[dogstar21]

I had previously had a Google redirect virus (search in either Google or Yahoo! links sometimes bring to unwanted spam site). I had run MBAM, SuperAntiSpyware and Avira AntiVirus, and it had found and removed a trojan. I don't believe it was wiped clean, although overall, performance was OK. However, 2 days ago, a pop-up from a google search wasn't closed in time, and i started getting prompted that something was attempting to open Registry Editor. After rebooting in SAFE mode, i was able to run my anti-virus software, which again, found some malicious software (Avira AntiVirus found and quarantined the files), which was removed, and after reboot, i re-ran my scans and they were clean. However, upon re-starting in normal mode, i immediately began receiving the prompts for trying to open Registry Editor. I shut down again, and re-started in SAFE mode.

Here are the results from my OTL scan:
OTL logfile created on: 2/8/2014 1:34:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.91% Memory free
4.22 Gb Paging File | 3.53 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 290.53 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/05 13:20:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/22 15:56:02 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/05 13:20:27 | 003,583,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/22 15:56:01 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 13:20:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
IE - HKCU\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{507C5830-8FFE-4A43-ACD1-9BD283C246C6}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: hnxuzhqhha%40hnxuzhqhha.org:2.9.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]

[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2013/11/16 16:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/04/08 16:47:02 | 000,005,341 | ---- | M] () (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\[email protected]
[2013/12/12 18:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/05 13:20:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ElevatedDiagnostics] rundll32 File not found
O4 - HKCU..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Symantec] rundll32 File not found
O4 - HKCU..\Run: [Temp] rundll32 File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951
[2014/02/07 09:06:12 | 000,334,076 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\9ob3frbn.zvv
[2014/02/07 09:06:00 | 000,199,569 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\nbrf3bo9.cpp
[2014/01/29 14:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/01/29 14:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/01/21 10:02:18 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/08 13:25:38 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/08 13:25:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/08 13:06:44 | 000,189,440 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/08 12:52:18 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/08 12:52:18 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/08 12:52:18 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/08 12:47:15 | 095,027,928 | ---- | M] () -- C:\ProgramData\9ob3frbn.fee
[2014/02/08 12:44:33 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 12:44:33 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/07 15:41:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
[2014/01/29 14:32:19 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/21 10:02:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/01/20 19:32:42 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/07 09:06:06 | 095,027,928 | ---- | C] () -- C:\ProgramData\9ob3frbn.fee
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2012/02/10 10:46:45 | 000,005,074 | ---- | C] () -- C:\ProgramData\dkelscwb.bbq
[2012/01/02 23:44:12 | 000,010,520 | -HS- | C] () -- C:\Users\Pete\AppData\Local\yua771ud6eag86cc5x238c7dmqojj2ih3qifv
[2012/01/02 23:44:12 | 000,010,520 | -HS- | C] () -- C:\ProgramData\yua771ud6eag86cc5x238c7dmqojj2ih3qifv
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,189,440 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/23 21:54:00 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\58A94
[2011/11/23 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\945C3
[2011/05/30 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/27 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2011/11/23 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\lEELL8ggTZqYCkU
[2011/11/23 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\mNNNyccA1uv2oF4
[2010/05/12 10:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/21 23:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2011/11/23 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\TxPP00ycS1iv
[2009/08/19 12:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent
[2011/11/23 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\ynGG44amH6sWJfL

========== Purity Check ==========



< End of report >



Here are the results from the Avira Antivirus scan/removal:
--------------------------------------------------------------
Avira AntiVir Personal
Report file date: Friday, February 07, 2014 19:35

Scanning for 6419219 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Safe mode
Username : Pete
Computer name : PETE-PC

Version information:
BUILD.DAT : 10.2.0.2100 36757 Bytes 6/24/2013 22:26:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/29/2011 02:31:49
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/29/2011 02:31:49
LUKE.DLL : 10.3.0.5 45416 Bytes 6/29/2011 02:31:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:50
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/29/2011 02:31:50
AVREG.DLL : 10.3.0.9 88833 Bytes 7/12/2011 13:26:30
VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 17:16:55
VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 15:57:07
VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 22:51:30
VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 15:30:47
VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 14:28:09
VBASE005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 21:52:22
VBASE006.VDF : 7.11.103.230 2293248 Bytes 9/24/2013 18:33:52
VBASE007.VDF : 7.11.116.38 5485568 Bytes 11/28/2013 19:53:19
VBASE008.VDF : 7.11.126.50 3615744 Bytes 1/22/2014 20:23:14
VBASE009.VDF : 7.11.128.174 2030080 Bytes 2/3/2014 18:11:34
VBASE010.VDF : 7.11.128.175 2048 Bytes 2/3/2014 18:11:34
VBASE011.VDF : 7.11.128.176 2048 Bytes 2/3/2014 18:11:34
VBASE012.VDF : 7.11.128.177 2048 Bytes 2/3/2014 18:11:34
VBASE013.VDF : 7.11.128.178 2048 Bytes 2/3/2014 18:11:34
VBASE014.VDF : 7.11.129.9 211456 Bytes 2/4/2014 18:11:39
VBASE015.VDF : 7.11.129.163 215040 Bytes 2/6/2014 18:10:04
VBASE016.VDF : 7.11.129.164 2048 Bytes 2/6/2014 18:10:04
VBASE017.VDF : 7.11.129.165 2048 Bytes 2/6/2014 18:10:04
VBASE018.VDF : 7.11.129.166 2048 Bytes 2/6/2014 18:10:04
VBASE019.VDF : 7.11.129.167 2048 Bytes 2/6/2014 18:10:04
VBASE020.VDF : 7.11.129.168 2048 Bytes 2/6/2014 18:10:04
VBASE021.VDF : 7.11.129.169 2048 Bytes 2/6/2014 18:10:04
VBASE022.VDF : 7.11.129.170 2048 Bytes 2/6/2014 18:10:04
VBASE023.VDF : 7.11.129.171 2048 Bytes 2/6/2014 18:10:04
VBASE024.VDF : 7.11.129.172 2048 Bytes 2/6/2014 18:10:04
VBASE025.VDF : 7.11.129.173 2048 Bytes 2/6/2014 18:10:04
VBASE026.VDF : 7.11.129.174 2048 Bytes 2/6/2014 18:10:04
VBASE027.VDF : 7.11.129.175 2048 Bytes 2/6/2014 18:10:04
VBASE028.VDF : 7.11.129.176 2048 Bytes 2/6/2014 18:10:04
VBASE029.VDF : 7.11.129.177 2048 Bytes 2/6/2014 18:10:04
VBASE030.VDF : 7.11.129.178 2048 Bytes 2/6/2014 18:10:04
VBASE031.VDF : 7.11.130.6 261632 Bytes 2/7/2014 18:10:40
Engineversion : 8.2.14.2
AEVDF.DLL : 8.1.3.4 102774 Bytes 6/13/2013 17:59:07
AESCRIPT.DLL : 8.1.4.186 520574 Bytes 2/7/2014 18:10:41
AESCN.DLL : 8.1.10.6 131447 Bytes 12/12/2013 20:20:10
AESBX.DLL : 8.2.20.6 1331575 Bytes 1/13/2014 18:17:40
AERDL.DLL : 8.2.0.138 704888 Bytes 12/2/2013 19:53:02
AEPACK.DLL : 8.3.3.12 774521 Bytes 1/23/2014 20:23:06
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 8/8/2013 13:59:11
AEHEUR.DLL : 8.1.4.904 6455674 Bytes 2/7/2014 18:10:41
AEHELP.DLL : 8.1.27.10 266618 Bytes 11/22/2013 19:53:30
AEGEN.DLL : 8.1.7.22 446839 Bytes 1/16/2014 14:10:56
AEEXP.DLL : 8.4.1.202 434552 Bytes 2/7/2014 18:10:42
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 16:37:51
AECORE.DLL : 8.1.34.0 229753 Bytes 2/5/2014 18:12:08
AEBB.DLL : 8.1.1.4 53619 Bytes 11/8/2012 00:44:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:58
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/29/2011 02:31:49
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 06:03:15
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/29/2011 02:31:49
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/29/2011 02:31:49
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:58
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:22
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/29/2011 02:31:49
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/29/2011 02:31:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: Friday, February 07, 2014 19:35

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '65' Module(s) have been scanned
Scan process 'avcenter.exe' - '68' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '448' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2d89b452-5bcbdcf5
[DETECTION] Is the TR/Crypt.ZPACK.48857 Trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\19254b21-7e9f9d39
[0] Archive type: ZIP
--> a.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.26 Java virus
--> b.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.27 Java virus
--> c.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.28 Java virus
--> d.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.29 Java virus
--> e.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.20 Java virus
--> f.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.3 Java virus
--> g.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.31 Java virus
--> Globals.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2013-2465.G.Gen exploit
--> h.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.32 Java virus
--> i.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.33 Java virus
--> j.class
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.25 Java virus
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\19254b21-7e9f9d39
[DETECTION] Contains recognition pattern of the JAVA/Obfus.xza.25 Java virus
[NOTE] The file was moved to the quarantine directory under the name '57630189.qua'.
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2d89b452-5bcbdcf5
[DETECTION] Is the TR/Crypt.ZPACK.48857 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ffe2e72.qua'.


End of the scan: Friday, February 07, 2014 23:16
Used time: 2:04:50 Hour(s)

The scan has been done completely.

40856 Scanned directories
720313 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
720301 Files not concerned
4359 Archives were scanned
0 Warnings
2 Notes
-------------------------------------------------------


I think Avira found something else that it couldn't remove on a previous scan:

-----------------------------------------------------------
Avira AntiVir Personal
Report file date: Friday, February 07, 2014 15:31

Scanning for 6419219 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PETE-PC

Version information:
BUILD.DAT : 10.2.0.2100 36757 Bytes 6/24/2013 22:26:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/29/2011 02:31:49
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/29/2011 02:31:49
LUKE.DLL : 10.3.0.5 45416 Bytes 6/29/2011 02:31:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:50
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/29/2011 02:31:50
AVREG.DLL : 10.3.0.9 88833 Bytes 7/12/2011 13:26:30
VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 17:16:55
VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 15:57:07
VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 22:51:30
VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 15:30:47
VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 14:28:09
VBASE005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 21:52:22
VBASE006.VDF : 7.11.103.230 2293248 Bytes 9/24/2013 18:33:52
VBASE007.VDF : 7.11.116.38 5485568 Bytes 11/28/2013 19:53:19
VBASE008.VDF : 7.11.126.50 3615744 Bytes 1/22/2014 20:23:14
VBASE009.VDF : 7.11.128.174 2030080 Bytes 2/3/2014 18:11:34
VBASE010.VDF : 7.11.128.175 2048 Bytes 2/3/2014 18:11:34
VBASE011.VDF : 7.11.128.176 2048 Bytes 2/3/2014 18:11:34
VBASE012.VDF : 7.11.128.177 2048 Bytes 2/3/2014 18:11:34
VBASE013.VDF : 7.11.128.178 2048 Bytes 2/3/2014 18:11:34
VBASE014.VDF : 7.11.129.9 211456 Bytes 2/4/2014 18:11:39
VBASE015.VDF : 7.11.129.163 215040 Bytes 2/6/2014 18:10:04
VBASE016.VDF : 7.11.129.164 2048 Bytes 2/6/2014 18:10:04
VBASE017.VDF : 7.11.129.165 2048 Bytes 2/6/2014 18:10:04
VBASE018.VDF : 7.11.129.166 2048 Bytes 2/6/2014 18:10:04
VBASE019.VDF : 7.11.129.167 2048 Bytes 2/6/2014 18:10:04
VBASE020.VDF : 7.11.129.168 2048 Bytes 2/6/2014 18:10:04
VBASE021.VDF : 7.11.129.169 2048 Bytes 2/6/2014 18:10:04
VBASE022.VDF : 7.11.129.170 2048 Bytes 2/6/2014 18:10:04
VBASE023.VDF : 7.11.129.171 2048 Bytes 2/6/2014 18:10:04
VBASE024.VDF : 7.11.129.172 2048 Bytes 2/6/2014 18:10:04
VBASE025.VDF : 7.11.129.173 2048 Bytes 2/6/2014 18:10:04
VBASE026.VDF : 7.11.129.174 2048 Bytes 2/6/2014 18:10:04
VBASE027.VDF : 7.11.129.175 2048 Bytes 2/6/2014 18:10:04
VBASE028.VDF : 7.11.129.176 2048 Bytes 2/6/2014 18:10:04
VBASE029.VDF : 7.11.129.177 2048 Bytes 2/6/2014 18:10:04
VBASE030.VDF : 7.11.129.178 2048 Bytes 2/6/2014 18:10:04
VBASE031.VDF : 7.11.130.6 261632 Bytes 2/7/2014 18:10:40
Engineversion : 8.2.14.2
AEVDF.DLL : 8.1.3.4 102774 Bytes 6/13/2013 17:59:07
AESCRIPT.DLL : 8.1.4.186 520574 Bytes 2/7/2014 18:10:41
AESCN.DLL : 8.1.10.6 131447 Bytes 12/12/2013 20:20:10
AESBX.DLL : 8.2.20.6 1331575 Bytes 1/13/2014 18:17:40
AERDL.DLL : 8.2.0.138 704888 Bytes 12/2/2013 19:53:02
AEPACK.DLL : 8.3.3.12 774521 Bytes 1/23/2014 20:23:06
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 8/8/2013 13:59:11
AEHEUR.DLL : 8.1.4.904 6455674 Bytes 2/7/2014 18:10:41
AEHELP.DLL : 8.1.27.10 266618 Bytes 11/22/2013 19:53:30
AEGEN.DLL : 8.1.7.22 446839 Bytes 1/16/2014 14:10:56
AEEXP.DLL : 8.4.1.202 434552 Bytes 2/7/2014 18:10:42
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 16:37:51
AECORE.DLL : 8.1.34.0 229753 Bytes 2/5/2014 18:12:08
AEBB.DLL : 8.1.1.4 53619 Bytes 11/8/2012 00:44:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:58
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/29/2011 02:31:49
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 06:03:15
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/29/2011 02:31:49
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/29/2011 02:31:49
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:58
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:22
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/29/2011 02:31:49
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/29/2011 02:31:49

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_53d438f9\guard_slideup.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Friday, February 07, 2014 15:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'werfault.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'regsvr32.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'BluetoothHeadsetProxy.exe' - '1' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TVAgent.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'TSMAgent.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'FlipShareServer.exe' - '1' Module(s) have been scanned
Scan process 'FlipShareService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Pete\AppData\Local\KB9369951\KB9369951.exe'
C:\Users\Pete\AppData\Local\KB9369951\KB9369951.exe
[DETECTION] Is the TR/Crypt.ZPACK.48857 Trojan

Beginning disinfection:
C:\Users\Pete\AppData\Local\KB9369951\KB9369951.exe
[DETECTION] Is the TR/Crypt.ZPACK.48857 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5797eb94.qua'.


End of the scan: Friday, February 07, 2014 15:37
Used time: 00:10 Minute(s)

The scan has been done completely.

0 Scanned directories
35 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
34 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

----------------------------------------------------------

My computer also seems to be overheating now, so i'm not keeping it running for too long.

Thanks in advance for your help!

[Advertisements]

Hello Pete, Welcome to the forums!
. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.


Run aswMBR

• Download aswMBR.exe to your desktop.
• Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
• If it asks you if you want to download the latest virus definitions, click Yes
• Be sure the A/V Scan: is set to QuickScan
• Click the "Scan" button to start the scan
  
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Extras.txt log
2. The aswMBR.txt log

[godawgs]

Hello Pete, Welcome to the forums!
. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.


Run aswMBR

• Download aswMBR.exe to your desktop.
• Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
• If it asks you if you want to download the latest virus definitions, click Yes
• Be sure the A/V Scan: is set to QuickScan
• Click the "Scan" button to start the scan
  
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Extras.txt log
2. The aswMBR.txt log

[dogstar21]

Godawgs, thank you for your assistance and quick response. I understand the risks at play here, and will do my best to follow your directions carefully.

