x00a4 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
13:10:17.0062 0x00a4 VSS - ok
13:10:17.0234 0x00a4 [ B2B9BDECE253AE113B0F0901C699A5F8, 6EA15ED699A4C23151AB77B9DCCB4497B53311516C061934868C5788CC5E09AD ] vToolbarUpdater17.0.12 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
13:10:17.0343 0x00a4 vToolbarUpdater17.0.12 - ok
13:10:17.0406 0x00a4 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
13:10:17.0421 0x00a4 W32Time - ok
13:10:17.0468 0x00a4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:10:17.0468 0x00a4 Wanarp - ok
13:10:17.0562 0x00a4 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:10:17.0593 0x00a4 Wdf01000 - ok
13:10:17.0609 0x00a4 WDICA - ok
13:10:17.0640 0x00a4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:10:17.0656 0x00a4 wdmaud - ok
13:10:17.0718 0x00a4 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
13:10:17.0734 0x00a4 WebClient - ok
13:10:17.0828 0x00a4 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:10:17.0984 0x00a4 winmgmt - ok
13:10:18.0046 0x00a4 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:10:18.0062 0x00a4 WmdmPmSN - ok
13:10:18.0078 0x00a4 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:10:18.0078 0x00a4 WmiAcpi - ok
13:10:18.0125 0x00a4 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:10:18.0281 0x00a4 WmiApSrv - ok
13:10:18.0515 0x00a4 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:10:18.0562 0x00a4 WPFFontCache_v0400 - ok
13:10:18.0640 0x00a4 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:10:18.0656 0x00a4 wscsvc - ok
13:10:18.0656 0x00a4 WSearch - ok
13:10:18.0703 0x00a4 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:10:18.0703 0x00a4 WSTCODEC - ok
13:10:18.0750 0x00a4 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:10:18.0765 0x00a4 wuauserv - ok
13:10:18.0828 0x00a4 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:10:18.0859 0x00a4 WZCSVC - ok
13:10:18.0906 0x00a4 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:10:18.0906 0x00a4 xmlprov - ok
13:10:18.0937 0x00a4 ================ Scan global ===============================
13:10:18.0984 0x00a4 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
13:10:19.0031 0x00a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:10:19.0078 0x00a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:10:19.0125 0x00a4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
13:10:19.0125 0x00a4 [ Global ] - ok
13:10:19.0125 0x00a4 ================ Scan MBR ==================================
13:10:19.0156 0x00a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:10:19.0390 0x00a4 \Device\Harddisk0\DR0 - ok
13:10:19.0390 0x00a4 ================ Scan VBR ==================================
13:10:19.0406 0x00a4 [ 2700C35610678AC99CEDB605044FA306 ] \Device\Harddisk0\DR0\Partition1
13:10:19.0406 0x00a4 \Device\Harddisk0\DR0\Partition1 - ok
13:10:19.0421 0x00a4 Waiting for KSN requests completion. In queue: 234
13:10:20.0421 0x00a4 Waiting for KSN requests completion. In queue: 234
13:10:21.0421 0x00a4 Waiting for KSN requests completion. In queue: 234
13:10:22.0421 0x00a4 Waiting for KSN requests completion. In queue: 234
13:10:23.0609 0x00a4 AV detected via SS1: Microsoft Security Essentials, 4.3.0216.0, enabled, updated
13:10:23.0609 0x00a4 Win FW state via NFM: enabled
13:10:27.0140 0x00a4 ============================================================
13:10:27.0140 0x00a4 Scan finished
13:10:27.0140 0x00a4 ============================================================
13:10:27.0171 0x008c Detected object count: 0
13:10:27.0171 0x008c Actual detected object count: 0
  • 0

#14
DonnaB
Posted 16 October 2013 - 08:41 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

Here's the TDSSKiller log. I had a bit of trouble following your initial instructions as I wasn't sure how to get it on the desktop,


Perfect! Thank you for the log. I'll have to check those instructions and see where the confusion lies. I'm glad you pointed that out to me.

Please post the AdwCleaner log when you are able.

Donna :)
  • 0

#15
technoobie
Posted 16 October 2013 - 09:57 PM

technoobie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Donna,

here's the adware cleaner log:

# AdwCleaner v3.008 - Report created 17/10/2013 at 13:24:20
# Updated 17/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : TechnoobieFamily - EMACHINES
# Running from : C:\Documents and Settings\TechnoobieFamily\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\BitGuard
Folder Found C:\Documents and Settings\TechnoobieFamily\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\TechnoobieFamily\Start Menu\Programs\BitGuard
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\94dddfb534be40
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\94dddfb534be40
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\TechnoobieFamily\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3551 octets] - [17/10/2013 13:24:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3611 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP