Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slowing to a crawl [Solved]


  • This topic is locked This topic is locked

#1
Jdpowell

Jdpowell

    Member

  • Member
  • PipPip
  • 75 posts

It's difficult to open any programs.  When I tried to run OTL it stopped and was not responding.  I could not close the program and when I hit ctrl+alt+delete it started running again.  That's a good symptom of the whole thing.

 

OTL logfile created on: 8/27/2014 3:29:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mary Jo\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
893.76 Mb Total Physical Memory | 259.11 Mb Available Physical Memory | 28.99% Memory free
2.01 Gb Paging File | 0.99 Gb Available in Paging File | 49.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.36 Gb Total Space | 47.49 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.01 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
 
Computer Name: MARYJO-PC | User Name: Mary Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/27 15:27:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Jo\Downloads\OTL.exe
PRC - [2014/07/30 12:32:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/07/08 17:17:23 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/08/12 23:15:18 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe
PRC - [2010/12/13 13:59:10 | 000,360,448 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/01 11:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/30 12:32:04 | 003,800,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/07/08 17:17:20 | 017,029,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_145.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2014/07/30 12:32:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/08 17:17:27 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/01 16:11:12 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/12 23:15:18 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe -- (DictionaryBossService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/06 21:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/04 02:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0CC7B3D7-9212-40EB-92F2-5A297DE146CA}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKLM\..\SearchScopes\{4142FB87-24E0-4BC9-92C3-3065E33EEE36}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{41B359D3-69B3-49EA-9AD1-ECF6847CE104}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.accessnorthga.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0CC7B3D7-9212-40EB-92F2-5A297DE146CA}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\..\SearchScopes\{4142FB87-24E0-4BC9-92C3-3065E33EEE36}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{41B359D3-69B3-49EA-9AD1-ECF6847CE104}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.accessnorthga.com/"
FF - prefs.js..extensions.enabledAddons: v4ffxtbr%40DictionaryBoss.com:6.66.4.32989
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DictionaryBoss\bar\1.bin [2013/08/12 23:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/05/31 21:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Extensions
[2014/08/07 18:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions
[2014/08/07 18:17:54 | 000,000,000 | ---D | M] (DictionaryBoss) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected]
[2014/05/27 17:14:40 | 000,009,605 | ---- | M] () -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\searchplugins\ask-web-search.xml
[2014/07/30 12:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/30 12:32:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2011\ReminderApp.exe File not found
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.159.64.23 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE37579E-4852-45EB-B982-1BB7C3613DA7}: DhcpNameServer = 24.178.162.3 24.159.64.23 66.189.0.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/28 04:15:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/16 10:27:12 | 000,619,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/16 10:27:12 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/16 10:27:09 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/16 10:26:41 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/15 16:09:17 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/15 16:09:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/15 16:09:15 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/15 16:09:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/15 16:08:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/15 16:08:16 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/15 16:08:16 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/15 16:08:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/15 16:08:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/15 16:08:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/08/15 16:08:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/08/15 16:08:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/15 16:08:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/15 16:08:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/15 16:08:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/15 16:08:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/15 16:08:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/08/15 16:07:11 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/30 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\Mary Jo\Documents\*.tmp files -> C:\Users\Mary Jo\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/27 15:26:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/27 15:14:53 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 15:14:53 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 15:14:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/27 15:13:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/27 15:11:53 | 000,497,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/27 15:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/27 13:17:16 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/08/16 12:04:32 | 000,642,498 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/16 12:04:32 | 000,119,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Users\Mary Jo\Documents\*.tmp files -> C:\Users\Mary Jo\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2007/12/09 15:04:21 | 000,008,816 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/11/17 11:37:44 | 000,003,584 | ---- | C] () -- C:\Users\Mary Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/30 18:44:43 | 000,025,119 | ---- | C] () -- C:\Users\Mary Jo\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/09/27 11:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Mary Jo\AppData\Roaming\wklnhst.dat
[2007/09/24 21:22:15 | 001,971,984 | ---- | C] () -- C:\Users\Mary Jo\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

There was another log produced when you first ran OTL called Extras.txt and it will be located in the same place you ran OTL from. In this case, here: C:\Users\Mary Jo\Downloads. Please post that log in your next reply along with the other requested logs.

Also, please move OTL.exe from C:\Users\Mary Jo\Downloads to your desktop. It works better from there. :)


Please run the following steps and post each log as a separate reply to me in this thread.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2013/08/12 23:15:18 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe -- (DictionaryBossService)
FF - prefs.js..extensions.enabledAddons: v4ffxtbr%40DictionaryBoss.com:6.66.4.32989
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DictionaryBoss\bar\1.bin [2013/08/12 23:15:40 | 000,000,000 | ---D | M]
[2014/08/07 18:17:54 | 000,000,000 | ---D | M] (DictionaryBoss) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected]
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2011\ReminderApp.exe File not found
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe (MindSpark)
O33 - MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a

:Files
C:\Program Files\DictionaryBoss

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

OTL Fix Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

  • 0

#3
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

OTL Extras logfile created on: 8/27/2014 3:29:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mary Jo\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
893.76 Mb Total Physical Memory | 259.11 Mb Available Physical Memory | 28.99% Memory free
2.01 Gb Paging File | 0.99 Gb Available in Paging File | 49.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.36 Gb Total Space | 47.49 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.01 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
 
Computer Name: MARYJO-PC | User Name: Mary Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AE27F7-7645-4F47-B1F7-54FA68D72431}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{198D9211-8BC1-4342-9BAD-BB1B4BA48100}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{7C86AFCD-E2C5-43E8-A932-368F45708E26}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{81365755-CC76-4486-B6A4-CA7F4EB7B82E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8571CEF0-B5FD-4572-8907-1D0610315C63}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C9EDB1A8-17FE-4115-A66E-603D481F24EA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DC1E6CB6-6FDF-4E58-8E8F-E926972D2116}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0E6A6C8-2351-4AA9-8055-3EE3E85B722B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E108F155-97AC-40C1-A0E3-FA6CCF250E6D}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{F8D7EE02-DA75-49D4-AE0D-572261283C6B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FD2930-C361-47F6-822E-71B021526778}" = HP Support Solutions Framework
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"ATT-PRT22" = ATT-PRT22
"ATT-RC" = ATT-RC Self Support Tool
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DictionaryBossbar Uninstall Firefox" = DictionaryBoss Firefox Toolbar
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"WildTangent hpdesktop Master Uninstall" = My HP Games
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/10/2014 5:21:59 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/10/2014 5:21:59 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/10/2014 5:21:59 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/10/2014 5:21:59 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/10/2014 5:21:59 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/10/2014 5:21:59 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/15/2014 10:44:00 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/15/2014 10:44:01 PM | Computer Name = MaryJo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/27/2014 12:42:20 PM | Computer Name = MaryJo-PC | Source = VSS | ID = 8194
Description =
 
Error - 8/27/2014 12:59:54 PM | Computer Name = MaryJo-PC | Source = VSS | ID = 8194
Description =
 
[ System Events ]
Error - 8/27/2014 12:32:01 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/27/2014 12:32:01 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/27/2014 12:32:01 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 8/27/2014 2:47:36 PM | Computer Name = MaryJo-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:43:48 PM on 8/27/2014 was unexpected.
 