I had run OTL a while ago, the Extras file is from 9/10/2013 (almost 4 months ago). Let me know if you need me to clear this out and re-run from a fresh download. Here is that log:

OTL Extras logfile created on: 9/10/2013 1:01:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 31.85% Memory free
4.24 Gb Paging File | 1.43 Gb Available in Paging File | 33.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 37.30 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AE F8 EE 94 71 B3 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3889686918-3398402473-1388666377-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53A03625-E45D-4A82-90E2-F32C7B63A0B5}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{9240E818-9E91-4E85-A298-3D82BDEA1E3B}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049BF5E3-21E2-4110-A357-2A34FFF60589}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{09D923B4-6857-44B8-9F47-6D8B3DB0EF25}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{12DEEF3C-631C-4F5D-B51A-C5E4540354FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{12F31D6E-B021-4A5A-B52B-A426FC9A8A62}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{3B73BC24-502D-4211-B0C8-D37F20F9D704}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4575D613-79B9-4CB7-95EE-D2114CCE955E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{65FB6591-301A-4E68-A904-DFDF63A9924E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{6737C2D7-9757-402E-95D2-FC5BDCEB6BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{85AFA4F7-653C-4DB7-B57D-B9C314B1444D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8C92DF9A-E74B-46E2-9758-111B5ACABC3C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9E908510-C752-4700-8477-75BD02CE9A87}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A0F4E890-DA0D-47FD-9E43-768B06C8F4F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{AB60E26F-C376-4417-BD95-9BEAD0D9004D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B22E69BB-4446-43B1-8E13-09E522C21C49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B9A9848E-418A-4E22-AB2B-FFE069BA294A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{C3727FC1-18F2-4B3F-AF02-4C3AD8D8E6B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{DE312A9B-EF63-4F9A-8B1C-EB57772EC55A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FDB86963-C243-4877-9F1C-E35F058E0C54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3975CE71-3544-9FBA-56E5-2E9709E348C5}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F67AF0E-DF48-0198-E0F3-F1C9F7A6FC22}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3BFD4B3C-9105-454A-A673-E023E8BC9D56}" = Movavi VideoSuite 7
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D4E7A79-23E0-4715-867C-9D49024BFA57}" = Movavi Flash Converter
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoZone iSync" = GoZone iSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Movavi Screen Capture Studio 3" = Movavi Screen Capture Studio
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2013 1:56:07 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:56:07 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:56:12 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:56:12 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:56:14 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:58:16 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:58:16 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/11/2013 1:58:19 PM | Computer Name = Pete-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/12/2013 2:20:50 AM | Computer Name = Pete-PC | Source = VSS | ID = 8193
Description =

Error - 7/14/2013 4:56:41 AM | Computer Name = Pete-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 3/3/2010 7:03:53 PM | Computer Name = Pete-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/1/2010 9:28:19 PM | Computer Name = Pete-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:46:12 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/10/2013 12:55:59 AM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

------------------------------

I downloaded and ran aswMBR, updated virus definitions and ran the scan.

Here is the aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-09 00:05:45
-----------------------------
00:05:45.794 OS Version: Windows x64 6.0.6002 Service Pack 2
00:05:45.794 Number of processors: 2 586 0x170A
00:05:45.794 ComputerName: PETE-PC UserName: Pete
00:05:51.020 Initialize success
00:09:46.206 AVAST engine defs: 14020800
00:10:03.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:10:03.022 Disk 0 Vendor: ST9500325AS P003HPM1 Size: 476940MB BusType: 3
00:10:03.085 Disk 0 MBR read successfully
00:10:03.100 Disk 0 MBR scan
00:10:03.100 Disk 0 unknown MBR code
00:10:03.116 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464058 MB offset 2048
00:10:03.163 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12878 MB offset 950392832
00:10:03.210 Disk 0 scanning C:\Windows\system32\drivers
00:10:18.217 Service scanning
00:10:45.720 Modules scanning
00:10:45.720 Disk 0 trace - called modules:
00:10:46.063 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:10:46.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002a14790]
00:10:46.578 3 CLASSPNP.SYS[fffffa6000a47c33] -> nt!IofCallDriver -> [0xfffffa8002a13ad0]
00:10:46.578 5 hpdskflt.sys[fffffa6001bf60ee] -> nt!IofCallDriver -> [0xfffffa8002777520]
00:10:46.578 7 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002781060]
00:10:48.481 AVAST engine scan C:\Windows
00:10:52.162 AVAST engine scan C:\Windows\system32
00:15:28.298 AVAST engine scan C:\Windows\system32\drivers
00:15:57.064 AVAST engine scan C:\Users\Pete
01:16:06.795 File: C:\Users\Pete\AppData\Local\Temp\jar_cache7505802586495125021.tmp **INFECTED** Win32:Crypt-QNE [Trj]
01:16:11.148 File: C:\Users\Pete\AppData\Local\Temp\kids.dll **INFECTED** Win32:Rootkit-gen [Rtk]
01:38:34.417 AVAST engine scan C:\ProgramData
01:42:18.994 File: C:\ProgramData\nbrf3bo9.cpp **INFECTED** Win32:Rootkit-gen [Rtk]
01:47:29.528 Scan finished successfully
01:48:37.653 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
01:48:37.653 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"

[godawgs]

You are Welcome.

I had run OTL a while ago, the Extras file is from 9/10/2013 (almost 4 months ago). Let me know if you need me to clear this out and re-run from a fresh download.

I think the old one will suffice for now.


Step-1.

Disable SuperAntiSpyware

We need to disable SuperAntiSpyware so it won't interfere with our fixes. To do that:

• Start the SuperAntiSpyware program
• Click the General tab.
• Uncheck the box beside Start SuperAntiSpyware when Windows starts
• Click the Real-Time Protection tab
• Uncheck the box beside Enable Real-Time Protection
• Uncheck the box beside Enable First Chance Protection
• Click the Close button
• Restart the computer and make sure that the brown / orange bug is not in the system tray.

Step-2.

Uninstall Programs

1. Please click the Start Orb , click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

McAfee Security Scan Plus

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-3.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
IE - HKCU\..\SearchScopes,DefaultScope = {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
IE - HKCU\..\SearchScopes\{507C5830-8FFE-4A43-ACD1-9BD283C246C6}: "URL" = http://delicious.com...p={searchTerms}
FF - prefs.js..extensions.enabledAddons: hnxuzhqhha%40hnxuzhqhha.org:2.9.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
[2013/04/08 16:47:02 | 000,005,341 | ---- | M] () (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\[email protected]
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O4 - HKCU..\Run: [ElevatedDiagnostics] rundll32 File not found
O4 - HKCU..\Run: [Symantec] rundll32 File not found
O4 - HKCU..\Run: [Temp] rundll32 File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2014/02/07 09:06:12 | 000,334,076 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\9ob3frbn.zvv
[2014/02/07 09:06:00 | 000,199,569 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\nbrf3bo9.cpp
[2014/02/08 12:47:15 | 095,027,928 | ---- | M] () -- C:\ProgramData\9ob3frbn.fee
[2014/01/29 14:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/01/29 14:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/01/21 10:02:18 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/01/29 14:32:19 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/02/10 10:46:45 | 000,005,074 | ---- | C] () -- C:\ProgramData\dkelscwb.bbq
[2012/01/02 23:44:12 | 000,010,520 | -HS- | C] () -- C:\Users\Pete\AppData\Local\yua771ud6eag86cc5x238c7dmqojj2ih3qifv
[2012/01/02 23:44:12 | 000,010,520 | -HS- | C] () -- C:\ProgramData\yua771ud6eag86cc5x238c7dmqojj2ih3qifv
[2011/11/23 21:54:00 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\58A94
[2011/11/23 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\945C3
[2011/11/23 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\lEELL8ggTZqYCkU
[2011/11/23 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\mNNNyccA1uv2oF4
[2011/11/23 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\TxPP00ycS1iv
[2011/11/23 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\ynGG44amH6sWJfL

:REG
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update]

:FILES
C:\Users\Pete\AppData\Local\Temp\jar_cache7505802586495125021.tmp
C:\Users\Pete\AppData\Local\Temp\kids.dll
C:\ProgramData\nbrf3bo9.cpp

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

OR

Click here to go to the TDSSKiller download page. Click tthe Download Now EXE Version button and save the tdsskiller.exe file to the desktop.

• Double click the TDSSKiller.exe file to run the application
  
  
  
• Then click on Change parameters. A settings page will open.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
• Click the Start Scan button.
• If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Get the report by selecting Reports
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-5.

Virustotal File Upload:

To use Virustotal go Here

• Click the Choose File button in the middle of the screen. This will open a File Upload window.
• On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
  NOTE.. Only one file per scan
  
  C:\ProgramData\amjmwaey.gaf.
  
• This will put the file in the box on the Virustotal page.
• Click the Scan it! button.
• IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
• Please be patient while the file is scanned. It may take several minutes.
• Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The VirusTotal URL link
2. The OTL fixes log
3. The TDSSKiller log

[dogstar21]

I disabled SuperAnti Spyware, rebooted, unistalled McAfee, rebooted. Ran OTL fix, TDS scan, and the Virus total scan. Here are the results in the order requested (not the order performed):

1. URL for Virus Total scan: https://www.virustot...sis/1391982278/


2. OTL Fix log:

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Error: No service named McComponentHostService was found to stop!
Service\Driver key McComponentHostService not found.
File C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{507C5830-8FFE-4A43-ACD1-9BD283C246C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{507C5830-8FFE-4A43-ACD1-9BD283C246C6}\ not found.
Prefs.js: hnxuzhqhha%40hnxuzhqhha.org:2.9.2.1 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ not found.
File C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll not found.
C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\[email protected] moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
File C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Temp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\9ob3frbn.zvv moved successfully.
C:\ProgramData\nbrf3bo9.cpp moved successfully.
C:\ProgramData\9ob3frbn.fee moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\ not found.
Folder C:\Program Files\McAfee Security Scan\ not found.
C:\Users\Pete\Desktop\tdsskiller.exe moved successfully.
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\ProgramData\dkelscwb.bbq moved successfully.
C:\Users\Pete\AppData\Local\yua771ud6eag86cc5x238c7dmqojj2ih3qifv moved successfully.
C:\ProgramData\yua771ud6eag86cc5x238c7dmqojj2ih3qifv moved successfully.
C:\Users\Pete\AppData\Roaming\58A94 folder moved successfully.
C:\Users\Pete\AppData\Roaming\945C3 folder moved successfully.
C:\Users\Pete\AppData\Roaming\lEELL8ggTZqYCkU folder moved successfully.
C:\Users\Pete\AppData\Roaming\mNNNyccA1uv2oF4 folder moved successfully.
C:\Users\Pete\AppData\Roaming\TxPP00ycS1iv folder moved successfully.
C:\Users\Pete\AppData\Roaming\ynGG44amH6sWJfL folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update\ not found.
========== FILES ==========
C:\Users\Pete\AppData\Local\Temp\jar_cache7505802586495125021.tmp moved successfully.
C:\Users\Pete\AppData\Local\Temp\kids.dll moved successfully.
File\Folder C:\ProgramData\nbrf3bo9.cpp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pete
->Temp folder emptied: 346103154 bytes
->Temporary Internet Files folder emptied: 172236219 bytes
->Java cache emptied: 292849098 bytes
->FireFox cache emptied: 410780456 bytes
->Flash cache emptied: 485641 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11219099 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1575866 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,178.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02092014_144639