Error - 8/27/2014 2:49:09 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/27/2014 2:49:09 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/27/2014 2:49:09 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 8/27/2014 3:12:35 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/27/2014 3:12:35 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/27/2014 3:12:35 PM | Computer Name = MaryJo-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

 

 

OTL logfile created on: 8/27/2014 3:29:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mary Jo\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
893.76 Mb Total Physical Memory | 259.11 Mb Available Physical Memory | 28.99% Memory free
2.01 Gb Paging File | 0.99 Gb Available in Paging File | 49.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.36 Gb Total Space | 47.49 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.01 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
 
Computer Name: MARYJO-PC | User Name: Mary Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/27 15:27:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Jo\Downloads\OTL.exe
PRC - [2014/07/30 12:32:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/07/08 17:17:23 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/08/12 23:15:18 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe
PRC - [2010/12/13 13:59:10 | 000,360,448 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/01 11:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/30 12:32:04 | 003,800,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/07/08 17:17:20 | 017,029,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_145.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2014/07/30 12:32:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/08 17:17:27 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/01 16:11:12 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/12 23:15:18 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe -- (DictionaryBossService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/06 21:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/04 02:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0CC7B3D7-9212-40EB-92F2-5A297DE146CA}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKLM\..\SearchScopes\{4142FB87-24E0-4BC9-92C3-3065E33EEE36}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{41B359D3-69B3-49EA-9AD1-ECF6847CE104}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.accessnorthga.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0CC7B3D7-9212-40EB-92F2-5A297DE146CA}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\..\SearchScopes\{4142FB87-24E0-4BC9-92C3-3065E33EEE36}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{41B359D3-69B3-49EA-9AD1-ECF6847CE104}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.accessnorthga.com/"
FF - prefs.js..extensions.enabledAddons: v4ffxtbr%40DictionaryBoss.com:6.66.4.32989
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DictionaryBoss\bar\1.bin [2013/08/12 23:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/05/31 21:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Extensions
[2014/08/07 18:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions
[2014/08/07 18:17:54 | 000,000,000 | ---D | M] (DictionaryBoss) -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected]
[2014/05/27 17:14:40 | 000,009,605 | ---- | M] () -- C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\searchplugins\ask-web-search.xml
[2014/07/30 12:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/30 12:32:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2011\ReminderApp.exe File not found
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.159.64.23 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE37579E-4852-45EB-B982-1BB7C3613DA7}: DhcpNameServer = 24.178.162.3 24.159.64.23 66.189.0.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/28 04:15:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/16 10:27:12 | 000,619,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/16 10:27:12 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/16 10:27:09 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/16 10:26:41 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/15 16:09:17 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/15 16:09:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/15 16:09:15 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/15 16:09:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/15 16:08:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/15 16:08:16 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/15 16:08:16 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/15 16:08:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/15 16:08:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/15 16:08:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/08/15 16:08:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/08/15 16:08:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/15 16:08:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/15 16:08:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/15 16:08:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/15 16:08:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/15 16:08:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/08/15 16:07:11 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/30 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\Mary Jo\Documents\*.tmp files -> C:\Users\Mary Jo\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/27 15:26:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/27 15:14:53 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 15:14:53 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 15:14:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/27 15:13:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/27 15:11:53 | 000,497,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/27 15:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/27 13:17:16 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/08/16 12:04:32 | 000,642,498 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/16 12:04:32 | 000,119,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Users\Mary Jo\Documents\*.tmp files -> C:\Users\Mary Jo\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2007/12/09 15:04:21 | 000,008,816 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/11/17 11:37:44 | 000,003,584 | ---- | C] () -- C:\Users\Mary Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/30 18:44:43 | 000,025,119 | ---- | C] () -- C:\Users\Mary Jo\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/09/27 11:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Mary Jo\AppData\Roaming\wklnhst.dat
[2007/09/24 21:22:15 | 001,971,984 | ---- | C] () -- C:\Users\Mary Jo\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Mary Jo on Thu 08/28/2014 at 14:23:24.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0CC7B3D7-9212-40EB-92F2-5A297DE146CA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4142FB87-24E0-4BC9-92C3-3065E33EEE36}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0CC7B3D7-9212-40EB-92F2-5A297DE146CA}

 

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mary Jo\Local Settings\Application Data\dictionaryboss"
Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Mary Jo\AppData\Roaming\mozilla\firefox\profiles\8qeltcfb.default\searchplugins\ask-web-search.xml
Successfully deleted the following from C:\Users\Mary Jo\AppData\Roaming\mozilla\firefox\profiles\8qeltcfb.default\prefs.js

user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
user_pref("extensions.toolbar.mindspark._v4Members_.BUTTON_STRUCTURE", "[{\"b\":221356380,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221356381,\"c\":\"mindspark.enterse
user_pref("extensions.toolbar.mindspark._v4Members_.firstKnownVersion", "5.71.2.59608");
user_pref("extensions.toolbar.mindspark._v4Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=D7537C99-FE3A-43D6-898F-48235875151B&n=77fd0579&p2=^XQ^xdm003^YYA^us&si=
user_pref("extensions.toolbar.mindspark._v4Members_.hp.enabled", false);
user_pref("extensions.toolbar.mindspark._v4Members_.hp.lastGuardTime", 1974425834);
user_pref("extensions.toolbar.mindspark._v4Members_.hp.numGuards", 1);
user_pref("extensions.toolbar.mindspark._v4Members_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._v4Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._v4Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.installDate", "2013070713");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.partnerId", "^XQ^xdm003^YYA^us");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.partnerSubId", "CKG7kKnvnbgCFdKe4AodZ0cAow");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._v4Members_.installation.toolbarId", "D7537C99-FE3A-43D6-898F-48235875151B");
user_pref("extensions.toolbar.mindspark._v4Members_.isCompliantUninstallImplementation", true);
user_pref("extensions.toolbar.mindspark._v4Members_.lastActivePing", "1409234287296");
user_pref("extensions.toolbar.mindspark._v4Members_.lastKnownVersion", "6.66.4.32989");
user_pref("extensions.toolbar.mindspark._v4Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._v4Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._v4Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._v4Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._v4Members_.searchHistory", "");
user_pref("extensions.toolbar.mindspark._v4Members_.toolbarCollapsed", true);
user_pref("extensions.toolbar.mindspark._v4Members_.weather.location", "30501");
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Emptied folder: C:\Users\Mary Jo\AppData\Roaming\mozilla\firefox\profiles\8qeltcfb.default\minidumps [1509 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/28/2014 at 14:30:02.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner and TDSSKiller coming next