3. TDSKiller Log:

16:39:25.0500 0x05e8 TDSS rootkit removing tool 3.0.0.22 Feb 3 2014 16:45:35
16:39:31.0756 0x05e8 ============================================================
16:39:31.0756 0x05e8 Current date / time: 2014/02/09 16:39:31.0756
16:39:31.0756 0x05e8 SystemInfo:
16:39:31.0756 0x05e8
16:39:31.0756 0x05e8 OS Version: 6.0.6002 ServicePack: 2.0
16:39:31.0756 0x05e8 Product type: Workstation
16:39:31.0756 0x05e8 ComputerName: PETE-PC
16:39:31.0756 0x05e8 UserName: Pete
16:39:31.0756 0x05e8 Windows directory: C:\Windows
16:39:31.0756 0x05e8 System windows directory: C:\Windows
16:39:31.0756 0x05e8 Running under WOW64
16:39:31.0756 0x05e8 Processor architecture: Intel x64
16:39:31.0756 0x05e8 Number of processors: 2
16:39:31.0756 0x05e8 Page size: 0x1000
16:39:31.0756 0x05e8 Boot type: Safe boot with network
16:39:31.0756 0x05e8 ============================================================
16:39:38.0838 0x05e8 KLMD registered as C:\Windows\system32\drivers\01217621.sys
16:39:38.0932 0x05e8 System UUID: {90E01534-67C4-EA55-E098-2DAB75E5FE9A}
16:39:39.0665 0x05e8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:39:39.0665 0x05e8 ============================================================
16:39:39.0665 0x05e8 \Device\Harddisk0\DR0:
16:39:39.0665 0x05e8 MBR partitions:
16:39:39.0665 0x05e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38A5D000
16:39:39.0665 0x05e8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A5D800, BlocksNum 0x1927000
16:39:39.0665 0x05e8 ============================================================
16:39:39.0681 0x05e8 C: <-> \Device\Harddisk0\DR0\Partition1
16:39:39.0743 0x05e8 D: <-> \Device\Harddisk0\DR0\Partition2
16:39:39.0743 0x05e8 ============================================================
16:39:39.0743 0x05e8 Initialize success
16:39:39.0743 0x05e8 ============================================================
16:40:31.0301 0x06b0 ============================================================
16:40:31.0301 0x06b0 Scan started
16:40:31.0301 0x06b0 Mode: Manual; SigCheck; TDLFS;
16:40:31.0301 0x06b0 ============================================================
16:40:31.0301 0x06b0 KSN ping started
16:40:45.0575 0x06b0 KSN ping finished: true
16:40:48.0289 0x06b0 ================ Scan system memory ========================
16:40:48.0289 0x06b0 System memory - ok
16:40:48.0289 0x06b0 ================ Scan services =============================
16:40:48.0414 0x06b0 [ 7D9D615201A483D6FA99491C2E655A5A, EF24EBC4E08B555E5A90E6D560F375267137064AED1A9DC5251BB1FF2B65BA37 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:40:48.0757 0x06b0 !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
16:40:51.0347 0x06b0 Detect skipped due to KSN trusted
16:40:51.0347 0x06b0 !SASCORE - ok
16:40:51.0831 0x06b0 [ 60FBB29CCCE48B4C3A6517CAF42C3496, 8422521086227B1D9A22697AEB6A7A8FC7D7F25BAA50032565F94CCF1D14AE68 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:40:51.0846 0x06b0 Accelerometer - ok
16:40:51.0924 0x06b0 [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys
16:40:51.0940 0x06b0 ACPI - ok
16:40:52.0033 0x06b0 [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:40:52.0080 0x06b0 adp94xx - ok
16:40:52.0096 0x06b0 [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:40:52.0111 0x06b0 adpahci - ok
16:40:52.0127 0x06b0 [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:40:52.0143 0x06b0 adpu160m - ok
16:40:52.0158 0x06b0 [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:40:52.0174 0x06b0 adpu320 - ok
16:40:52.0221 0x06b0 [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:40:52.0377 0x06b0 AeLookupSvc - ok
16:40:52.0455 0x06b0 [ 7F66523A27754AFCFECAE2F5EB643A4A, 706D4BD3CA1530B26A4976F280D0614F8DD0F6B1DA00C49C400383AF30AE0490 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
16:40:52.0517 0x06b0 AESTFilters - ok
16:40:52.0626 0x06b0 [ 12415CCFD3E7CEC55B5184E67B039FE4, 0CF2F60C60AB5F5977D9D1015041FBB51BF8DB1BB14B74AD3F7C16FA61EED51B ] AFD C:\Windows\system32\drivers\afd.sys
16:40:52.0689 0x06b0 AFD - ok
16:40:52.0735 0x06b0 [ 8FE65709982F2CB7D291F6C9B2C60805, 23EE0C166082D420E09595FBC7162296E820B5712A69BA2BCBCB0AC8EED2164B ] AgereModemAudio C:\Windows\system32\agr64svc.exe
16:40:52.0782 0x06b0 AgereModemAudio - ok
16:40:52.0860 0x06b0 [ 55FCDB10E31C22EB67454AAEF42B6725, 4A02A3203573766F254643C0EC2AB1AF2BFCA49BF6E5D7627D27E93F92203379 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
16:40:53.0001 0x06b0 AgereSoftModem - ok
16:40:53.0047 0x06b0 [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:40:53.0047 0x06b0 agp440 - ok
16:40:53.0079 0x06b0 [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:40:53.0094 0x06b0 aic78xx - ok
16:40:53.0188 0x06b0 [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe
16:40:53.0359 0x06b0 ALG - ok
16:40:53.0391 0x06b0 [ E0CA5BB8E6C79533DC6B1DA7361A201E, 8AD71C49E520E0CD0A1B4F840DB77D373AD3A5F59B30B22FE0A1DF2043805168 ] aliide C:\Windows\system32\drivers\aliide.sys
16:40:53.0391 0x06b0 aliide - ok
16:40:53.0406 0x06b0 [ 7034F8D1B9703D711D3F92C95DEB377D, 5FD6F929226B81899DA57C0D40CCAB5B6D24FC913E3783236809B6110E8061B5 ] amdide C:\Windows\system32\drivers\amdide.sys
16:40:53.0406 0x06b0 amdide - ok
16:40:53.0437 0x06b0 [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:40:53.0484 0x06b0 AmdK8 - ok
16:40:53.0656 0x06b0 [ B4837FE56D76B2E9EA90E5365CF6A2BE, 4379A0BA850C787D6AD01F50D6FCEEA96E2F4800BAF1A0EEEC6BEFA6851762C1 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:40:53.0671 0x06b0 AntiVirSchedulerService - ok
16:40:53.0749 0x06b0 [ DF5A3016052755C910A206058B4A1729, 0E15807370B8EA28002D713490FD8DDD3E7FCFAE78477197CE2C0EFB5F176896 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:40:53.0765 0x06b0 AntiVirService - ok
16:40:53.0796 0x06b0 [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo C:\Windows\System32\appinfo.dll
16:40:53.0874 0x06b0 Appinfo - ok
16:40:53.0921 0x06b0 [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys
16:40:53.0937 0x06b0 arc - ok
16:40:53.0952 0x06b0 [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:40:53.0968 0x06b0 arcsas - ok
16:40:53.0999 0x06b0 [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:40:54.0061 0x06b0 AsyncMac - ok
16:40:54.0124 0x06b0 [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi C:\Windows\system32\drivers\atapi.sys
16:40:54.0139 0x06b0 atapi - ok
16:40:54.0186 0x06b0 [ 54CA8AAC988B441A692311E3B584D944, 708AA0553E94CD7234E9124F7CB0FCDA4246CAE7D8A5286E131D102E8AE2D3EF ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
16:40:54.0342 0x06b0 Ati External Event Utility - ok
16:40:54.0545 0x06b0 [ 4B42547AE95A31D0E1E200B68A6C7647, B2B840704644423795545EA0DD833DD02BA84E55B0A7F6C70F1DD33BC2FA1993 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:40:54.0873 0x06b0 atikmdag - ok
16:40:54.0982 0x06b0 [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:40:55.0060 0x06b0 AudioEndpointBuilder - ok
16:40:55.0107 0x06b0 [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:40:55.0138 0x06b0 AudioSrv - ok
16:40:55.0247 0x06b0 [ B1224E6B086CD6548315B04AB575A23E, 463762B70B698ED5C14844722F62D51219C209B5D1DFE8CB44530E27E0D8E5DC ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:40:55.0341 0x06b0 avgntflt - ok
16:40:55.0419 0x06b0 [ ED45F12CFA62B83765C9C1496758CC87, AB40622EF7B8FC9F6D7ADF953774C83AC4871E0975BBA70CB9ACB041C8F148FA ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:40:55.0434 0x06b0 avipbb - ok
16:40:55.0450 0x06b0 Beep - ok
16:40:55.0543 0x06b0 [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll
16:40:55.0590 0x06b0 BFE - ok
16:40:55.0715 0x06b0 [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\system32\qmgr.dll
16:40:55.0918 0x06b0 BITS - ok
16:40:55.0965 0x06b0 [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:40:56.0011 0x06b0 blbdrive - ok
16:40:56.0074 0x06b0 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E, 8F963BBFBCB4A87347D46BEE107852DAA3966956BCAE62C78198951252A5076C ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:40:56.0136 0x06b0 bowser - ok
16:40:56.0167 0x06b0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:40:56.0214 0x06b0 BrFiltLo - ok
16:40:56.0245 0x06b0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:40:56.0292 0x06b0 BrFiltUp - ok
16:40:56.0323 0x06b0 [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll
16:40:56.0386 0x06b0 Browser - ok
16:40:56.0448 0x06b0 [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:40:56.0620 0x06b0 Brserid - ok
16:40:56.0651 0x06b0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:40:56.0713 0x06b0 BrSerWdm - ok
16:40:56.0745 0x06b0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:40:56.0807 0x06b0 BrUsbMdm - ok
16:40:56.0838 0x06b0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:40:56.0901 0x06b0 BrUsbSer - ok
16:40:56.0994 0x06b0 [ 09F926A0D9C0BAFD8417A4307D2ED13C, 9C86FB0E328D3E14DC6A1BD64CB0E6E61D8DA437FF51399FD87DCA70FDC96C01 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:40:57.0041 0x06b0 BthEnum - ok
16:40:57.0072 0x06b0 [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:40:57.0166 0x06b0 BTHMODEM - ok
16:40:57.0197 0x06b0 [ BEFC5311736B475AC5B60C14FF7C775A, 8B9BF5486B09E10361E8C412481E684CD1B03B5C06023AD9B7C29553D51F0455 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:40:57.0244 0x06b0 BthPan - ok
16:40:57.0369 0x06b0 [ 2FF122EEB3A712FEDA238FB331F738B9, 024BBB7FCA02E3164FD1129C3E2F971966482CCB9B6E339B7C9147C8D9AC58ED ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:40:57.0447 0x06b0 BTHPORT - ok
16:40:57.0556 0x06b0 [ 22E65FFD640F16968F855F5B3528D366, 6EF7FC170E2533BD7BFF0125391757E27E3D5F05EDE1A986E4295CDCD2D9B197 ] BthServ C:\Windows\System32\bthserv.dll
16:40:57.0603 0x06b0 BthServ - ok
16:40:57.0649 0x06b0 [ 2B668E7C1616C0E931714272934C678B, 68A41C93169FA49266E43DA37892D6E15FE4F975DD704947F34E14A9B145DEBD ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:40:57.0696 0x06b0 BTHUSB - ok
16:40:57.0743 0x06b0 [ 0C5D9C8B412BE72C4535EC67A24C01DB, B88C00B81D067FD85D115C1C9AD8495539A7248920124DA40D3A02CA8E38A323 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:40:57.0759 0x06b0 btwaudio - ok
16:40:57.0774 0x06b0 [ DF18E4291C43BED05B1D0C2D5C0E96D6, 95B694E8AD45825029730E260CFD8E1E1AA0A5CECF1671226D7FFFBA6C6386EC ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:40:57.0774 0x06b0 btwavdt - ok
16:40:57.0790 0x06b0 [ 637A44C54520A9958E2E5E3EE9E26C4A, FB12D612629B54E39F2F8A0FE6255B0CAB84D3FABAE71C5F025192F4AEB082AF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:40:57.0790 0x06b0 btwrchid - ok
16:40:57.0868 0x06b0 catchme - ok
16:40:57.0899 0x06b0 [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:40:57.0946 0x06b0 cdfs - ok
16:40:58.0024 0x06b0 [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:40:58.0086 0x06b0 cdrom - ok
16:40:58.0164 0x06b0 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll
16:40:58.0211 0x06b0 CertPropSvc - ok
16:40:58.0258 0x06b0 [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:40:58.0320 0x06b0 circlass - ok
16:40:58.0367 0x06b0 [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS C:\Windows\system32\CLFS.sys
16:40:58.0398 0x06b0 CLFS - ok
16:40:58.0492 0x06b0 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:40:58.0507 0x06b0 clr_optimization_v2.0.50727_32 - ok
16:40:58.0539 0x06b0 [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:40:58.0554 0x06b0 clr_optimization_v2.0.50727_64 - ok
16:40:58.0585 0x06b0 [ B52D9A14CE4101577900A364BA86F3DF, A8AA928DDF5FE3861973D4EA03A5B700E99138236F1E8FF594293B9705BF470C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:40:58.0648 0x06b0 CmBatt - ok
16:40:58.0663 0x06b0 [ 8C6AA24C1D7273A02284588426AB8CE3, 3CF806448811542F44CDCFF20A4196D4C0FF8BF2BF5D86E6176B8AEE8DE0D721 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:40:58.0679 0x06b0 cmdide - ok
16:40:58.0741 0x06b0 [ 12E94E225BD7B05A2BCCD5C0B841E921, D7C60D6CB9182EFE0050585DB9979137F3A5CF83F4C0FD2EDA664B2C8B1D41A7 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:40:58.0757 0x06b0 Com4QLBEx - ok
16:40:58.0851 0x06b0 [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:40:58.0851 0x06b0 Compbatt - ok
16:40:58.0851 0x06b0 COMSysApp - ok
16:40:58.0866 0x06b0 [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:40:58.0882 0x06b0 crcdisk - ok
16:40:58.0944 0x06b0 [ 18918613E63F387CDE4D95CA7D49DCF7, AE2E35B183E4D517B6CE4E83B850B892E852A2E96D2488254675EC416EA57F75 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:40:59.0007 0x06b0 CryptSvc - ok
16:40:59.0116 0x06b0 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll
16:40:59.0194 0x06b0 DcomLaunch - ok
16:40:59.0303 0x06b0 [ 36CD31121F228E7E79BAE60AA45764C6, D01DF728615EFF67756E8104CD7622EA859D2EE93D48777E699178B27388390B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:40:59.0350 0x06b0 DfsC - ok
16:40:59.0506 0x06b0 [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe
16:40:59.0771 0x06b0 DFSR - ok
16:40:59.0865 0x06b0 [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:40:59.0911 0x06b0 Dhcp - ok
16:40:59.0974 0x06b0 [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys
16:40:59.0989 0x06b0 disk - ok
16:41:00.0067 0x06b0 [ 21D16B37257370975C7457C3A5EFA530, 2322DEEFBD5BC14685A41E9600D23715FEFC6FCC2412C7E219CEE8501509932C ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:41:00.0114 0x06b0 Dnscache - ok
16:41:00.0177 0x06b0 [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll
16:41:00.0223 0x06b0 dot3svc - ok
16:41:00.0270 0x06b0 [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll
16:41:00.0333 0x06b0 DPS - ok
16:41:00.0379 0x06b0 [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:41:00.0442 0x06b0 drmkaud - ok
16:41:00.0520 0x06b0 [ B8E554E502D5123BC111F99D6A2181B4, 0E2392B5A1A9F7C820BD6A45D0F35BD3269059A387AE9B4D641DABFEFADB52D8 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:41:00.0582 0x06b0 DXGKrnl - ok
16:41:00.0629 0x06b0 [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:41:00.0691 0x06b0 E1G60 - ok
16:41:00.0723 0x06b0 [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll
16:41:00.0769 0x06b0 EapHost - ok
16:41:00.0863 0x06b0 [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys
16:41:00.0879 0x06b0 Ecache - ok
16:41:00.0925 0x06b0 [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:41:00.0957 0x06b0 ehRecvr - ok
16:41:00.0972 0x06b0 [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe
16:41:01.0019 0x06b0 ehSched - ok
16:41:01.0066 0x06b0 [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll
16:41:01.0097 0x06b0 ehstart - ok
16:41:01.0144 0x06b0 [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:41:01.0175 0x06b0 elxstor - ok
16:41:01.0253 0x06b0 [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:41:01.0347 0x06b0 EMDMgmt - ok
16:41:01.0362 0x06b0 [ F218A3A27ED6592C0E22EC3595554447, 14510F0EB64314C5E1DD1D88F4C374A704EF4512ECCC411D445BCACF9B4F2B96 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
16:41:01.0409 0x06b0 enecir - ok
16:41:01.0440 0x06b0 [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:41:01.0487 0x06b0 ErrDev - ok
16:41:01.0596 0x06b0 [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll
16:41:01.0659 0x06b0 EventSystem - ok
16:41:01.0752 0x06b0 [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys
16:41:01.0815 0x06b0 exfat - ok
16:41:01.0877 0x06b0 [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:41:01.0939 0x06b0 fastfat - ok
16:41:01.0971 0x06b0 [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:41:02.0017 0x06b0 fdc - ok
16:41:02.0049 0x06b0 [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll
16:41:02.0095 0x06b0 fdPHost - ok
16:41:02.0127 0x06b0 [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll
16:41:02.0173 0x06b0 FDResPub - ok
16:41:02.0173 0x06b0 [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:41:02.0189 0x06b0 FileInfo - ok
16:41:02.0205 0x06b0 [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:41:02.0236 0x06b0 Filetrace - ok
16:41:02.0376 0x06b0 [ 869BDE240B7FE9C7B25BD80DF85641C8, 123C676A776D51BFE177475F0F0E54497EF572AFF5C184BBD1C54F74500C0E9F ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
16:41:02.0407 0x06b0 FlipShare Service - ok
16:41:02.0563 0x06b0 [ 9C330B7DDEE9492373041E75DA01F80C, FF98EE941F2E7F01A043366DDB567676668127F8D585295888E748EEA2DF405E ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
16:41:02.0704 0x06b0 FlipShareServer - detected UnsignedFile.Multi.Generic ( 1 )
16:41:05.0278 0x06b0 Detect skipped due to KSN trusted
16:41:05.0278 0x06b0 FlipShareServer - ok
16:41:05.0652 0x06b0 [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:41:05.0699 0x06b0 flpydisk - ok
16:41:05.0777 0x06b0 [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:41:05.0793 0x06b0 FltMgr - ok
16:41:05.0964 0x06b0 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA, 0209685F9802F6BA065B7BF2182EFB367920EBDDDBCFFC266A33398702B725ED ] FontCache C:\Windows\system32\FntCache.dll
16:41:06.0058 0x06b0 FontCache - ok
16:41:06.0136 0x06b0 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:41:06.0136 0x06b0 FontCache3.0.0.0 - ok
16:41:06.0167 0x06b0 [ 29D99E860A1CA0A03C6A733FDD0DA703, A5CAEFBFDD74991ECEAA068572E8FAF51BEA2CD4EB39D28EEB60D936760E3589 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:41:06.0214 0x06b0 Fs_Rec - ok
16:41:06.0245 0x06b0 [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:41:06.0245 0x06b0 gagp30kx - ok
16:41:06.0307 0x06b0 [ 2E7E49077C7BBEB2947BD6D03C8454B5, 2B0FABCEACDD039537B9B267012E112ECED12EFD4941A9606AF9E510A8A7ED3E ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
16:41:06.0323 0x06b0 GameConsoleService - ok
16:41:06.0401 0x06b0 [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc C:\Windows\System32\gpsvc.dll
16:41:06.0495 0x06b0 gpsvc - ok
16:41:06.0573 0x06b0 [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:41:06.0604 0x06b0 HdAudAddService - ok
16:41:06.0697 0x06b0 [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:41:06.0807 0x06b0 HDAudBus - ok
16:41:06.0853 0x06b0 [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:41:06.0916 0x06b0 HidBth - ok
16:41:06.0978 0x06b0 [ 5F47839455D01FF6403B008D481A6F5B, 0CC1E8EE4C3E46937DEA39EAC2498C1A89667D6828430162FDFAE845C37D7079 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:41:07.0025 0x06b0 HidIr - ok
16:41:07.0072 0x06b0 [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv C:\Windows\System32\hidserv.dll
16:41:07.0103 0x06b0 hidserv - ok
16:41:07.0119 0x06b0 [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:41:07.0165 0x06b0 HidUsb - ok
16:41:07.0197 0x06b0 [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:41:07.0228 0x06b0 hkmsvc - ok
16:41:07.0259 0x06b0 [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:41:07.0290 0x06b0 HP Health Check Service - detected UnsignedFile.Multi.Generic ( 1 )
16:41:10.0239 0x06b0 Detect skipped due to KSN trusted
16:41:10.0239 0x06b0 HP Health Check Service - ok
16:41:10.0613 0x06b0 [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:41:10.0613 0x06b0 HpCISSs - ok
16:41:10.0644 0x06b0 [ 4A435CA815A54639CA09DDF75D751EBC, CD6FA4B12EB4E692B0860C5750F9FB27CD1A108FD69E301EC162BC05C7B71D26 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:41:10.0660 0x06b0 hpdskflt - ok
16:41:10.0675 0x06b0 [ 0ECC54FD34D6A089C300846B011E81D6, 7C3F04575370912D0DB048B386D018C9F81786E4458FEFE79C19182CFA6386C0 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:41:10.0738 0x06b0 HpqKbFiltr - ok
16:41:10.0769 0x06b0 [ 188FF0ADF66768D53AD94F43972E1E9A, 01A6513C5542A29540F83CC2FAFF3B45947F35E1D78CD88E73DCE8D4E0BC3AF8 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:41:10.0800 0x06b0 hpqwmiex - detected UnsignedFile.Multi.Generic ( 1 )
16:41:13.0624 0x06b0 Detect skipped due to KSN trusted
16:41:13.0624 0x06b0 hpqwmiex - ok
16:41:13.0967 0x06b0 [ 6BF024EA61D7894BF4AF0B10A90B546E, 96E4BCCA63509CE089EC822BF7D63C351DCCF84BD99743E3FB8F45F6C0838844 ] hpsrv C:\Windows\system32\Hpservice.exe
16:41:14.0029 0x06b0 hpsrv - ok
16:41:14.0107 0x06b0 [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:41:14.0217 0x06b0 HTTP - ok
16:41:14.0232 0x06b0 [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:41:14.0248 0x06b0 i2omp - ok
16:41:14.0279 0x06b0 [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:41:14.0295 0x06b0 i8042prt - ok
16:41:14.0310 0x06b0 [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:41:14.0326 0x06b0 iaStorV - ok
16:41:14.0388 0x06b0 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:41:14.0419 0x06b0 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
16:41:17.0056 0x06b0 Detect skipped due to KSN trusted
16:41:17.0056 0x06b0 IDriverT - ok
16:41:17.0493 0x06b0 [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:41:17.0539 0x06b0 idsvc - ok
16:41:17.0586 0x06b0 [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:41:17.0586 0x06b0 iirsp - ok
16:41:17.0664 0x06b0 [ 0C9EA6E654E7B0471741E343A6C671AF, D01219C316EB5A83DA1C3562795FB9438E2EF5F580E2BC2AF66CD2C587370D7D ] IKEEXT C:\Windows\System32\ikeext.dll
16:41:17.0742 0x06b0 IKEEXT - ok
16:41:17.0773 0x06b0 [ 475490CAF376E55E6E8B37BBDFEB2E81, 7ABAC64094C794391E909B0E8C3D47F75A6D838304A29AE1580717370FE7C7C2 ] intelide C:\Windows\system32\drivers\intelide.sys
16:41:17.0773 0x06b0 intelide - ok
16:41:17.0789 0x06b0 [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:41:17.0820 0x06b0 intelppm - ok
16:41:17.0851 0x06b0 [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:41:17.0914 0x06b0 IPBusEnum - ok
16:41:17.0976 0x06b0 [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:41:18.0007 0x06b0 IpFilterDriver - ok
16:41:18.0054 0x06b0 [ CD033D871A83E918B14F43F7E7590819, 08967FB7569C2A5A13E9312F9A34FF6300BCB3120EE00730D04FF2F9D12A87F6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:41:18.0101 0x06b0 iphlpsvc - ok
16:41:18.0101 0x06b0 IpInIp - ok
16:41:18.0148 0x06b0 [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:41:18.0195 0x06b0 IPMIDRV - ok
16:41:18.0241 0x06b0 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:41:18.0288 0x06b0 IPNAT - ok
16:41:18.0319 0x06b0 [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:41:18.0366 0x06b0 IRENUM - ok
16:41:18.0397 0x06b0 [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:41:18.0397 0x06b0 isapnp - ok
16:41:18.0460 0x06b0 [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:41:18.0475 0x06b0 iScsiPrt - ok
16:41:18.0491 0x06b0 [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:41:18.0491 0x06b0 iteatapi - ok
16:41:18.0507 0x06b0 [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:41:18.0507 0x06b0 iteraid - ok
16:41:18.0553 0x06b0 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05, B3837C8AD0406B5EF0304E5C465D5582669D818C8787E5C0A7457CFF632B5E01 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
16:41:18.0585 0x06b0 JMCR - ok
16:41:18.0600 0x06b0 [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:41:18.0600 0x06b0 kbdclass - ok
16:41:18.0663 0x06b0 [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:41:18.0709 0x06b0 kbdhid - ok
16:41:18.0772 0x06b0 [ 40348DCEC0712ED42231C5F90A69A690, 2FDE32C6D48C00D29BC3A07045611AD98E76C76DF897A6D0B7FA91BC0A9FB343 ] KeyIso C:\Windows\system32\lsass.exe
16:41:18.0834 0x06b0 KeyIso - ok
16:41:18.0865 0x06b0 [ 476E2C1DCEA45895994BEF11C2A98715, 6AD7EE4278F332E4B8012E822CE74CCE0FE75A5F94BEB4C8D8DA8D677799D38E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:41:18.0897 0x06b0 KSecDD - ok
16:41:18.0943 0x06b0 [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:41:18.0990 0x06b0 ksthunk - ok
16:41:19.0068 0x06b0 [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:41:19.0146 0x06b0 KtmRm - ok
16:41:19.0240 0x06b0 [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:41:19.0318 0x06b0 LanmanServer - ok
16:41:19.0365 0x06b0 [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:41:19.0411 0x06b0 LanmanWorkstation - ok
16:41:19.0458 0x06b0 [ AC2E68E3421AF857B8D438414E7AE31C, 289642B178B3CB567F249719D0E76B5559A7EA6BAF1EC162BD4F7800DCEF1983 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:41:19.0474 0x06b0 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
16:41:22.0079 0x06b0 Detect skipped due to KSN trusted
16:41:22.0079 0x06b0 LightScribeService - ok
16:41:22.0438 0x06b0 [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:41:22.0485 0x06b0 lltdio - ok
16:41:22.0531 0x06b0 [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:41:22.0594 0x06b0 lltdsvc - ok
16:41:22.0609 0x06b0 [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts C:\Windows\System32\lmhsvc.dll
16:41:22.0672 0x06b0 lmhosts - ok
16:41:22.0719 0x06b0 [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:41:22.0719 0x06b0 LSI_FC - ok
16:41:22.0734 0x06b0 [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:41:22.0750 0x06b0 LSI_SAS - ok
16:41:22.0765 0x06b0 [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:41:22.0781 0x06b0 LSI_SCSI - ok
16:41:22.0812 0x06b0 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv C:\Windows\system32\drivers\luafv.sys
16:41:22.0843 0x06b0 luafv - ok
16:41:22.0859 0x06b0 [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:41:22.0906 0x06b0 Mcx2Svc - ok
16:41:22.0937 0x06b0 [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas C:\Windows\system32\drivers\megasas.sys
16:41:22.0953 0x06b0 megasas - ok
16:41:22.0984 0x06b0 [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:41:23.0046 0x06b0 MegaSR - ok
16:41:23.0077 0x06b0 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS C:\Windows\system32\mmcss.dll
16:41:23.0140 0x06b0 MMCSS - ok
16:41:23.0171 0x06b0 [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem C:\Windows\system32\drivers\modem.sys
16:41:23.0202 0x06b0 Modem - ok
16:41:23.0218 0x06b0 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:41:23.0249 0x06b0 monitor - ok
16:41:23.0265 0x06b0 [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:41:23.0280 0x06b0 mouclass - ok
16:41:23.0296 0x06b0 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:41:23.0327 0x06b0 mouhid - ok
16:41:23.0343 0x06b0 [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:41:23.0343 0x06b0 MountMgr - ok
16:41:23.0436 0x06b0 [ A7A117CB1104D0829466F48E17BE0A71, 040F18FC1AF72BE2B7123170C2F5F131A9518B8AA57C20F23203625D213C792B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:41:23.0452 0x06b0 MozillaMaintenance - ok
16:41:23.0467 0x06b0 [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio C:\Windows\system32\drivers\mpio.sys
16:41:23.0483 0x06b0 mpio - ok
16:41:23.0499 0x06b0 [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:41:23.0530 0x06b0 mpsdrv - ok
16:41:23.0608 0x06b0 [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:41:23.0701 0x06b0 MpsSvc - ok
16:41:23.0733 0x06b0 [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:41:23.0733 0x06b0 Mraid35x - ok
16:41:23.0748 0x06b0 [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:41:23.0764 0x06b0 MRxDAV - ok
16:41:23.0795 0x06b0 [ D58D129E26705E83A4DEBA7177EB7972, 9ABD73610B70715F01BA8831FAC7403AA27888AD5CB6BA8A6EAAC05672238EF3 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:41:23.0842 0x06b0 mrxsmb - ok
16:41:23.0904 0x06b0 [ D5BE5C14E0F1DC489F5BB2A67983F630, 3C4517984B59D5516AB3931550FDA67892B523754F56C831419FB6DAB658CFAA ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:41:23.0935 0x06b0 mrxsmb10 - ok
16:41:23.0951 0x06b0 [ 09A2990C3B293C212816C9BC0D7C200E, 6ED10B4E32E8485597929A2C56829DDCF9CDE43EE21DF50C1A7B2EFD83108CE9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:41:23.0967 0x06b0 mrxsmb20 - ok
16:41:24.0060 0x06b0 [ AA459F2AB3AB603C357FF117CAE3D818, C633178227A0C446920908967E6F2F4979BE77209C7377B9A41B90F5F31B41B3 ] msahci C:\Windows\system32\drivers\msahci.sys
16:41:24.0076 0x06b0 msahci - ok
16:41:24.0107 0x06b0 [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:41:24.0107 0x06b0 msdsm - ok
16:41:24.0138 0x06b0 [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC C:\Windows\System32\msdtc.exe
16:41:24.0185 0x06b0 MSDTC - ok
16:41:24.0185 0x06b0 [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:41:24.0232 0x06b0 Msfs - ok
16:41:24.0263 0x06b0 [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:41:24.0279 0x06b0 msisadrv - ok
16:41:24.0310 0x06b0 [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:41:24.0357 0x06b0 MSiSCSI - ok
16:41:24.0372 0x06b0 msiserver - ok
16:41:24.0388 0x06b0 [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:41:24.0450 0x06b0 MSKSSRV - ok
16:41:24.0466 0x06b0 [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:41:24.0528 0x06b0 MSPCLOCK - ok
16:41:24.0544 0x06b0 [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:41:24.0606 0x06b0 MSPQM - ok
16:41:24.0669 0x06b0 [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:41:24.0700 0x06b0 MsRPC - ok
16:41:24.0715 0x06b0 [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:41:24.0715 0x06b0 mssmbios - ok
16:41:24.0731 0x06b0 [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:41:24.0778 0x06b0 MSTEE - ok
16:41:24.0825 0x06b0 [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup C:\Windows\system32\Drivers\mup.sys
16:41:24.0840 0x06b0 Mup - ok
16:41:24.0918 0x06b0 [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent C:\Windows\system32\qagentRT.dll
16:41:24.0996 0x06b0 napagent - ok
16:41:25.0105 0x06b0 [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:41:25.0152 0x06b0 NativeWifiP - ok
16:41:25.0246 0x06b0 [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:41:25.0293 0x06b0 NDIS - ok
16:41:25.0339 0x06b0 [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:25.0386 0x06b0 NdisTapi - ok
16:41:25.0402 0x06b0 [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:25.0449 0x06b0 Ndisuio - ok
16:41:25.0480 0x06b0 [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:25.0527 0x06b0 NdisWan - ok
16:41:25.0558 0x06b0 [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:41:25.0605 0x06b0 NDProxy - ok
16:41:25.0636 0x06b0 [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:41:25.0683 0x06b0 NetBIOS - ok
16:41:25.0745 0x06b0 [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:41:25.0807 0x06b0 netbt - ok
16:41:25.0839 0x06b0 [ 40348DCEC0712ED42231C5F90A69A690, 2FDE32C6D48C00D29BC3A07045611AD98E76C76DF897A6D0B7FA91BC0A9FB343 ] Netlogon C:\Windows\system32\lsass.exe
16:41:25.0839 0x06b0 Netlogon - ok
16:41:25.0901 0x06b0 [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman C:\Windows\System32\netman.dll
16:41:25.0979 0x06b0 Netman - ok
16:41:26.0041 0x06b0 [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm C:\Windows\System32\netprofm.dll
16:41:26.0104 0x06b0 netprofm - ok
16:41:26.0151 0x06b0 [ 74751DDA198165947FD7454D83F49825, 24639B7E71D77999762BDDC65696E1EB868165C03C64278A6176B4505D0EEBB5 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:41:26.0151 0x06b0 NetTcpPortSharing - ok
16:41:26.0322 0x06b0 [ C86984AEE87900C1EEB6942EDE3BF4B6, 9C6417E464467008B89D962E64207207AFC6DE254F8B3C56A266623F3FE3D415 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
16:41:26.0650 0x06b0 NETw3v64 - ok
16:41:26.0853 0x06b0 [ BFBD278F8C9BCEC693345759AC278E14, A52F5FA2B5A4A42F0B8B631D216E7556AED13326AD97E5CF6387829E3669C106 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
16:41:27.0149 0x06b0 NETw5v64 - ok
16:41:27.0227 0x06b0 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:41:27.0243 0x06b0 nfrd960 - ok
16:41:27.0274 0x06b0 [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:41:27.0336 0x06b0 NlaSvc - ok
16:41:27.0383 0x06b0 nosGetPlusHelper - ok
16:41:27.0445 0x06b0 [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:41:27.0492 0x06b0 Npfs - ok
16:41:27.0523 0x06b0 [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi C:\Windows\system32\nsisvc.dll
16:41:27.0570 0x06b0 nsi - ok
16:41:27.0617 0x06b0 [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:41:27.0664 0x06b0 nsiproxy - ok
16:41:27.0757 0x06b0 [ BAC869DFB98E499BA4D9BB1FB43270E1, 643CEDE503F8ED0107892E4F5E7975DB668F99897BDE78E416849DF90AE8B162 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:41:27.0835 0x06b0 Ntfs - ok
16:41:27.0867 0x06b0 [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null C:\Windows\system32\drivers\Null.sys
16:41:27.0913 0x06b0 Null - ok
16:41:27.0945 0x06b0 [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:41:27.0960 0x06b0 nvraid - ok
16:41:27.0976 0x06b0 [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:41:27.0976 0x06b0 nvstor - ok
16:41:28.0007 0x06b0 [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:41:28.0023 0x06b0 nv_agp - ok
16:41:28.0023 0x06b0 NwlnkFlt - ok
16:41:28.0023 0x06b0 NwlnkFwd - ok
16:41:28.0069 0x06b0 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:41:28.0101 0x06b0 odserv - ok
16:41:28.0179 0x06b0 [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:41:28.0257 0x06b0 ohci1394 - ok
16:41:28.0335 0x06b0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:41:28.0350 0x06b0 ose - ok
16:41:28.0428 0x06b0 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:41:28.0553 0x06b0 p2pimsvc - ok
16:41:28.0600 0x06b0 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc C:\Windows\system32\p2psvc.dll
16:41:28.0631 0x06b0 p2psvc - ok
16:41:28.0693 0x06b0 [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport C:\Windows\system32\drivers\parport.sys
16:41:28.0756 0x06b0 Parport - ok
16:41:28.0818 0x06b0 [ F9B5EDA4C17A2BE7663F064DBF0FE254, F12D401156459FEAAD3AAE1021BF81E40134E22864101B25C967102B52F5CAA6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:41:28.0834 0x06b0 partmgr - ok
16:41:28.0849 0x06b0 [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc C:\Windows\System32\pcasvc.dll
16:41:28.0881 0x06b0 PcaSvc - ok
16:41:28.0959 0x06b0 [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci C:\Windows\system32\drivers\pci.sys
16:41:28.0974 0x06b0 pci - ok
16:41:28.0990 0x06b0 [ 15E5C3F89A3452EFBDA3B39816DBC4EE, 3004BE8D9D68244E8510C3E0A8913E53C760F79BB1055D73AC128D9020BAF0E7 ] pciide C:\Windows\system32\drivers\pciide.sys
16:41:28.0990 0x06b0 pciide - ok
16:41:29.0021 0x06b0 [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:41:29.0037 0x06b0 pcmcia - ok
16:41:29.0068 0x06b0 [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:41:29.0177 0x06b0 PEAUTH - ok
16:41:29.0255 0x06b0 [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:41:29.0364 0x06b0 PerfHost - ok
16:41:29.0458 0x06b0 [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla C:\Windows\system32\pla.dll
16:41:29.0583 0x06b0 pla - ok
16:41:29.0661 0x06b0 [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:41:29.0692 0x06b0 PlugPlay - ok
16:41:29.0739 0x06b0 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:41:29.0770 0x06b0 PNRPAutoReg - ok
16:41:29.0817 0x06b0 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:41:29.0863 0x06b0 PNRPsvc - ok
16:41:29.0941 0x06b0 [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:41:30.0035 0x06b0 PolicyAgent - ok
16:41:30.0129 0x06b0 [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:41:30.0175 0x06b0 PptpMiniport - ok
16:41:30.0207 0x06b0 [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor C:\Windows\system32\drivers\processr.sys
16:41:30.0269 0x06b0 Processor - ok
16:41:30.0300 0x06b0 [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc C:\Windows\system32\profsvc.dll
16:41:30.0347 0x06b0 ProfSvc - ok
16:41:30.0378 0x06b0 [ 40348DCEC0712ED42231C5F90A69A690, 2FDE32C6D48C00D29BC3A07045611AD98E76C76DF897A6D0B7FA91BC0A9FB343 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:41:30.0394 0x06b0 ProtectedStorage - ok
16:41:30.0456 0x06b0 [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:41:30.0487 0x06b0 PSched - ok
16:41:30.0550 0x06b0 [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:41:30.0612 0x06b0 ql2300 - ok
16:41:30.0659 0x06b0 [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:41:30.0675 0x06b0 ql40xx - ok
16:41:30.0753 0x06b0 [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE C:\Windows\system32\qwave.dll
16:41:30.0799 0x06b0 QWAVE - ok
16:41:30.0831 0x06b0 [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:41:30.0877 0x06b0 QWAVEdrv - ok
16:41:30.0893 0x06b0 [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:41:30.0955 0x06b0 RasAcd - ok
16:41:31.0018 0x06b0 [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto C:\Windows\System32\rasauto.dll
16:41:31.0065 0x06b0 RasAuto - ok
16:41:31.0127 0x06b0 [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:41:31.0158 0x06b0 Rasl2tp - ok
16:41:31.0174 0x06b0 [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan C:\Windows\System32\rasmans.dll
16:41:31.0205 0x06b0 RasMan - ok
16:41:31.0236 0x06b0 [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:41:31.0267 0x06b0 RasPppoe - ok
16:41:31.0330 0x06b0 [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:41:31.0345 0x06b0 RasSstp - ok
16:41:31.0361 0x06b0 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:41:31.0392 0x06b0 rdbss - ok
16:41:31.0423 0x06b0 [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:41:31.0455 0x06b0 RDPCDD - ok
16:41:31.0501 0x06b0 [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:41:31.0533 0x06b0 rdpdr - ok
16:41:31.0533 0x06b0 [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:41:31.0579 0x06b0 RDPENCDD - ok
16:41:31.0611 0x06b0 [ B1D741C87CEA8D7282146366CC9C3F81, 42247BBC6F5C87A71CC1B0F9E631AC59C8BD66A41DF4EE6FA74CA7ECC32F87E2 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:41:31.0657 0x06b0 RDPWD - ok
16:41:31.0720 0x06b0 [ BC0A4D47472B042537F4E57B950415FA, 77776364308E0CBC683033EEE8A5C865C852BF9CF8892A1771B4E180F48AC884 ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
16:41:31.0751 0x06b0 Recovery Service for Windows - ok
16:41:31.0782 0x06b0 [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:41:31.0845 0x06b0 RemoteAccess - ok
16:41:31.0923 0x06b0 [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:41:31.0985 0x06b0 RemoteRegistry - ok
16:41:32.0032 0x06b0 [ CD71E053D7260E4102D99A28F9196070, FD6E3CCB76D2700C50D2C9E98AA4D1AB97F73D9A502E2F705DA5CC5810F5A090 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:41:32.0079 0x06b0 RFCOMM - ok
16:41:32.0172 0x06b0 [ 805AE1F90C64758D19AAA001CF8CBA12, 28E389FD9D8106D922AAD0FF93107C4C2900565480ACD9E909D8C134E39E39A1 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:41:32.0203 0x06b0 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
16:41:34.0762 0x06b0 Detect skipped due to KSN trusted
16:41:34.0762 0x06b0 RichVideo - ok
16:41:35.0121 0x06b0 [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator C:\Windows\system32\locator.exe
16:41:35.0183 0x06b0 RpcLocator - ok
16:41:35.0214 0x06b0 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs C:\Windows\system32\rpcss.dll
16:41:35.0261 0x06b0 RpcSs - ok
16:41:35.0292 0x06b0 [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:41:35.0323 0x06b0 rspndr - ok
16:41:35.0370 0x06b0 [ 8B91737DA75ADD21CB1554B38089196A, 1B57F7EE1607F33D0AB28E9795E146D606E5751756C16A2181F51483BC7D5217 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
16:41:35.0433 0x06b0 RTL8169 - ok
16:41:35.0448 0x06b0 [ 40348DCEC0712ED42231C5F90A69A690, 2FDE32C6D48C00D29BC3A07045611AD98E76C76DF897A6D0B7FA91BC0A9FB343 ] SamSs C:\Windows\system32\lsass.exe
16:41:35.0464 0x06b0 SamSs - ok
16:41:35.0557 0x06b0 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:41:35.0573 0x06b0 SASDIFSV - ok
16:41:35.0589 0x06b0 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:41:35.0589 0x06b0 SASKUTIL - ok
16:41:35.0604 0x06b0 [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:41:35.0604 0x06b0 sbp2port - ok
16:41:35.0682 0x06b0 [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:41:35.0729 0x06b0 SCardSvr - ok