  • 0

#4
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

# AdwCleaner v3.308 - Report created 28/08/2014 at 14:45:17
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Mary Jo - MARYJO-PC
# Running from : C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJBKVJOU\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\RadioRage_4j

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows4.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16563

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.BUTTON_STRUCTURE", "[{\"b\":221356380,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221356381,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]

*************************

AdwCleaner[R0].txt - [3212 octets] - [28/08/2014 14:40:45]
AdwCleaner[S0].txt - [3179 octets] - [28/08/2014 14:45:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3239 octets] ##########

 

14:53:50.0756 0x0c94 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

14:53:59.0274 0x0c94 ============================================================

14:53:59.0274 0x0c94 Current date / time: 2014/08/28 14:53:59.0274

14:53:59.0274 0x0c94 SystemInfo:

14:53:59.0274 0x0c94

14:53:59.0274 0x0c94 OS Version: 6.0.6002 ServicePack: 2.0

14:53:59.0274 0x0c94 Product type: Workstation

14:53:59.0274 0x0c94 ComputerName: MARYJO-PC

14:53:59.0274 0x0c94 UserName: Mary Jo

14:53:59.0274 0x0c94 Windows directory: C:\Windows

14:53:59.0274 0x0c94 System windows directory: C:\Windows

14:53:59.0274 0x0c94 Processor architecture: Intel x86

14:53:59.0274 0x0c94 Number of processors: 1

14:53:59.0274 0x0c94 Page size: 0x1000

14:53:59.0274 0x0c94 Boot type: Normal boot

14:53:59.0274 0x0c94 ============================================================

14:54:07.0495 0x0c94 KLMD registered as C:\Windows\system32\drivers\44726235.sys

14:54:09.0960 0x0c94 System UUID: {F972AB1D-BDAB-CE79-7540-510EEAD5A0B2}

14:54:16.0543 0x0c94 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:54:16.0637 0x0c94 ============================================================

14:54:16.0637 0x0c94 \Device\Harddisk0\DR0:

14:54:16.0746 0x0c94 MBR partitions:

14:54:16.0746 0x0c94 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEB9236

14:54:16.0746 0x0c94 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCEB9275, BlocksNum 0x10DA54C

14:54:16.0746 0x0c94 ============================================================

14:54:17.0105 0x0c94 C: <-> \Device\Harddisk0\DR0\Partition1

14:54:17.0401 0x0c94 D: <-> \Device\Harddisk0\DR0\Partition2

14:54:17.0401 0x0c94 ============================================================

14:54:17.0401 0x0c94 Initialize success

14:54:17.0401 0x0c94 ============================================================

14:54:56.0214 0x056c ============================================================

14:54:56.0214 0x056c Scan started

14:54:56.0214 0x056c Mode: Manual; SigCheck; TDLFS;

14:54:56.0214 0x056c ============================================================

14:54:56.0214 0x056c KSN ping started

14:55:10.0566 0x056c KSN ping finished: true

14:55:19.0817 0x056c ================ Scan system memory ========================

14:55:19.0832 0x056c System memory - ok

14:55:19.0863 0x056c ================ Scan services =============================

14:55:20.0316 0x056c [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys

14:55:21.0314 0x056c ACPI - ok

14:55:21.0876 0x056c [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:55:21.0938 0x056c AdobeFlashPlayerUpdateSvc - ok

14:55:22.0001 0x056c [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

14:55:22.0110 0x056c adp94xx - ok

14:55:22.0172 0x056c [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys

14:55:22.0219 0x056c adpahci - ok

14:55:22.0235 0x056c [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

14:55:22.0250 0x056c adpu160m - ok

14:55:22.0344 0x056c [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

14:55:22.0453 0x056c adpu320 - ok

14:55:22.0515 0x056c [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:55:24.0465 0x056c AeLookupSvc - ok

14:55:24.0575 0x056c [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys

14:55:24.0855 0x056c AFD - ok

14:55:24.0996 0x056c [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:55:24.0996 0x056c agp440 - ok

14:55:25.0058 0x056c [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

14:55:25.0105 0x056c aic78xx - ok

14:55:25.0136 0x056c [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe

14:55:25.0979 0x056c ALG - ok

14:55:26.0025 0x056c [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys

14:55:26.0041 0x056c aliide - ok

14:55:26.0135 0x056c [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

14:55:26.0197 0x056c amdagp - ok

14:55:26.0213 0x056c [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys

14:55:26.0291 0x056c amdide - ok

14:55:26.0587 0x056c [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

14:55:29.0114 0x056c AmdK7 - ok

14:55:29.0192 0x056c [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

14:55:29.0317 0x056c AmdK8 - ok

14:55:29.0379 0x056c [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll

14:55:29.0457 0x056c Appinfo - ok

14:55:29.0504 0x056c [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys

14:55:29.0520 0x056c arc - ok

14:55:29.0567 0x056c [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys

14:55:29.0582 0x056c arcsas - ok

14:55:29.0754 0x056c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

14:55:29.0863 0x056c aspnet_state - ok

14:55:29.0910 0x056c [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:55:30.0019 0x056c AsyncMac - ok

14:55:30.0050 0x056c [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys

14:55:30.0081 0x056c atapi - ok

14:55:30.0159 0x056c [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:55:30.0222 0x056c AudioEndpointBuilder - ok

14:55:30.0253 0x056c [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll

14:55:30.0300 0x056c Audiosrv - ok

14:55:30.0471 0x056c [ B5D974C1FD078A68C7536C561B031D39, A8B14474BC346E869DB8C29772CAED833596B9D4BCDDE9A9D4881FD5F78F8F1E ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

14:55:30.0861 0x056c Automatic LiveUpdate Scheduler - ok

14:55:31.0049 0x056c [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys

14:55:31.0236 0x056c Beep - ok

14:55:31.0485 0x056c [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll

14:55:31.0938 0x056c BFE - ok

14:55:32.0172 0x056c [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll

14:55:32.0421 0x056c BITS - ok

14:55:32.0437 0x056c blbdrive - ok

14:55:32.0484 0x056c [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:55:32.0577 0x056c bowser - ok

14:55:32.0624 0x056c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

14:55:32.0655 0x056c BrFiltLo - ok

14:55:32.0687 0x056c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

14:55:32.0718 0x056c BrFiltUp - ok

14:55:32.0765 0x056c [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll

14:55:32.0827 0x056c Browser - ok

14:55:32.0889 0x056c [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys

14:55:32.0983 0x056c Brserid - ok

14:55:33.0030 0x056c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

14:55:33.0123 0x056c BrSerWdm - ok

14:55:33.0155 0x056c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

14:55:33.0264 0x056c BrUsbMdm - ok

14:55:33.0295 0x056c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

14:55:33.0389 0x056c BrUsbSer - ok

14:55:33.0467 0x056c [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

14:55:33.0560 0x056c BTHMODEM - ok

14:55:33.0623 0x056c [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:55:33.0654 0x056c cdfs - ok

14:55:33.0732 0x056c [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:55:33.0779 0x056c cdrom - ok

14:55:33.0888 0x056c [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll

14:55:33.0997 0x056c CertPropSvc - ok

14:55:34.0013 0x056c [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys

14:55:34.0153 0x056c circlass - ok

14:55:34.0356 0x056c [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys

14:55:34.0371 0x056c CLFS - ok

14:55:34.0496 0x056c [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:55:34.0621 0x056c clr_optimization_v2.0.50727_32 - ok

14:55:34.0777 0x056c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:55:35.0011 0x056c clr_optimization_v4.0.30319_32 - ok

14:55:35.0073 0x056c [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:55:35.0136 0x056c cmdide - ok

14:55:35.0198 0x056c [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

14:55:35.0245 0x056c Compbatt - ok

14:55:35.0261 0x056c COMSysApp - ok

14:55:35.0292 0x056c [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

14:55:35.0307 0x056c crcdisk - ok

14:55:35.0354 0x056c [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys

14:55:35.0495 0x056c Crusoe - ok

14:55:35.0588 0x056c [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:55:35.0713 0x056c CryptSvc - ok

14:55:35.0994 0x056c [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:55:36.0446 0x056c DcomLaunch - ok

14:55:36.0540 0x056c [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:55:36.0821 0x056c DfsC - ok

14:55:37.0725 0x056c [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe

14:55:40.0908 0x056c DFSR - ok

14:55:41.0064 0x056c [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll

14:55:41.0157 0x056c Dhcp - ok

14:55:41.0251 0x056c [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys

14:55:41.0298 0x056c disk - ok

14:55:41.0407 0x056c [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:55:41.0469 0x056c Dnscache - ok

14:55:41.0547 0x056c [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll

14:55:41.0703 0x056c dot3svc - ok

14:55:41.0891 0x056c [ 57B2D433A08B95E4F1B53A919937F3E5, 2F865762B9F8D97F5697D4C6824600AD68FF85197FFDF7C208E8DC6B49BB2830 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

14:55:42.0140 0x056c Dot4 - ok

14:55:42.0234 0x056c [ D93FA484BB62FBE7E5EF335C5415D3CF, DC8AC4CA443021D70E27A0DB74347217C0B8152F317E4E90A670ECB45AB5F3CF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:55:42.0390 0x056c Dot4Print - ok

14:55:42.0468 0x056c [ 599742C4260FB3E8EDB3BE148B8CE856, 168E405FA3C354B0073629D3F0B4648AE4C3B621FF8643A45A3433C8115E2E12 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

14:55:42.0671 0x056c dot4usb - ok

14:55:42.0827 0x056c [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll

14:55:42.0951 0x056c DPS - ok

14:55:43.0014 0x056c [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:55:43.0279 0x056c drmkaud - ok

14:55:43.0778 0x056c [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:55:44.0418 0x056c DXGKrnl - ok

14:55:44.0558 0x056c [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

14:55:44.0792 0x056c E1G60 - ok

14:55:44.0870 0x056c [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll

14:55:44.0917 0x056c EapHost - ok

14:55:44.0995 0x056c [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys

14:55:45.0135 0x056c Ecache - ok

14:55:45.0369 0x056c [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys

14:55:45.0603 0x056c elxstor - ok

14:55:45.0869 0x056c [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

14:55:46.0415 0x056c EMDMgmt - ok

14:55:46.0555 0x056c [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll

14:55:46.0867 0x056c EventSystem - ok

14:55:46.0945 0x056c [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys

14:55:47.0148 0x056c exfat - ok

14:55:47.0210 0x056c [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:55:47.0366 0x056c fastfat - ok

14:55:47.0460 0x056c [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:55:47.0631 0x056c fdc - ok

14:55:47.0678 0x056c [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll

14:55:47.0834 0x056c fdPHost - ok

14:55:47.0959 0x056c [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll

14:55:48.0037 0x056c FDResPub - ok

14:55:48.0162 0x056c [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:55:48.0224 0x056c FileInfo - ok

14:55:48.0271 0x056c [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:55:48.0349 0x056c Filetrace - ok

14:55:48.0380 0x056c [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:55:48.0599 0x056c flpydisk - ok

14:55:48.0708 0x056c [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:55:48.0739 0x056c FltMgr - ok

14:55:49.0379 0x056c [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll

14:55:50.0190 0x056c FontCache - ok

14:55:50.0377 0x056c [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:55:50.0486 0x056c FontCache3.0.0.0 - ok

14:55:50.0533 0x056c [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:55:50.0705 0x056c Fs_Rec - ok

14:55:50.0814 0x056c [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

14:55:50.0861 0x056c gagp30kx - ok

14:55:50.0970 0x056c [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll

14:55:53.0294 0x056c gpsvc - ok

14:55:53.0466 0x056c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

14:55:53.0528 0x056c gupdate - ok

14:55:53.0622 0x056c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

14:55:53.0653 0x056c gupdatem - ok

14:55:53.0887 0x056c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:55:54.0012 0x056c gusvc - ok