16:41:35.0807 0x06b0 [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule C:\Windows\system32\schedsvc.dll
16:41:35.0916 0x06b0 Schedule - ok
16:41:35.0994 0x06b0 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:41:36.0010 0x06b0 SCPolicySvc - ok
16:41:36.0057 0x06b0 [ B42EE50F7D24F837F925332EB349ECA5, 5DA793DADA7E244A48FFE3249A0271974BA31839A70173F2F14BE80673C86014 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:41:36.0088 0x06b0 sdbus - ok
16:41:36.0135 0x06b0 [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:41:36.0197 0x06b0 SDRSVC - ok
16:41:36.0213 0x06b0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:41:36.0275 0x06b0 secdrv - ok
16:41:36.0291 0x06b0 [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon C:\Windows\system32\seclogon.dll
16:41:36.0353 0x06b0 seclogon - ok
16:41:36.0384 0x06b0 [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS C:\Windows\system32\sens.dll
16:41:36.0431 0x06b0 SENS - ok
16:41:36.0447 0x06b0 [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:41:36.0509 0x06b0 Serenum - ok
16:41:36.0556 0x06b0 [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial C:\Windows\system32\drivers\serial.sys
16:41:36.0618 0x06b0 Serial - ok
16:41:36.0649 0x06b0 [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:41:36.0696 0x06b0 sermouse - ok
16:41:36.0743 0x06b0 [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv C:\Windows\system32\sessenv.dll
16:41:36.0790 0x06b0 SessionEnv - ok
16:41:36.0821 0x06b0 [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:41:36.0852 0x06b0 sffdisk - ok
16:41:36.0883 0x06b0 [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:41:36.0930 0x06b0 sffp_mmc - ok
16:41:36.0946 0x06b0 [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:41:36.0993 0x06b0 sffp_sd - ok
16:41:37.0008 0x06b0 [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:41:37.0071 0x06b0 sfloppy - ok
16:41:37.0117 0x06b0 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:41:37.0180 0x06b0 SharedAccess - ok
16:41:37.0273 0x06b0 [ 2AD15758174DCC7993FF3C00A955DD66, 55CC7A391259871444BC23CFCD0B3B884F2AD0F0C4C0D50ABFDC6D90CD0389E2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:41:37.0320 0x06b0 ShellHWDetection - ok
16:41:37.0351 0x06b0 [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:41:37.0367 0x06b0 SiSRaid2 - ok
16:41:37.0383 0x06b0 [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:41:37.0398 0x06b0 SiSRaid4 - ok
16:41:37.0492 0x06b0 [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc C:\Windows\system32\SLsvc.exe
16:41:37.0648 0x06b0 slsvc - ok
16:41:37.0679 0x06b0 [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:41:37.0710 0x06b0 SLUINotify - ok
16:41:37.0726 0x06b0 [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:41:37.0773 0x06b0 Smb - ok
16:41:37.0819 0x06b0 [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:41:37.0866 0x06b0 SNMPTRAP - ok
16:41:37.0913 0x06b0 [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr C:\Windows\system32\drivers\spldr.sys
16:41:37.0929 0x06b0 spldr - ok
16:41:37.0991 0x06b0 [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:41:38.0053 0x06b0 Spooler - ok
16:41:38.0131 0x06b0 [ 8CD33A47CA02C79038B669F31F95BDAC, 3B340F7177484CA2EF9C39FB8A60FB1D106CCC2CFE7174180DBC9AD9FF4D5936 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:41:38.0163 0x06b0 srv - ok
16:41:38.0209 0x06b0 [ 1BEDF533096C56E70F87E3E3EE02CAF5, ACA79999CAB2DEB5CCB2340A77CE0B66D7117ED19844F51060303ABDEE27C332 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:41:38.0241 0x06b0 srv2 - ok
16:41:38.0303 0x06b0 [ 2B8C340F830C465F514D966F7E6A822F, EA0E7D20A5EF27F2D970DADCA1B048FDD78B7FC1C0B093757361CC452B37AD6F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:41:38.0334 0x06b0 srvnet - ok
16:41:38.0381 0x06b0 [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:41:38.0443 0x06b0 SSDPSRV - ok
16:41:38.0490 0x06b0 [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:41:38.0521 0x06b0 SstpSvc - ok
16:41:38.0615 0x06b0 [ A400C503B256CD7C8289B2A943370415, 0E06B59D5B819E1D4C46DD72A0963050CF60021D88B0D1AB1A8A5481B2D76D87 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe
16:41:38.0631 0x06b0 STacSV - ok
16:41:38.0740 0x06b0 [ 0C2BF91CDC0575F5713A4D2D5118BC06, 5CC38CB6E81D74BE159838B1921DB31E378CF3052A2545BB64CA9B7F219173A8 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:41:38.0802 0x06b0 STHDA - ok
16:41:38.0865 0x06b0 [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc C:\Windows\System32\wiaservc.dll
16:41:38.0911 0x06b0 stisvc - ok
16:41:38.0943 0x06b0 [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:41:38.0958 0x06b0 swenum - ok
16:41:39.0021 0x06b0 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv C:\Windows\System32\swprv.dll
16:41:39.0067 0x06b0 swprv - ok
16:41:39.0114 0x06b0 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:41:39.0130 0x06b0 Symc8xx - ok
16:41:39.0130 0x06b0 [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:41:39.0145 0x06b0 Sym_hi - ok
16:41:39.0145 0x06b0 [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:41:39.0145 0x06b0 Sym_u3 - ok
16:41:39.0177 0x06b0 [ 5BFCF934891022E15404BEFE0F5ECE9F, A8680EB76904D649565A4B4760724CE4591FE22631970E2F9E81D2A021E4FA8D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:41:39.0192 0x06b0 SynTP - ok
16:41:39.0286 0x06b0 [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain C:\Windows\system32\sysmain.dll
16:41:39.0395 0x06b0 SysMain - ok
16:41:39.0442 0x06b0 [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
16:41:39.0489 0x06b0 TabletInputService - ok
16:41:39.0551 0x06b0 [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:41:39.0598 0x06b0 TapiSrv - ok
16:41:39.0629 0x06b0 [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS C:\Windows\System32\tbssvc.dll
16:41:39.0691 0x06b0 TBS - ok
16:41:39.0785 0x06b0 [ 973658A2EA9C06B2976884B9046DFC6C, 2E114184FEAA699DD60022C8EBBAC9672AE561A4B77148F705EFAAD920B97D2C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:41:39.0863 0x06b0 Tcpip - ok
16:41:39.0941 0x06b0 [ 973658A2EA9C06B2976884B9046DFC6C, 2E114184FEAA699DD60022C8EBBAC9672AE561A4B77148F705EFAAD920B97D2C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:41:40.0019 0x06b0 Tcpip6 - ok
16:41:40.0050 0x06b0 [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:41:40.0066 0x06b0 tcpipreg - ok
16:41:40.0097 0x06b0 [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:41:40.0144 0x06b0 TDPIPE - ok
16:41:40.0175 0x06b0 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:41:40.0237 0x06b0 TDTCP - ok
16:41:40.0300 0x06b0 [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:41:40.0347 0x06b0 tdx - ok
16:41:40.0378 0x06b0 [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:41:40.0378 0x06b0 TermDD - ok
16:41:40.0471 0x06b0 [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService C:\Windows\System32\termsrv.dll
16:41:40.0534 0x06b0 TermService - ok
16:41:40.0581 0x06b0 [ 2AD15758174DCC7993FF3C00A955DD66, 55CC7A391259871444BC23CFCD0B3B884F2AD0F0C4C0D50ABFDC6D90CD0389E2 ] Themes C:\Windows\system32\shsvcs.dll
16:41:40.0612 0x06b0 Themes - ok
16:41:40.0627 0x06b0 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER C:\Windows\system32\mmcss.dll
16:41:40.0659 0x06b0 THREADORDER - ok
16:41:40.0674 0x06b0 [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks C:\Windows\System32\trkwks.dll
16:41:40.0737 0x06b0 TrkWks - ok
16:41:40.0815 0x06b0 [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:41:40.0861 0x06b0 TrustedInstaller - ok
16:41:40.0893 0x06b0 [ 9E5409CD17C8BEF193AAD498F3BC2CB8, 7CCBDA9D2B34996F19714F108837F9BF10E9DCB93EBCE24451FD01C073D6BE12 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:41:40.0955 0x06b0 tssecsrv - ok
16:41:40.0986 0x06b0 [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:41:41.0033 0x06b0 tunmp - ok
16:41:41.0064 0x06b0 [ F6A4FBA7C03AC2EFD00F3301C0C1E067, 6C1A1620A244A3F0F25EABF40969C28FC1CFE98CE0FF330574DE2FF2A797FE54 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:41:41.0080 0x06b0 tunnel - ok
16:41:41.0189 0x06b0 [ 862E9DEC4B802DD58D897A151A17C527, 60F0233815955D1341B334D6E063DF2EEB100E43AC8A075840AE88EC3A1CBEB6 ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
16:41:41.0205 0x06b0 TVCapSvc - ok
16:41:41.0220 0x06b0 [ 5DCE4656BF1EBA4EB475D192F23B0B56, 79561D7D8FCA2B9DDB626643BAC094C9426D6C64C07EB9814DB3E3FFF7C0B024 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
16:41:41.0236 0x06b0 TVSched - ok
16:41:41.0267 0x06b0 [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:41:41.0283 0x06b0 uagp35 - ok
16:41:41.0314 0x06b0 [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:41:41.0361 0x06b0 udfs - ok
16:41:41.0407 0x06b0 [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:41:41.0454 0x06b0 UI0Detect - ok
16:41:41.0501 0x06b0 [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:41:41.0501 0x06b0 uliagpkx - ok
16:41:41.0548 0x06b0 [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:41:41.0563 0x06b0 uliahci - ok
16:41:41.0579 0x06b0 [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:41:41.0595 0x06b0 UlSata - ok
16:41:41.0610 0x06b0 [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:41:41.0610 0x06b0 ulsata2 - ok
16:41:41.0626 0x06b0 [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:41:41.0657 0x06b0 umbus - ok
16:41:41.0688 0x06b0 [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost C:\Windows\System32\upnphost.dll
16:41:41.0751 0x06b0 upnphost - ok
16:41:41.0782 0x06b0 [ 07E3498FC60834219D2356293DA0FECC, EBFC4AD49F110CD9135F3C0385204A2A31A8DAF654D016BA03FE1DC4F7C184DA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:41:41.0829 0x06b0 usbccgp - ok
16:41:41.0875 0x06b0 [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:41:41.0953 0x06b0 usbcir - ok
16:41:42.0000 0x06b0 [ 827E44DE934A736EA31E91D353EB126F, 0D158916645F782BDEFF0BE708CA7F4D77F762B9BE6263B6608C11ABB5F4FF9F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:41:42.0047 0x06b0 usbehci - ok
16:41:42.0078 0x06b0 [ BB35CD80A2ECECFADC73569B3D70C7D1, 8B5B7FBBE36D78B2D244D2BC2131470C120DE569F6ACFEA3B6B7C9DECE98A2B9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:41:42.0141 0x06b0 usbhub - ok
16:41:42.0187 0x06b0 [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:41:42.0250 0x06b0 usbohci - ok
16:41:42.0312 0x06b0 [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:41:42.0343 0x06b0 usbprint - ok
16:41:42.0359 0x06b0 [ EA0BF666868964FBE8CB10E50C97B9F1, 9D86C1262ADB776D8F4EB8FF70F4DD883A77DAB5029075675B4E4555059C21C8 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:41:42.0406 0x06b0 usbscan - ok
16:41:42.0453 0x06b0 [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:41:42.0499 0x06b0 USBSTOR - ok
16:41:42.0546 0x06b0 [ B2872CBF9F47316ABD0E0C74A1ABA507, E9FB3EEA1D834A035675E22A3224E4E278C4D304F6511822D83250409D62BD3A ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:41:42.0577 0x06b0 usbuhci - ok
16:41:42.0609 0x06b0 [ FC33099877790D51B0927B7039059855, 9EF33DABDBF0EEC60C63137F5FB21B27536B5923F10DF4F66621CC9864EB894E ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:41:42.0671 0x06b0 usbvideo - ok
16:41:42.0733 0x06b0 [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms C:\Windows\System32\uxsms.dll
16:41:42.0749 0x06b0 UxSms - ok
16:41:42.0780 0x06b0 [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds C:\Windows\System32\vds.exe
16:41:42.0874 0x06b0 vds - ok
16:41:42.0952 0x06b0 [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:41:42.0983 0x06b0 vga - ok
16:41:43.0045 0x06b0 [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:41:43.0092 0x06b0 VgaSave - ok
16:41:43.0108 0x06b0 [ 4F964E6828156F0EF3FA8D3A9A7895DE, 2C774979D42F2FDBFFADC8B5398B3098EE84565E1125B497BB5BAABE8300CA00 ] viaide C:\Windows\system32\drivers\viaide.sys
16:41:43.0123 0x06b0 viaide - ok
16:41:43.0186 0x06b0 [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:41:43.0201 0x06b0 volmgr - ok
16:41:43.0264 0x06b0 [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:41:43.0295 0x06b0 volmgrx - ok
16:41:43.0373 0x06b0 [ 5280AADA24AB36B01A84A6424C475C8D, 37E811CAB63880BD242E4079C245086EFAE758C028116449C2733F45B2E3B586 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:41:43.0389 0x06b0 volsnap - ok
16:41:43.0482 0x06b0 [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:41:43.0498 0x06b0 vsmraid - ok
16:41:43.0560 0x06b0 [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS C:\Windows\system32\vssvc.exe
16:41:43.0654 0x06b0 VSS - ok
16:41:43.0732 0x06b0 [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time C:\Windows\system32\w32time.dll
16:41:43.0794 0x06b0 W32Time - ok
16:41:43.0825 0x06b0 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:41:43.0888 0x06b0 WacomPen - ok
16:41:43.0966 0x06b0 [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:41:44.0013 0x06b0 Wanarp - ok
16:41:44.0013 0x06b0 [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:41:44.0044 0x06b0 Wanarpv6 - ok
16:41:44.0075 0x06b0 [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:41:44.0153 0x06b0 wcncsvc - ok
16:41:44.0184 0x06b0 [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:41:44.0231 0x06b0 WcsPlugInService - ok
16:41:44.0278 0x06b0 [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd C:\Windows\system32\drivers\wd.sys
16:41:44.0278 0x06b0 Wd - ok
16:41:44.0371 0x06b0 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:41:44.0418 0x06b0 WDC_SAM - ok
16:41:44.0465 0x06b0 [ D02E7E4567DA1E7582FBF6A91144B0DF, 04053B988801235AB6C5616AA616B6EC43E3F36882327589524B88DE19B14EF9 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:41:44.0512 0x06b0 Wdf01000 - ok
16:41:44.0527 0x06b0 [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost C:\Windows\system32\wdi.dll
16:41:44.0574 0x06b0 WdiServiceHost - ok
16:41:44.0574 0x06b0 [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost C:\Windows\system32\wdi.dll
16:41:44.0605 0x06b0 WdiSystemHost - ok
16:41:44.0668 0x06b0 [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient C:\Windows\System32\webclnt.dll
16:41:44.0699 0x06b0 WebClient - ok
16:41:44.0761 0x06b0 [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:41:44.0793 0x06b0 Wecsvc - ok
16:41:44.0824 0x06b0 [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:41:44.0839 0x06b0 wercplsupport - ok
16:41:44.0871 0x06b0 [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc C:\Windows\System32\WerSvc.dll
16:41:44.0902 0x06b0 WerSvc - ok
16:41:44.0933 0x06b0 WinDefend - ok
16:41:44.0933 0x06b0 WinHttpAutoProxySvc - ok
16:41:45.0027 0x06b0 [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:41:45.0089 0x06b0 Winmgmt - ok
16:41:45.0198 0x06b0 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM C:\Windows\system32\WsmSvc.dll
16:41:45.0541 0x06b0 WinRM - ok
16:41:45.0619 0x06b0 [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc C:\Windows\System32\wlansvc.dll
16:41:45.0713 0x06b0 Wlansvc - ok
16:41:45.0729 0x06b0 [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:41:45.0744 0x06b0 WmiAcpi - ok
16:41:45.0822 0x06b0 [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:41:45.0838 0x06b0 wmiApSrv - ok
16:41:45.0885 0x06b0 WMPNetworkSvc - ok
16:41:45.0900 0x06b0 [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:41:45.0963 0x06b0 WPCSvc - ok
16:41:45.0994 0x06b0 [ A27C8F92D84E2DDC151978E4692C978E, B0CFB3DA19827E170E6A29AD023C29D70F73EF648CE1344A5E0AFD2002287024 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:41:46.0056 0x06b0 WPDBusEnum - ok
16:41:46.0119 0x06b0 [ 6329D1990DB931073B86AB5946D8E317, F33581D21659A274BF5C0762E24A7DBEEB6380AB6ED0FACD76F1BD2858C4DA49 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:41:46.0165 0x06b0 WpdUsb - ok
16:41:46.0212 0x06b0 [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:41:46.0259 0x06b0 ws2ifsl - ok
16:41:46.0306 0x06b0 [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc C:\Windows\system32\wscsvc.dll
16:41:46.0321 0x06b0 wscsvc - ok
16:41:46.0321 0x06b0 WSearch - ok
16:41:46.0509 0x06b0 [ FB3796754FE00F0BDC87A36F164A5F4D, 0CA7A6B5EF94AA55C780487C753984A68F780CE82F175DC32B70C0AB00B7A71D ] wuauserv C:\Windows\system32\wuaueng.dll
16:41:46.0633 0x06b0 wuauserv - ok
16:41:46.0711 0x06b0 [ 501A65252617B495C0F1832F908D54D8, CB18A80EAB2F23579D1D38B12CD04CF579C6D0B73127A1E88305CC0488D40B2C ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:41:46.0743 0x06b0 WUDFRd - ok
16:41:46.0774 0x06b0 [ 6CBD51FF913C851D56ED9DC7F2A27DDE, 736C66A944F3D37464052211B2728AD53D31CB631CD33B9E094C00D76BF17399 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:41:46.0805 0x06b0 wudfsvc - ok
16:41:46.0899 0x06b0 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:41:46.0945 0x06b0 YahooAUService - ok
16:41:46.0992 0x06b0 [ 07F7285220307AAFB755D890295F0F9A, 101654B40D61DF19D302611B3C1441C72ADAC3ED9318EFE91E8854B19123ACE0 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
16:41:47.0070 0x06b0 yukonx64 - ok
16:41:47.0117 0x06b0 [ 1CACFEF9E5DD866C5B79A135EE729E18, D46DBD2FA4B21F1EE9452EBBCBA143AB5BF83E2C9C8ACF25CEDBEFE02B4EA97D ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
16:41:47.0133 0x06b0 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
16:41:47.0133 0x06b0 ================ Scan global ===============================
16:41:47.0179 0x06b0 [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
16:41:47.0257 0x06b0 [ 36F234FD1AA7BAE559BB1C483FC76286, 1A354222D6AB6718390979273FB1A96D01B1688386F22628AEBFF5F049711D62 ] C:\Windows\system32\winsrv.dll
16:41:47.0304 0x06b0 [ 36F234FD1AA7BAE559BB1C483FC76286, 1A354222D6AB6718390979273FB1A96D01B1688386F22628AEBFF5F049711D62 ] C:\Windows\system32\winsrv.dll
16:41:47.0335 0x06b0 [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
16:41:47.0351 0x06b0 [ Global ] - ok
16:41:47.0351 0x06b0 ================ Scan MBR ==================================
16:41:47.0367 0x06b0 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
16:41:47.0772 0x06b0 \Device\Harddisk0\DR0 - ok
16:41:47.0772 0x06b0 ================ Scan VBR ==================================
16:41:47.0835 0x06b0 [ 1349200D4DA9910E61661D0F8A4FED02 ] \Device\Harddisk0\DR0\Partition1
16:41:47.0835 0x06b0 \Device\Harddisk0\DR0\Partition1 - ok
16:41:47.0835 0x06b0 [ D10B88BBEB2787637748A66FB5FDF5EC ] \Device\Harddisk0\DR0\Partition2
16:41:47.0835 0x06b0 \Device\Harddisk0\DR0\Partition2 - ok
16:41:47.0835 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:48.0849 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:49.0863 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:50.0877 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:51.0891 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:52.0905 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:53.0919 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:54.0933 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:55.0947 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:56.0961 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:57.0975 0x06b0 Waiting for KSN requests completion. In queue: 125
16:41:58.0989 0x06b0 Waiting for KSN requests completion. In queue: 125
16:42:00.0003 0x06b0 Waiting for KSN requests completion. In queue: 125
16:42:01.0017 0x06b0 Waiting for KSN requests completion. In queue: 125
16:42:02.0483 0x06b0 AV detected via SS2: AntiVir Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 10.0.0.0 ), 0x41000 ( enabled : updated )
16:42:02.0530 0x06b0 Win FW state via NFP2: disabled
16:42:05.0026 0x06b0 ============================================================
16:42:05.0026 0x06b0 Scan finished
16:42:05.0026 0x06b0 ============================================================
16:42:05.0026 0x0680 Detected object count: 0
16:42:05.0026 0x0680 Actual detected object count: 0
16:42:48.0487 0x0128 Deinitialize success

[godawgs]

Thanks for the logs. the OTL fix did it's job. TDSSKiller was clean. No rootkits found. Let's get some additional scans.


Step-1.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-2.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.

• Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.
  
  
  
• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[R0].txt log
2. The FSS.txt log

[dogstar21]

Ran the 2 scans, and did NOT delete the files that were Pending in AdWareCleaner.

1. Adware Cleaner log:
# AdwCleaner v3.018 - Report created 09/02/2014 at 17:41:13
# Updated 28/01/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Pete - PETE-PC
# Running from : C:\Users\Pete\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\invalidprefs.js
File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2745 octets] - [09/02/2014 17:41:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2805 octets] ##########



2. FSS Log:
Farbar Service Scanner Version: 02-02-2014
Ran by Pete (administrator) on 09-02-2014 at 17:44:00
Running from "C:\Users\Pete\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-12-05 11:32] - [2009-04-10 22:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-03-03 12:26] - [2010-06-16 12:11] - 1426816 ____A (Microsoft Corporation) 973658A2EA9C06B2976884B9046DFC6C

C:\Windows\System32\dnsrslvr.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2010-05-10 20:01] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0223744 ____A (Microsoft Corporation) CD033D871A83E918B14F43F7E7590819

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[godawgs]

The infection has affected a lot of Windows services.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

• Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
• Click the Scan button and wait for the scan to complete.
• When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

• Right click the JRT icon and click Run as Administrator to run the application.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

ESET Service Repair

• Download Service Repair (from Eset) and save to your Desktop.
  
• Double click the icon to run the program. If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
• Click the Yes button to start the Services Repairs
  
  
  
• Follow the prompts to repair the services. Once the ServicesRepair utility finishes running click Yes to restart your computer.
  
  
  
• The tool will create a folder called CC Support in the same diretory (your desktop) the tool is run. Send me the CC Support\Logs\SvcRepair.txt in your next reply.

Step-4

Re-run Farbar Service Scanner

• Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.
  
  
  
• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Step-5.

I have changed the settings in OTL to get a more in-depth scan and a current Extras.txt log. Please read them carefully.

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
base services
%SYSTEMDRIVE%\*.exe
/md5start
rundll32.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console.<---Very Important
• Click the box beside Include 64bit Scans at the top of the console.
• Make sure the Output box at the top is set to Standard Output.
• In the Extra Registry section, click the radio button beside Use SafeList.<---Very Important
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be the C:\Users\Pete\Downloads folder).
• Please copy the contents of these files and paste them into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Repaet for the Extras.txt log.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The SvcRepair.txt log
4. The new FSS.txt log
5. The new OTL.txt log
6. The new Extras.txt log

[dogstar21]

Just a note - i have only been starting my computer in SAFE mode, and will continue to do so until otherwise instructed by you.