14:55:54.0152 0x056c [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:55:54.0308 0x056c HdAudAddService - ok

14:55:54.0542 0x056c [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:55:54.0683 0x056c HDAudBus - ok

14:55:54.0729 0x056c [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys

14:55:54.0807 0x056c HidBth - ok

14:55:54.0854 0x056c [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys

14:55:54.0948 0x056c HidIr - ok

14:55:55.0010 0x056c [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll

14:55:55.0182 0x056c hidserv - ok

14:55:55.0229 0x056c [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:55:55.0291 0x056c HidUsb - ok

14:55:55.0400 0x056c [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll

14:55:56.0633 0x056c hkmsvc - ok

14:55:56.0773 0x056c [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

14:55:56.0867 0x056c HpCISSs - ok

14:55:57.0522 0x056c [ CC8A7D8A8DC9F357B57796583CF8B85F, 3B00CFBB57F54A2B0900397C219F771AA529DA584F2CDAFD06274D329DD4FE2B ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

14:56:05.0603 0x056c hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )

14:56:08.0255 0x056c Detect skipped due to KSN trusted

14:56:08.0255 0x056c hpqcxs08 - ok

14:56:08.0286 0x056c [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4, BA272FA56A9D9DE969B7330588A248BF16316BF48F0653CF09BDE09C2C937FE3 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

14:56:08.0317 0x056c hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )

14:56:19.0206 0x056c hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

14:56:22.0170 0x056c [ 8313DC0085E8D05ED6662E90C6918443, AB2CC970833BF38376E8DC82E495384D0B7B30750567843DD645693919D1477B ] HPSupportSolutionsFrameworkService C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe

14:56:22.0217 0x056c HPSupportSolutionsFrameworkService - ok

14:56:22.0497 0x056c [ 88749FBF8BEB18C90E7D6626C8C1910B, 8CCCCF75EE8D7C8F052DE48DCE7099BFA9D29E9D94E9EEB8C84F0EEE73CC2EDD ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys

14:56:23.0402 0x056c HSF_DP - ok

14:56:23.0699 0x056c [ FE440536BD98AF772130DC3A6FE1915F, F890A4336E6BC11A5D0A7D49CFD0626FFC2131E81260AE3E2501BCD29434C131 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys

14:56:24.0011 0x056c HSXHWBS2 - ok

14:56:24.0338 0x056c [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:56:24.0884 0x056c HTTP - ok

14:56:24.0962 0x056c [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys

14:56:25.0040 0x056c i2omp - ok

14:56:25.0118 0x056c [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:56:25.0196 0x056c i8042prt - ok

14:56:25.0321 0x056c [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

14:56:25.0399 0x056c iaStorV - ok

14:56:25.0555 0x056c [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

14:56:25.0727 0x056c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )

14:56:28.0191 0x056c Detect skipped due to KSN trusted

14:56:28.0191 0x056c IDriverT - ok

14:56:28.0363 0x056c [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:56:29.0081 0x056c idsvc - ok

14:56:29.0127 0x056c [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys

14:56:29.0143 0x056c iirsp - ok

14:56:29.0393 0x056c [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll

14:56:29.0845 0x056c IKEEXT - ok

14:56:30.0765 0x056c [ 4A705BF2A6F7972F2F2AD8A0D8079F95, B53B3ADAFBC690328E26BF087F5EC254EFA75598BF509B3BBF5DCC7DC7A72F13 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

14:56:33.0246 0x056c IntcAzAudAddService - ok

14:56:33.0449 0x056c [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys

14:56:33.0542 0x056c intelide - ok

14:56:33.0573 0x056c [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:56:35.0367 0x056c intelppm - ok

14:56:35.0601 0x056c [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:56:36.0912 0x056c IPBusEnum - ok

14:56:36.0974 0x056c [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:56:37.0115 0x056c IpFilterDriver - ok

14:56:37.0208 0x056c [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:56:37.0364 0x056c iphlpsvc - ok

14:56:37.0380 0x056c IpInIp - ok

14:56:37.0442 0x056c [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

14:56:37.0567 0x056c IPMIDRV - ok

14:56:37.0661 0x056c [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

14:56:37.0739 0x056c IPNAT - ok

14:56:37.0879 0x056c [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:56:38.0019 0x056c IRENUM - ok

14:56:38.0144 0x056c [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:56:38.0191 0x056c isapnp - ok

14:56:38.0253 0x056c [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

14:56:38.0347 0x056c iScsiPrt - ok

14:56:38.0363 0x056c [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

14:56:38.0394 0x056c iteatapi - ok

14:56:38.0456 0x056c [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys

14:56:38.0519 0x056c iteraid - ok

14:56:38.0581 0x056c [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:56:38.0612 0x056c kbdclass - ok

14:56:38.0659 0x056c [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

14:56:38.0768 0x056c kbdhid - ok

14:56:38.0846 0x056c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe

14:56:39.0049 0x056c KeyIso - ok

14:56:39.0236 0x056c [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:56:39.0533 0x056c KSecDD - ok

14:56:39.0735 0x056c [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll

14:56:40.0250 0x056c KtmRm - ok

14:56:40.0359 0x056c [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll

14:56:40.0500 0x056c LanmanServer - ok

14:56:40.0640 0x056c [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:56:40.0874 0x056c LanmanWorkstation - ok

14:56:41.0108 0x056c [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe

14:56:41.0217 0x056c LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )

14:56:43.0823 0x056c Detect skipped due to KSN trusted

14:56:43.0823 0x056c LightScribeService - ok

14:56:45.0336 0x056c [ A97EEB81F05BCE3D7AA6C81F04EF39A4, 5FE994FD8CA68BD9182C058F2A3C97AADF529BD10BE6E14E4825DB1F934D7F77 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

14:56:47.0910 0x056c LiveUpdate - ok

14:56:48.0409 0x056c [ DEB2A99C1AD9B9190C78E895AE60A745, D003BEA585EAC0110BFC69E127D8C1C0BA1E76E51EC7C7B844EAD7B6DACCBAF6 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

14:56:48.0861 0x056c LiveUpdate Notice Service - ok

14:56:48.0924 0x056c [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:56:49.0017 0x056c lltdio - ok

14:56:49.0173 0x056c [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:56:49.0361 0x056c lltdsvc - ok

14:56:49.0407 0x056c [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:56:49.0579 0x056c lmhosts - ok

14:56:49.0657 0x056c [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

14:56:49.0719 0x056c LSI_FC - ok

14:56:49.0782 0x056c [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

14:56:49.0844 0x056c LSI_SAS - ok

14:56:49.0907 0x056c [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

14:56:49.0938 0x056c LSI_SCSI - ok

14:56:49.0969 0x056c [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys

14:56:50.0047 0x056c luafv - ok

14:56:50.0109 0x056c [ E6CB119EF2E148EAA1A247343550756E, 11729FDA2D41D00B43107391416651E674F23DE21D398DA299FFFF61032A98D0 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

14:56:50.0234 0x056c McciCMService - detected UnsignedFile.Multi.Generic ( 1 )

14:56:52.0839 0x056c Detect skipped due to KSN trusted

14:56:52.0949 0x056c McciCMService - ok

14:56:53.0073 0x056c [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:56:53.0198 0x056c mdmxsdk - ok

14:56:53.0292 0x056c [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys

14:56:53.0448 0x056c megasas - ok

14:56:53.0510 0x056c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll

14:56:53.0682 0x056c MMCSS - ok

14:56:53.0775 0x056c [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys

14:56:53.0885 0x056c Modem - ok

14:56:53.0963 0x056c [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:56:54.0103 0x056c monitor - ok

14:56:54.0134 0x056c [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:56:54.0212 0x056c mouclass - ok

14:56:54.0337 0x056c [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:56:54.0462 0x056c mouhid - ok

14:56:54.0587 0x056c [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

14:56:54.0649 0x056c MountMgr - ok

14:56:54.0883 0x056c [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:56:55.0164 0x056c MozillaMaintenance - ok

14:56:55.0491 0x056c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

14:56:55.0710 0x056c MpFilter - ok

14:56:55.0928 0x056c [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys

14:56:56.0053 0x056c mpio - ok

14:56:56.0474 0x056c MpKsl0c4fd610 - ok

14:56:56.0552 0x056c [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:56:56.0661 0x056c mpsdrv - ok

14:56:57.0005 0x056c [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll

14:56:57.0473 0x056c MpsSvc - ok

14:56:57.0551 0x056c [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

14:56:57.0613 0x056c Mraid35x - ok

14:56:57.0707 0x056c [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

14:56:57.0831 0x056c MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )

14:57:00.0515 0x056c Detect skipped due to KSN trusted

14:57:00.0515 0x056c MREMP50 - ok

14:57:00.0530 0x056c MREMP50a64 - ok

14:57:00.0655 0x056c MREMPR5 - ok

14:57:00.0702 0x056c MRENDIS5 - ok

14:57:00.0811 0x056c [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

14:57:00.0920 0x056c MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )

14:57:03.0369 0x056c Detect skipped due to KSN trusted

14:57:03.0369 0x056c MRESP50 - ok

14:57:03.0385 0x056c MRESP50a64 - ok

14:57:03.0510 0x056c [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:57:03.0775 0x056c MRxDAV - ok

14:57:03.0884 0x056c [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:57:04.0181 0x056c mrxsmb - ok

14:57:04.0337 0x056c [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:57:04.0602 0x056c mrxsmb10 - ok

14:57:04.0695 0x056c [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:57:04.0805 0x056c mrxsmb20 - ok

14:57:04.0914 0x056c [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys

14:57:04.0976 0x056c msahci - ok

14:57:05.0054 0x056c [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:57:05.0179 0x056c msdsm - ok

14:57:05.0241 0x056c [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe

14:57:05.0413 0x056c MSDTC - ok

14:57:05.0491 0x056c [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:57:05.0600 0x056c Msfs - ok

14:57:05.0694 0x056c [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:57:05.0725 0x056c msisadrv - ok

14:57:05.0834 0x056c [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:57:06.0006 0x056c MSiSCSI - ok

14:57:06.0021 0x056c msiserver - ok

14:57:06.0115 0x056c [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:57:06.0271 0x056c MSKSSRV - ok

14:57:06.0521 0x056c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

14:57:06.0583 0x056c MsMpSvc - ok

14:57:06.0645 0x056c [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:57:06.0801 0x056c MSPCLOCK - ok

14:57:06.0895 0x056c [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:57:06.0989 0x056c MSPQM - ok

14:57:07.0145 0x056c [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:57:07.0332 0x056c MsRPC - ok

14:57:07.0394 0x056c [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

14:57:07.0457 0x056c mssmbios - ok

14:57:07.0581 0x056c [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:57:07.0737 0x056c MSTEE - ok

14:57:07.0800 0x056c [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys

14:57:07.0847 0x056c Mup - ok

14:57:08.0127 0x056c [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll

14:57:08.0471 0x056c napagent - ok

14:57:08.0642 0x056c [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:57:08.0814 0x056c NativeWifiP - ok

14:57:09.0422 0x056c [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:57:09.0906 0x056c NDIS - ok

14:57:09.0953 0x056c [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:57:10.0046 0x056c NdisTapi - ok

14:57:10.0093 0x056c [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:57:10.0233 0x056c Ndisuio - ok

14:57:10.0358 0x056c [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:57:10.0452 0x056c NdisWan - ok

14:57:10.0545 0x056c [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:57:10.0717 0x056c NDProxy - ok

14:57:10.0842 0x056c [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

14:57:10.0904 0x056c Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

14:57:13.0759 0x056c Detect skipped due to KSN trusted

14:57:13.0759 0x056c Net Driver HPZ12 - ok

14:57:13.0931 0x056c [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:57:14.0071 0x056c NetBIOS - ok

14:57:14.0180 0x056c [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys

14:57:14.0414 0x056c netbt - ok

14:57:14.0445 0x056c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe

14:57:14.0492 0x056c Netlogon - ok

14:57:14.0601 0x056c [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll

14:57:14.0695 0x056c Netman - ok

14:57:14.0757 0x056c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:57:15.0054 0x056c NetMsmqActivator - ok

14:57:15.0085 0x056c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:57:15.0101 0x056c NetPipeActivator - ok

14:57:15.0225 0x056c [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll

14:57:15.0444 0x056c netprofm - ok

14:57:15.0506 0x056c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:57:15.0522 0x056c NetTcpActivator - ok

14:57:15.0725 0x056c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:57:15.0771 0x056c NetTcpPortSharing - ok