Here are the logs requested:

1. Adware Cleaner Log:

createrestorepoint
netsvcs
base services
%SYSTEMDRIVE%\*.exe
/md5start
rundll32.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. JRT.txt contents:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Pete on Sun 02/09/2014 at 18:36:17.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pete\AppData\Roaming\mozilla\firefox\profiles\4z05qces.default\minidumps [43 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/09/2014 at 18:39:17.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. SvcRepair.txt log

Log Opened: 2014-02-09 @ 18:44:37
18:44:37 - -----------------
18:44:37 - | Begin Logging |
18:44:37 - -----------------
18:44:37 - Fix started on a WIN_VISTA X64 computer
18:44:37 - Prep in progress. Please Wait.
18:44:39 - Prep complete
18:44:39 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
18:44:40 - Services Repair Complete.
18:44:53 - Reboot Initiated


4. new FSS.txt log

Farbar Service Scanner Version: 02-02-2014
Ran by Pete (administrator) on 09-02-2014 at 18:49:21
Running from "C:\Users\Pete\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-12-05 11:32] - [2009-04-10 22:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-03-03 12:26] - [2010-06-16 12:11] - 1426816 ____A (Microsoft Corporation) 973658A2EA9C06B2976884B9046DFC6C

C:\Windows\System32\dnsrslvr.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2010-05-10 20:01] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0223744 ____A (Microsoft Corporation) CD033D871A83E918B14F43F7E7590819

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

5. new OTL.txt log

OTL logfile created on: 2/9/2014 6:55:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.75% Memory free
4.22 Gb Paging File | 3.71 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 290.86 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 13:20:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]

[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/09 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/12 18:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/05 13:20:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084


========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951

========== Files - Modified Within 30 Days ==========

[2014/02/09 18:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/08 23:54:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/08 23:53:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 23:53:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 13:25:38 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/08 13:06:44 | 000,189,440 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/08 12:52:18 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/08 12:52:18 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/08 12:52:18 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
[2014/01/20 19:32:42 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk

========== Files Created - No Company Name ==========

[2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,189,440 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/30 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/27 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2010/05/12 10:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/21 23:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2009/08/19 12:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< base services >
[2006/11/02 10:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 10:42:03 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/19 11:29:59 | 000,000,330 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForPete.job

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\ERDNT\cache86\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: RUNDLL32.EXE >
[2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=10446646D128E580C46615338E74E672 -- C:\Windows\SysNative\rundll32.exe
[2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=10446646D128E580C46615338E74E672 -- C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_31ed2b17665cf346\rundll32.exe
[2006/11/02 04:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=4B555106290BD117334E9A08761C035A -- C:\Windows\SysWOW64\rundll32.exe
[2006/11/02 04:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=4B555106290BD117334E9A08761C035A -- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe

< MD5 for: RUNDLL32.EXE.MUI >
[2006/11/02 10:13:36 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=1D081AC21359C3A42B0B46191F0ADA13 -- C:\Windows\SysNative\en-US\rundll32.exe.mui
[2006/11/02 10:13:36 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=1D081AC21359C3A42B0B46191F0ADA13 -- C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a6b35c4854d71c73\rundll32.exe.mui
[2006/11/02 10:13:45 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=E23EE8B895BF05358427768C62A06C9B -- C:\Windows\SysWOW64\en-US\rundll32.exe.mui
[2006/11/02 10:13:45 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=E23EE8B895BF05358427768C62A06C9B -- C:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_4a94c0c49c79ab3d\rundll32.exe.mui

< MD5 for: RUNDLL32.EXE-0130F235.PF >
[2014/02/06 18:23:03 | 000,041,074 | ---- | M] () MD5=A840B2F76CBF87F0AD2C82BBC59DCE9C -- C:\Windows\Prefetch\RUNDLL32.EXE-0130F235.pf

< MD5 for: RUNDLL32.EXE-0569809E.PF >
[2014/02/06 18:23:13 | 000,040,540 | ---- | M] () MD5=1E67247A322FF12DBDD1823F88971329 -- C:\Windows\Prefetch\RUNDLL32.EXE-0569809E.pf

< MD5 for: RUNDLL32.EXE-05DEA4C3.PF >
[2014/02/07 12:11:43 | 000,222,886 | ---- | M] () MD5=95C03C1852BE61A19CEFD078DCC7BF8A -- C:\Windows\Prefetch\RUNDLL32.EXE-05DEA4C3.pf

< MD5 for: RUNDLL32.EXE-089D0DDE.PF >
[2014/02/06 18:23:04 | 000,039,454 | ---- | M] () MD5=1B02ACF3F9716ACCE30045735F3AA77F -- C:\Windows\Prefetch\RUNDLL32.EXE-089D0DDE.pf

< MD5 for: RUNDLL32.EXE-0FF87189.PF >
[2014/02/06 18:19:08 | 000,034,712 | ---- | M] () MD5=AD94D90CB16EF20FD78FF3DD86A6652A -- C:\Windows\Prefetch\RUNDLL32.EXE-0FF87189.pf

< MD5 for: RUNDLL32.EXE-100286AC.PF >
[2014/02/06 18:23:23 | 000,038,496 | ---- | M] () MD5=CDE3C79FBE38A2AA8780608FEC45DC2B -- C:\Windows\Prefetch\RUNDLL32.EXE-100286AC.pf

< MD5 for: RUNDLL32.EXE-10519788.PF >
[2014/02/06 18:23:00 | 000,038,696 | ---- | M] () MD5=746803D57EE535B42C7ACEDAC4AC5DB8 -- C:\Windows\Prefetch\RUNDLL32.EXE-10519788.pf

< MD5 for: RUNDLL32.EXE-116B0857.PF >
[2014/02/06 18:19:03 | 000,039,646 | ---- | M] () MD5=D0418DCD4E4CBDFCDCA3A0539548FBA4 -- C:\Windows\Prefetch\RUNDLL32.EXE-116B0857.pf

< MD5 for: RUNDLL32.EXE-126263C5.PF >
[2014/02/06 18:23:03 | 000,038,758 | ---- | M] () MD5=204363E1AB376A0E83D0F461B9CCD681 -- C:\Windows\Prefetch\RUNDLL32.EXE-126263C5.pf

< MD5 for: RUNDLL32.EXE-164BA327.PF >
[2014/02/06 18:23:08 | 000,040,426 | ---- | M] () MD5=1D606992E927F9216048A5642401B2FB -- C:\Windows\Prefetch\RUNDLL32.EXE-164BA327.pf

< MD5 for: RUNDLL32.EXE-1ACEA696.PF >
[2014/02/06 18:23:12 | 000,040,882 | ---- | M] () MD5=89486E7BB70AEFEC56A9C18C286AAED5 -- C:\Windows\Prefetch\RUNDLL32.EXE-1ACEA696.pf

< MD5 for: RUNDLL32.EXE-1F0BC7BB.PF >
[2014/02/06 18:23:17 | 000,035,670 | ---- | M] () MD5=01304F7140A9EF6A6F95D41EED89F5F7 -- C:\Windows\Prefetch\RUNDLL32.EXE-1F0BC7BB.pf

< MD5 for: RUNDLL32.EXE-20F94C55.PF >
[2014/02/06 18:23:20 | 000,039,626 | ---- | M] () MD5=33D49FFC3401341422F0D7E06B1E7CEB -- C:\Windows\Prefetch\RUNDLL32.EXE-20F94C55.pf

< MD5 for: RUNDLL32.EXE-2B7A08C4.PF >
[2014/02/06 18:19:07 | 000,037,298 | ---- | M] () MD5=A240AC945AA028D6BCD27981065DAD02 -- C:\Windows\Prefetch\RUNDLL32.EXE-2B7A08C4.pf

< MD5 for: RUNDLL32.EXE-3B47BEBD.PF >
[2014/02/06 18:19:11 | 000,042,332 | ---- | M] () MD5=7084EBF8A07F60A71DCC54B0364B54DE -- C:\Windows\Prefetch\RUNDLL32.EXE-3B47BEBD.pf

< MD5 for: RUNDLL32.EXE-3CD2264E.PF >
[2014/02/06 18:19:07 | 000,038,960 | ---- | M] () MD5=68A6D4B9277807D6D96FF8C1DEA7D0EE -- C:\Windows\Prefetch\RUNDLL32.EXE-3CD2264E.pf

< MD5 for: RUNDLL32.EXE-3D756D65.PF >
[2014/02/06 18:23:25 | 000,035,804 | ---- | M] () MD5=E90CB48B2809017A521F2676F6953381 -- C:\Windows\Prefetch\RUNDLL32.EXE-3D756D65.pf

< MD5 for: RUNDLL32.EXE-40488F38.PF >
[2014/02/06 18:19:08 | 000,038,900 | ---- | M] () MD5=8D381E8BBBBBA78D8F8E8247D8B62420 -- C:\Windows\Prefetch\RUNDLL32.EXE-40488F38.pf

< MD5 for: RUNDLL32.EXE-421FACC5.PF >
[2014/02/06 18:23:17 | 000,036,086 | ---- | M] () MD5=4F048A8BDC3F73176890A39E1F3C6777 -- C:\Windows\Prefetch\RUNDLL32.EXE-421FACC5.pf

< MD5 for: RUNDLL32.EXE-4446971D.PF >
[2014/02/06 18:23:15 | 000,040,792 | ---- | M] () MD5=FA7F1266265BE8F31887EC2114D259C2 -- C:\Windows\Prefetch\RUNDLL32.EXE-4446971D.pf

< MD5 for: RUNDLL32.EXE-44AA0796.PF >
[2014/02/06 18:23:15 | 000,040,544 | ---- | M] () MD5=FAF69A13D4ABD4F84E5F5B6F58B5A31F -- C:\Windows\Prefetch\RUNDLL32.EXE-44AA0796.pf

< MD5 for: RUNDLL32.EXE-48FCD7EB.PF >
[2014/02/06 18:23:05 | 000,038,686 | ---- | M] () MD5=3E4187EF012668A13731BA905C27F2A1 -- C:\Windows\Prefetch\RUNDLL32.EXE-48FCD7EB.pf

< MD5 for: RUNDLL32.EXE-49A3EBD2.PF >
[2014/02/06 18:22:59 | 000,036,306 | ---- | M] () MD5=5A8F3E12DDF1E6DC04D96B70AFE8887B -- C:\Windows\Prefetch\RUNDLL32.EXE-49A3EBD2.pf

< MD5 for: RUNDLL32.EXE-4C2ACA83.PF >
[2014/02/06 18:19:09 | 000,038,288 | ---- | M] () MD5=C7ADF809817C59E4BA916BAE4A7314DD -- C:\Windows\Prefetch\RUNDLL32.EXE-4C2ACA83.pf

< MD5 for: RUNDLL32.EXE-565255D3.PF >
[2014/02/06 18:23:04 | 000,039,162 | ---- | M] () MD5=2AC136CB2943274CEF3C26CE0FEA7D80 -- C:\Windows\Prefetch\RUNDLL32.EXE-565255D3.pf

< MD5 for: RUNDLL32.EXE-58863F79.PF >
[2014/02/07 11:20:58 | 000,032,460 | ---- | M] () MD5=82F0039FCE433C738EE02CC1F11D0AF7 -- C:\Windows\Prefetch\RUNDLL32.EXE-58863F79.pf

< MD5 for: RUNDLL32.EXE-63964989.PF >
[2014/02/06 18:23:10 | 000,043,314 | ---- | M] () MD5=2D30553369FE6E29ACFF1C7D34C8F940 -- C:\Windows\Prefetch\RUNDLL32.EXE-63964989.pf

< MD5 for: RUNDLL32.EXE-639CD7E3.PF >
[2014/02/06 18:23:05 | 000,039,742 | ---- | M] () MD5=BA08CF940054270AA8F61686759E07EA -- C:\Windows\Prefetch\RUNDLL32.EXE-639CD7E3.pf

< MD5 for: RUNDLL32.EXE-64DA5FB2.PF >
[2014/02/06 18:23:22 | 000,042,404 | ---- | M] () MD5=039D2E23218C3083A0C6BCE2C0AFDC09 -- C:\Windows\Prefetch\RUNDLL32.EXE-64DA5FB2.pf

< MD5 for: RUNDLL32.EXE-68804F16.PF >
[2014/02/06 18:23:20 | 000,039,108 | ---- | M] () MD5=5D5D1A270A243EA829147FFF83C1ACA8 -- C:\Windows\Prefetch\RUNDLL32.EXE-68804F16.pf

< MD5 for: RUNDLL32.EXE-6A0AEE16.PF >
[2014/02/06 18:23:08 | 000,038,322 | ---- | M] () MD5=1689355628B84BAA78BE8939B5FF177A -- C:\Windows\Prefetch\RUNDLL32.EXE-6A0AEE16.pf

< MD5 for: RUNDLL32.EXE-6C7F9794.PF >
[2014/02/06 18:19:10 | 000,037,598 | ---- | M] () MD5=258242D75F721D1FAE5DBE73E02CDACF -- C:\Windows\Prefetch\RUNDLL32.EXE-6C7F9794.pf

< MD5 for: RUNDLL32.EXE-6CC1A142.PF >
[2014/02/06 18:23:02 | 000,038,240 | ---- | M] () MD5=67349DFB08B80B4B0103E760BF3F5FD9 -- C:\Windows\Prefetch\RUNDLL32.EXE-6CC1A142.pf

< MD5 for: RUNDLL32.EXE-6FE66E24.PF >
[2014/02/06 18:19:01 | 000,040,186 | ---- | M] () MD5=B7E1550A295BAB85C9DE09A1310CEC1E -- C:\Windows\Prefetch\RUNDLL32.EXE-6FE66E24.pf

< MD5 for: RUNDLL32.EXE-7B33F858.PF >
[2014/02/06 18:23:06 | 000,040,114 | ---- | M] () MD5=85B09FA722A1300AA7A415327D64CA5E -- C:\Windows\Prefetch\RUNDLL32.EXE-7B33F858.pf

< MD5 for: RUNDLL32.EXE-7DB5B5CA.PF >
[2014/02/06 18:23:01 | 000,041,832 | ---- | M] () MD5=35D48F700619F8450E2D0F17B3217A85 -- C:\Windows\Prefetch\RUNDLL32.EXE-7DB5B5CA.pf

< MD5 for: RUNDLL32.EXE-81535C41.PF >
[2014/02/06 18:23:08 | 000,037,398 | ---- | M] () MD5=B333B5C70E71E09D47DA52FD47A9413F -- C:\Windows\Prefetch\RUNDLL32.EXE-81535C41.pf

< MD5 for: RUNDLL32.EXE-81E1ADBB.PF >
[2014/02/06 18:23:07 | 000,040,234 | ---- | M] () MD5=D1787746779CF3FF50249639AB3223C3 -- C:\Windows\Prefetch\RUNDLL32.EXE-81E1ADBB.pf

< MD5 for: RUNDLL32.EXE-84353A26.PF >
[2014/02/06 18:22:58 | 000,038,950 | ---- | M] () MD5=A3C574CB257E0E75D60623C6249610E4 -- C:\Windows\Prefetch\RUNDLL32.EXE-84353A26.pf

< MD5 for: RUNDLL32.EXE-8C04C7FD.PF >
[2014/02/06 18:23:25 | 000,038,404 | ---- | M] () MD5=A382FDC4697620EB5595CD15010421F6 -- C:\Windows\Prefetch\RUNDLL32.EXE-8C04C7FD.pf

< MD5 for: RUNDLL32.EXE-9191C3AD.PF >
[2014/02/06 18:23:24 | 000,034,928 | ---- | M] () MD5=033C588AD72F9FBE6405F33AEE6E2A07 -- C:\Windows\Prefetch\RUNDLL32.EXE-9191C3AD.pf

< MD5 for: RUNDLL32.EXE-927CA77D.PF >
[2014/02/06 18:19:03 | 000,038,854 | ---- | M] () MD5=46A0C0B669F0851D980686023E640265 -- C:\Windows\Prefetch\RUNDLL32.EXE-927CA77D.pf

< MD5 for: RUNDLL32.EXE-93032198.PF >
[2014/02/06 18:23:11 | 000,038,120 | ---- | M] () MD5=2CBC24E37E9A8E32841D3D1EB4B7A08D -- C:\Windows\Prefetch\RUNDLL32.EXE-93032198.pf

< MD5 for: RUNDLL32.EXE-94F8439F.PF >
[2014/02/06 18:23:21 | 000,039,572 | ---- | M] () MD5=8A9B2533C5DE85A167B0CA5E44CA1519 -- C:\Windows\Prefetch\RUNDLL32.EXE-94F8439F.pf

< MD5 for: RUNDLL32.EXE-9DC696D6.PF >
[2014/02/06 18:23:12 | 000,041,840 | ---- | M] () MD5=CBB161DCAB10496EB15362DF45BC6126 -- C:\Windows\Prefetch\RUNDLL32.EXE-9DC696D6.pf

< MD5 for: RUNDLL32.EXE-A788D517.PF >
[2014/02/06 18:23:05 | 000,038,686 | ---- | M] () MD5=79C29978EB049A19BBA61ED0D4B33EFC -- C:\Windows\Prefetch\RUNDLL32.EXE-A788D517.pf

< MD5 for: RUNDLL32.EXE-AC63C603.PF >
[2014/02/06 18:23:07 | 000,035,394 | ---- | M] () MD5=5EFD0892BD3AD340B55A2DF4D6510046 -- C:\Windows\Prefetch\RUNDLL32.EXE-AC63C603.pf

< MD5 for: RUNDLL32.EXE-AFAE3D04.PF >
[2014/02/06 18:23:10 | 000,047,284 | ---- | M] () MD5=10DAE17B92C224B7D71982ADD3812D92 -- C:\Windows\Prefetch\RUNDLL32.EXE-AFAE3D04.pf

< MD5 for: RUNDLL32.EXE-B12896B3.PF >
[2014/02/06 18:19:12 | 000,036,196 | ---- | M] () MD5=7D01C6890A12BA43DD11423F69C79FB4 -- C:\Windows\Prefetch\RUNDLL32.EXE-B12896B3.pf

< MD5 for: RUNDLL32.EXE-B1A5A77F.PF >
[2014/02/06 18:23:19 | 000,043,056 | ---- | M] () MD5=8EF9759107C1EED7CAEDAFC18EFDE296 -- C:\Windows\Prefetch\RUNDLL32.EXE-B1A5A77F.pf