14:57:15.0849 0x056c [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

14:57:15.0865 0x056c nfrd960 - ok

14:57:16.0005 0x056c [ FCBC2F48430EB0D7150A6521C0B84ACA, EEFB975E2D1121EE9E93702F2CA2938C99C6B2273616C85816BA15E857E8D4FF ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:57:16.0083 0x056c NisDrv - ok

14:57:16.0317 0x056c [ E4AA07F8BCBCB66EF115C443CD45C7A2, 3B538D9E376F12FC8589BA500BB5E859337CF1856D0E4AA66E2E3B5E301DAEC5 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

14:57:16.0567 0x056c NisSrv - ok

14:57:16.0692 0x056c [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll

14:57:16.0863 0x056c NlaSvc - ok

14:57:16.0910 0x056c [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:57:16.0988 0x056c Npfs - ok

14:57:17.0035 0x056c [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll

14:57:17.0129 0x056c nsi - ok

14:57:17.0175 0x056c [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:57:17.0238 0x056c nsiproxy - ok

14:57:17.0753 0x056c [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:57:18.0423 0x056c Ntfs - ok

14:57:19.0359 0x056c [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

14:57:19.0531 0x056c ntrigdigi - ok

14:57:19.0609 0x056c [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys

14:57:19.0640 0x056c Null - ok

14:57:20.0077 0x056c [ 74C825C573AA6E115590D94E7BF86901, C87E3415CFDE8F83AEC187772357C5BD86BBF7596A11F3D541F2C12806083519 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys

14:57:21.0013 0x056c NVENETFD - ok

14:57:24.0117 0x056c [ E633E4E0E6A65FEA569DC2773F1C6D58, FD37687C46121E0882EF28B994EA320BBFC307F2B19E5EB3226894142F1A18E4 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:57:38.0501 0x056c nvlddmkm - ok

14:57:38.0766 0x056c [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:57:38.0891 0x056c nvraid - ok

14:57:39.0109 0x056c [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:57:39.0140 0x056c nvstor - ok

14:57:39.0374 0x056c [ 019054D997F65358DCA63ECAE5103F97, CE50AD233E09C8BC7ACB0AE3E92609BCC6F05FBF4E53F402CD0A5D37946C4022 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys

14:57:39.0437 0x056c nvstor32 - ok

14:57:39.0593 0x056c [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:57:39.0655 0x056c nv_agp - ok

14:57:39.0733 0x056c NwlnkFlt - ok

14:57:39.0749 0x056c NwlnkFwd - ok

14:57:40.0388 0x056c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:57:40.0965 0x056c odserv - ok

14:57:41.0371 0x056c [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:57:41.0855 0x056c ohci1394 - ok

14:57:44.0975 0x056c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:57:45.0224 0x056c ose - ok

14:57:45.0895 0x056c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll

14:57:47.0221 0x056c p2pimsvc - ok

14:57:47.0595 0x056c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll

14:57:47.0783 0x056c p2psvc - ok

14:57:47.0892 0x056c [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys

14:57:48.0017 0x056c Parport - ok

14:57:48.0126 0x056c [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:57:48.0188 0x056c partmgr - ok

14:57:48.0266 0x056c [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

14:57:48.0391 0x056c Parvdm - ok

14:57:48.0500 0x056c [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll

14:57:48.0781 0x056c PcaSvc - ok

14:57:48.0859 0x056c [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys

14:57:49.0015 0x056c pci - ok

14:57:49.0155 0x056c [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys

14:57:49.0171 0x056c pciide - ok

14:57:49.0327 0x056c [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

14:57:49.0436 0x056c pcmcia - ok

14:57:50.0045 0x056c [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:57:50.0887 0x056c PEAUTH - ok

14:57:52.0088 0x056c [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll

14:57:55.0988 0x056c pla - ok

14:57:56.0129 0x056c [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:57:56.0394 0x056c PlugPlay - ok

14:57:56.0519 0x056c [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

14:57:56.0597 0x056c Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

14:57:59.0280 0x056c Detect skipped due to KSN trusted

14:57:59.0280 0x056c Pml Driver HPZ12 - ok

14:57:59.0717 0x056c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

14:58:00.0278 0x056c PNRPAutoReg - ok

14:58:00.0606 0x056c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll

14:58:01.0105 0x056c PNRPsvc - ok

14:58:01.0277 0x056c [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:58:01.0667 0x056c PolicyAgent - ok

14:58:01.0776 0x056c [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:58:03.0663 0x056c PptpMiniport - ok

14:58:03.0835 0x056c [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys

14:58:04.0007 0x056c Processor - ok

14:58:04.0131 0x056c [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll

14:58:04.0256 0x056c ProfSvc - ok

14:58:04.0287 0x056c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe

14:58:04.0319 0x056c ProtectedStorage - ok

14:58:04.0381 0x056c [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

14:58:04.0506 0x056c PSched - ok

14:58:04.0568 0x056c [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

14:58:04.0615 0x056c PxHelp20 - ok

14:58:04.0849 0x056c [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys

14:58:05.0395 0x056c ql2300 - ok

14:58:05.0520 0x056c [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

14:58:05.0598 0x056c ql40xx - ok

14:58:05.0863 0x056c [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll

14:58:06.0019 0x056c QWAVE - ok

14:58:06.0097 0x056c [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:58:06.0144 0x056c QWAVEdrv - ok

14:58:06.0237 0x056c [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:58:06.0503 0x056c RasAcd - ok

14:58:06.0659 0x056c [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll

14:58:06.0815 0x056c RasAuto - ok

14:58:06.0924 0x056c [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:58:07.0095 0x056c Rasl2tp - ok

14:58:07.0298 0x056c [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll

14:58:07.0407 0x056c RasMan - ok

14:58:07.0485 0x056c [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:58:07.0610 0x056c RasPppoe - ok

14:58:07.0673 0x056c [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:58:07.0719 0x056c RasSstp - ok

14:58:07.0844 0x056c [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:58:08.0031 0x056c rdbss - ok

14:58:08.0109 0x056c [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:58:08.0250 0x056c RDPCDD - ok

14:58:08.0453 0x056c [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

14:58:08.0655 0x056c rdpdr - ok

14:58:08.0718 0x056c [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:58:08.0811 0x056c RDPENCDD - ok

14:58:08.0967 0x056c [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:58:09.0201 0x056c RDPWD - ok

14:58:09.0295 0x056c [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll

14:58:09.0389 0x056c RemoteAccess - ok

14:58:09.0513 0x056c [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:58:09.0654 0x056c RemoteRegistry - ok