< MD5 for: RUNDLL32.EXE-B90EF116.PF >
[2014/02/06 18:23:00 | 000,038,506 | ---- | M] () MD5=6F0236CA5F38DC909FF26AA35A232627 -- C:\Windows\Prefetch\RUNDLL32.EXE-B90EF116.pf

< MD5 for: RUNDLL32.EXE-C06C9DE2.PF >
[2014/02/06 18:19:06 | 000,037,170 | ---- | M] () MD5=BC27D09F1A8FBAEE167A193962894F17 -- C:\Windows\Prefetch\RUNDLL32.EXE-C06C9DE2.pf

< MD5 for: RUNDLL32.EXE-C66FAC93.PF >
[2014/02/06 18:19:11 | 000,034,338 | ---- | M] () MD5=51ABB6D99E94ECDA19E6FD54279DDF06 -- C:\Windows\Prefetch\RUNDLL32.EXE-C66FAC93.pf

< MD5 for: RUNDLL32.EXE-C8108D2E.PF >
[2014/02/06 18:23:16 | 000,038,474 | ---- | M] () MD5=A2925A3F938CCED66E71BA5981D0408D -- C:\Windows\Prefetch\RUNDLL32.EXE-C8108D2E.pf

< MD5 for: RUNDLL32.EXE-C90759EE.PF >
[2014/02/06 18:19:06 | 000,039,222 | ---- | M] () MD5=7DB53012E1ED332692FA999C79274397 -- C:\Windows\Prefetch\RUNDLL32.EXE-C90759EE.pf

< MD5 for: RUNDLL32.EXE-CA8E0199.PF >
[2014/02/06 18:22:57 | 000,039,258 | ---- | M] () MD5=9ECC4799471697494A6F0EC5471E54DC -- C:\Windows\Prefetch\RUNDLL32.EXE-CA8E0199.pf

< MD5 for: RUNDLL32.EXE-CF11C209.PF >
[2014/02/06 18:19:09 | 000,040,448 | ---- | M] () MD5=B3D278031CE2C35F0CA856283C6AE6A6 -- C:\Windows\Prefetch\RUNDLL32.EXE-CF11C209.pf

< MD5 for: RUNDLL32.EXE-D24D41B1.PF >
[2014/02/06 18:19:05 | 000,037,110 | ---- | M] () MD5=DC932F4E8F3E19F268C1B6C393634CCC -- C:\Windows\Prefetch\RUNDLL32.EXE-D24D41B1.pf

< MD5 for: RUNDLL32.EXE-D33E0B0E.PF >
[2014/02/06 18:23:24 | 000,035,240 | ---- | M] () MD5=33A83F893F1F278D256724331E5EC887 -- C:\Windows\Prefetch\RUNDLL32.EXE-D33E0B0E.pf

< MD5 for: RUNDLL32.EXE-DCBDD709.PF >
[2014/02/06 18:23:17 | 000,037,748 | ---- | M] () MD5=1345C9C464F9260E6D52836CCD857EF0 -- C:\Windows\Prefetch\RUNDLL32.EXE-DCBDD709.pf

< MD5 for: RUNDLL32.EXE-DCCB84D0.PF >
[2014/02/06 18:22:59 | 000,038,014 | ---- | M] () MD5=EA22AC226EEA7BF0C38C43BEAEF220AB -- C:\Windows\Prefetch\RUNDLL32.EXE-DCCB84D0.pf

< MD5 for: RUNDLL32.EXE-DF33719D.PF >
[2014/02/06 18:19:05 | 000,039,838 | ---- | M] () MD5=0CE4F85EEF211B0D63F36D3C37AAAAF3 -- C:\Windows\Prefetch\RUNDLL32.EXE-DF33719D.pf

< MD5 for: RUNDLL32.EXE-E27D247B.PF >
[2014/02/06 18:23:06 | 000,037,218 | ---- | M] () MD5=8BC4232B81EC89B27494A415FFDEBCA0 -- C:\Windows\Prefetch\RUNDLL32.EXE-E27D247B.pf

< MD5 for: RUNDLL32.EXE-E3F8B487.PF >
[2014/02/06 18:23:16 | 000,036,924 | ---- | M] () MD5=7A20015283A5FEBAB7FBF698262EF432 -- C:\Windows\Prefetch\RUNDLL32.EXE-E3F8B487.pf

< MD5 for: RUNDLL32.EXE-E447C111.PF >
[2014/02/07 11:46:07 | 000,025,922 | ---- | M] () MD5=FEBC33C4AB3FB4D066A6136001797674 -- C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf

< MD5 for: RUNDLL32.EXE-E796C1C7.PF >
[2014/02/06 18:22:58 | 000,040,006 | ---- | M] () MD5=F1B7EA5B843E75129EC7239059A53648 -- C:\Windows\Prefetch\RUNDLL32.EXE-E796C1C7.pf

< MD5 for: RUNDLL32.EXE-EAC8E090.PF >
[2014/02/06 18:23:09 | 000,034,938 | ---- | M] () MD5=35CA0D6A9E32B929266259D6A7CF9DEA -- C:\Windows\Prefetch\RUNDLL32.EXE-EAC8E090.pf

< MD5 for: RUNDLL32.EXE-F4B9375C.PF >
[2014/02/06 18:19:10 | 000,036,174 | ---- | M] () MD5=AFF4967707E0EF0CAAEDB19773164A70 -- C:\Windows\Prefetch\RUNDLL32.EXE-F4B9375C.pf

< MD5 for: RUNDLL32.EXE-F768AF69.PF >
[2014/02/06 18:19:02 | 000,044,348 | ---- | M] () MD5=5BAD2526EC7398E150A9029C59230DB7 -- C:\Windows\Prefetch\RUNDLL32.EXE-F768AF69.pf

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 58A9-45C3
Directory of C:\
11/02/2006 10:42 AM <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 10:42 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 10:42 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 10:42 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 10:42 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 10:42 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 10:42 AM <SYMLINKD> All Users [c:\ProgramData]
11/02/2006 10:42 AM <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 10:42 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 10:42 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 10:42 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 10:42 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 10:42 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
11/02/2006 10:42 AM <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
11/02/2006 10:42 AM <JUNCTION> My Documents [c:\Users\Default\Documents]
11/02/2006 10:42 AM <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 10:42 AM <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 10:42 AM <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 10:42 AM <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 10:42 AM <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 10:42 AM <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
11/02/2006 10:42 AM <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 10:42 AM <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 10:42 AM <JUNCTION> My Music [c:\Users\Default\Music]
11/02/2006 10:42 AM <JUNCTION> My Pictures [c:\Users\Default\Pictures]
11/02/2006 10:42 AM <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Pete
08/19/2009 11:07 AM <JUNCTION> Application Data [C:\Users\Pete\AppData\Roaming]
08/19/2009 11:07 AM <JUNCTION> Cookies [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies]
08/19/2009 11:07 AM <JUNCTION> Local Settings [C:\Users\Pete\AppData\Local]
08/19/2009 11:07 AM <JUNCTION> My Documents [C:\Users\Pete\Documents]
08/19/2009 11:07 AM <JUNCTION> NetHood [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/19/2009 11:07 AM <JUNCTION> PrintHood [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/19/2009 11:07 AM <JUNCTION> Recent [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Recent]
08/19/2009 11:07 AM <JUNCTION> SendTo [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\SendTo]
08/19/2009 11:07 AM <JUNCTION> Start Menu [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu]
08/19/2009 11:07 AM <JUNCTION> Templates [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Pete\AppData\Local
08/19/2009 11:07 AM <JUNCTION> Application Data [C:\Users\Pete\AppData\Local]
08/19/2009 11:07 AM <JUNCTION> History [C:\Users\Pete\AppData\Local\Microsoft\Windows\History]
08/19/2009 11:07 AM <JUNCTION> Temporary Internet Files [C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Pete\Documents
08/19/2009 11:07 AM <JUNCTION> My Music [C:\Users\Pete\Music]
08/19/2009 11:07 AM <JUNCTION> My Pictures [C:\Users\Pete\Pictures]
08/19/2009 11:07 AM <JUNCTION> My Videos [C:\Users\Pete\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 10:42 AM <JUNCTION> My Music [c:\Users\Public\Music]
11/02/2006 10:42 AM <JUNCTION> My Pictures [c:\Users\Public\Pictures]
11/02/2006 10:42 AM <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/13/2009 12:20 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/13/2009 12:20 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/13/2009 12:20 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/13/2009 12:20 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/13/2009 12:20 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/13/2009 12:20 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/13/2009 12:20 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/13/2009 12:20 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
01/13/2009 12:20 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/13/2009 12:20 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/13/2009 12:20 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/13/2009 12:20 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/13/2009 12:20 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/13/2009 12:20 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/13/2009 12:20 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/13/2009 12:20 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/13/2009 12:20 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/13/2009 12:20 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/13/2009 12:20 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
01/13/2009 12:20 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/13/2009 12:20 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/13/2009 12:20 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
79 Dir(s) 312,283,451,392 bytes free

< End of report >


6. new Extras.txt log:

OTL Extras logfile created on: 2/9/2014 6:55:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.75% Memory free
4.22 Gb Paging File | 3.71 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 290.86 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AE F8 EE 94 71 B3 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3889686918-3398402473-1388666377-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53A03625-E45D-4A82-90E2-F32C7B63A0B5}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{9240E818-9E91-4E85-A298-3D82BDEA1E3B}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049BF5E3-21E2-4110-A357-2A34FFF60589}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{09D923B4-6857-44B8-9F47-6D8B3DB0EF25}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{12DEEF3C-631C-4F5D-B51A-C5E4540354FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{12F31D6E-B021-4A5A-B52B-A426FC9A8A62}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{3B73BC24-502D-4211-B0C8-D37F20F9D704}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4575D613-79B9-4CB7-95EE-D2114CCE955E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{65FB6591-301A-4E68-A904-DFDF63A9924E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{6737C2D7-9757-402E-95D2-FC5BDCEB6BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{85AFA4F7-653C-4DB7-B57D-B9C314B1444D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8C92DF9A-E74B-46E2-9758-111B5ACABC3C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9E908510-C752-4700-8477-75BD02CE9A87}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A0F4E890-DA0D-47FD-9E43-768B06C8F4F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{AB60E26F-C376-4417-BD95-9BEAD0D9004D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B22E69BB-4446-43B1-8E13-09E522C21C49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B9A9848E-418A-4E22-AB2B-FFE069BA294A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{C3727FC1-18F2-4B3F-AF02-4C3AD8D8E6B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{DE312A9B-EF63-4F9A-8B1C-EB57772EC55A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FDB86963-C243-4877-9F1C-E35F058E0C54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3975CE71-3544-9FBA-56E5-2E9709E348C5}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F67AF0E-DF48-0198-E0F3-F1C9F7A6FC22}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3BFD4B3C-9105-454A-A673-E023E8BC9D56}" = Movavi VideoSuite 7
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D4E7A79-23E0-4715-867C-9D49024BFA57}" = Movavi Flash Converter
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoZone iSync" = GoZone iSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Movavi Screen Capture Studio 3" = Movavi Screen Capture Studio
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2014 7:42:57 PM | Computer Name = Pete-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/9/2014 7:43:08 PM | Computer Name = Pete-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/9/2014 7:47:07 PM | Computer Name = Pete-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/9/2014 7:47:19 PM | Computer Name = Pete-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/9/2014 7:42:59 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2014 7:43:02 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2014 7:43:08 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2014 7:43:08 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/9/2014 7:46:59 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2014 7:47:07 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2014 7:47:10 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2014 7:47:12 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2014 7:47:20 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2014 7:47:20 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

[godawgs]

I didn't realize that you were still booting into Safe mode. Please reboot the computer into normal mode and let me know how it is running.
Also you didn't post the AdwCleaner[S0].txt log. You posted the OTL script instead. Please post the AdwCleaner[S0].txt log.

[dogstar21]

Sorry about missing the AdWare log. Could've swore i copy/pasted it. Here it is:

# AdwCleaner v3.018 - Report created 09/02/2014 at 18:31:18
# Updated 28/01/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Pete - PETE-PC
# Running from : C:\Users\Pete\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2893 octets] - [09/02/2014 17:41:13]
AdwCleaner[R1].txt - [2953 octets] - [09/02/2014 18:27:23]
AdwCleaner[S0].txt - [2701 octets] - [09/02/2014 18:31:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2761 octets] ##########



Computer is running in normal mode. I get some .dll errors when i start up (which i had been getting even prior to the recent rootkit), but overall, seems to be running "normally" (i was never too pleased with this laptop's performance - HP had loaded it up with a bunch of garbage when i bought it).

[godawgs]

Thanks for the log.

Computer is running in normal mode. I get some .dll errors when i start up (which i had been getting even prior to the recent rootkit), but overall, seems to be running "normally"

Glad we are making progress. Can you tell me what the dll errors are?

(i was never too pleased with this laptop's performance - HP had loaded it up with a bunch of garbage when i bought it).

Maybe we can help with some of that too.

Some of the services still aren't running and there are some Legacy Registry keys that need replacing.
It might be helpful if you print these instructions or save them to a text file so you can refer to them as you complete each step.

Step-1.

A.
Download the following attached registry files and save them to your desktop:

[attachment=69021:legacy_sdrsvc.reg]
[attachment=69018:legacy_wscsvc.reg]
[attachment=69019:BITS.reg]


B.
Download the attached start_services.bat file and save it to the desktop.

[attachment=69020:start_services.bat]

C.
Close the browser and all open windows.


Step-2.

Back up the Services Registry key

• Click the Start Orb.
• In the Start Search box type regedit and press the Enter key. The Registry Editor will open.
• Click the down arrow beside HKEY_LOCAL_MACHINE
• Click the down arrow beside SYSTEM
• Click the down arrow beside Current Control Set
• Right click the Services folder and click Export. An Export Registry file window will open.
• Click Desktop in the left colum. This will save the registry file to the desktop.
• In the File name: box type servicesbak
• In the Save as type: box make sure it says Registration files (* .reg)
• Click the Save button. This will put a registry file named servicesbak.reg on the desktop.
• Close the Registry Editor.

Step-3.

• Back on the desktop, locate the first .reg file. Right click on it and click Merge. OK any prompts you may get. You should get message telling you that the file was merged successfully.
• Repeat this for each .reg file you downloaded.
• When all of the files have been merged, reboot the computer.

Step-4.

Right click the start_services.bat file on the desktop and click Run as Administrator. OK any UAC prompts to run the fix. A command window will open briefly, then close. This is quite normal.
When the batch file has finished, Windows should automatically restart the computer. If it doesn't, manually reboot the computer.


Step-5.

Re-run the Farbar Service Scanner using the directions in Step 4 of post #8


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you had any problems merging the Registry files of running the batch file.
2. The new FSS.txt log

[dogstar21]

Can you tell me what the dll errors are?

These are the errors i get during startup (i don't recall the .cpp error previously):
--------------------------------------

Error loading C:PROGRA~3\nbrf3bo9.cpp

The specified module could not be found.
-------------------------------------

The module
"C:\Users\Pete\AppData\Local\Gstion\hzlnits.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.

--------------------------------------

The module
"C:\Users\Pete\AppData\Local..\DMCComponent.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.


---------------------------------------
The module
"C:\Users\Pete\AppData\Local\IDT\ssqnuxtvb.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.

---------------------------------------
The module
"C:\Users\Pete\AppData\Local\Gstion\SyncServer.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.
---------------------------------------

Working through the steps you sent me now.

[dogstar21]

I downloaded the files in step 1, saved the file in step 2, but when i got to step 3, i was unable to Merge the first file. I didn't try the other 2 since i wasn't sure if they were sequential.

Here is the error message i got after i clicked OK when prompted to authorize the action:

Cannot import C:\Users\Pete\Desktop\legacy_sdrsvc.reg: Error accessing the registry.

[godawgs]

Check Hard Disk For Errors:

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

• Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
• Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
• On the File menu, click Save
• On the Save AS window that comes up, do the following:
  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type testhd.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save
  This will put a new file on the Desktop named testhd.bat
  The file icon will look like this:
  
  
  Close all open windows and any open Browsers.
  
• Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
• When the command window has closed there will be a new file on the desktop named checkhd.txt
• Copy and paste the contents of the checkhd.txt file in your next reply.