14:58:10.0184 0x056c [ 062D1268CFCF569BA5FBCFD1BEA88D2A, BD677B2B9542267B776C9B5D53E50F97287F084AC55C68F7E4D306F7F6CAEE6E ] RoxMediaDB9 c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

14:58:10.0980 0x056c RoxMediaDB9 - ok

14:58:11.0058 0x056c [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe

14:58:11.0276 0x056c RpcLocator - ok

14:58:11.0479 0x056c [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll

14:58:11.0853 0x056c RpcSs - ok

14:58:11.0947 0x056c [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:58:12.0087 0x056c rspndr - ok

14:58:12.0134 0x056c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe

14:58:12.0165 0x056c SamSs - ok

14:58:12.0290 0x056c [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:58:12.0321 0x056c sbp2port - ok

14:58:12.0399 0x056c [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:58:12.0462 0x056c SCardSvr - ok

14:58:12.0899 0x056c [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll

14:58:13.0398 0x056c Schedule - ok

14:58:13.0460 0x056c [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll

14:58:13.0554 0x056c SCPolicySvc - ok

14:58:13.0632 0x056c [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:58:14.0006 0x056c SDRSVC - ok

14:58:14.0084 0x056c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:58:14.0225 0x056c secdrv - ok

14:58:14.0349 0x056c [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll

14:58:14.0381 0x056c seclogon - ok

14:58:14.0505 0x056c [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll

14:58:14.0583 0x056c SENS - ok

14:58:14.0615 0x056c [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys

14:58:14.0693 0x056c Serenum - ok

14:58:14.0802 0x056c [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys

14:58:14.0942 0x056c Serial - ok

14:58:15.0020 0x056c [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys

14:58:15.0098 0x056c sermouse - ok

14:58:15.0207 0x056c [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll

14:58:15.0317 0x056c SessionEnv - ok

14:58:15.0395 0x056c [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:58:15.0644 0x056c sffdisk - ok

14:58:15.0675 0x056c [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:58:15.0972 0x056c sffp_mmc - ok

14:58:16.0050 0x056c [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:58:16.0143 0x056c sffp_sd - ok

14:58:16.0206 0x056c [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

14:58:16.0284 0x056c sfloppy - ok

14:58:16.0455 0x056c [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:58:16.0689 0x056c SharedAccess - ok

14:58:16.0830 0x056c [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:58:16.0970 0x056c ShellHWDetection - ok

14:58:17.0033 0x056c [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys

14:58:17.0111 0x056c sisagp - ok

14:58:17.0189 0x056c [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

14:58:17.0204 0x056c SiSRaid2 - ok

14:58:17.0267 0x056c [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

14:58:17.0313 0x056c SiSRaid4 - ok

14:58:19.0513 0x056c [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe

14:58:24.0240 0x056c slsvc - ok

14:58:24.0365 0x056c [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll

14:58:24.0474 0x056c SLUINotify - ok

14:58:24.0536 0x056c [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:58:24.0614 0x056c Smb - ok

14:58:24.0786 0x056c [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:58:24.0833 0x056c SNMPTRAP - ok

14:58:24.0942 0x056c [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys

14:58:25.0035 0x056c spldr - ok

14:58:25.0191 0x056c [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe

14:58:25.0519 0x056c Spooler - ok

14:58:25.0753 0x056c [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys

14:58:26.0205 0x056c srv - ok

14:58:26.0377 0x056c [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:58:26.0642 0x056c srv2 - ok

14:58:26.0814 0x056c [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:58:26.0907 0x056c srvnet - ok

14:58:27.0110 0x056c [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:58:27.0266 0x056c SSDPSRV - ok

14:58:27.0469 0x056c [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:58:27.0547 0x056c SstpSvc - ok

14:58:27.0906 0x056c [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll

14:58:28.0405 0x056c stisvc - ok

14:58:28.0639 0x056c [ 4CFEB2BD9723489DA072B300940EA287, 353F94EE5249CD2C691E13DD5E510CC410C9A28E13983AC7C82AE3A1C2520A7F ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

14:58:42.0944 0x056c stllssvr - ok

14:58:43.0053 0x056c [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys

14:58:43.0116 0x056c swenum - ok

14:58:43.0319 0x056c [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll

14:58:43.0553 0x056c swprv - ok

14:58:43.0662 0x056c [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

14:58:43.0740 0x056c Symc8xx - ok

14:58:43.0818 0x056c [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

14:58:43.0849 0x056c Sym_hi - ok

14:58:44.0021 0x056c [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

14:58:44.0083 0x056c Sym_u3 - ok

14:58:44.0442 0x056c [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll

14:58:45.0035 0x056c SysMain - ok

14:58:45.0175 0x056c [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:58:45.0393 0x056c TabletInputService - ok

14:58:45.0627 0x056c [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:58:46.0049 0x056c TapiSrv - ok

14:58:46.0158 0x056c [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll

14:58:46.0236 0x056c TBS - ok

14:58:47.0031 0x056c [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:58:48.0233 0x056c Tcpip - ok

14:58:48.0950 0x056c [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

14:58:49.0824 0x056c Tcpip6 - ok

14:58:49.0933 0x056c [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:58:50.0058 0x056c tcpipreg - ok

14:58:50.0151 0x056c [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:58:50.0292 0x056c TDPIPE - ok

14:58:50.0370 0x056c [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:58:50.0479 0x056c TDTCP - ok

14:58:50.0573 0x056c [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:58:50.0666 0x056c tdx - ok

14:58:50.0838 0x056c [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

14:58:50.0885 0x056c TermDD - ok

14:58:51.0103 0x056c [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll

14:58:51.0602 0x056c TermService - ok

14:58:51.0805 0x056c [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll

14:58:51.0977 0x056c Themes - ok

14:58:52.0039 0x056c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll

14:58:52.0086 0x056c THREADORDER - ok

14:58:52.0164 0x056c [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll

14:58:52.0257 0x056c TrkWks - ok

14:58:52.0398 0x056c [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:58:52.0491 0x056c TrustedInstaller - ok

14:58:52.0585 0x056c [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:58:52.0772 0x056c tssecsrv - ok

14:58:52.0866 0x056c [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

14:58:53.0100 0x056c tunmp - ok

14:58:53.0225 0x056c [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:58:53.0303 0x056c tunnel - ok

14:58:53.0396 0x056c [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys

14:58:53.0459 0x056c uagp35 - ok

14:58:53.0599 0x056c [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:58:53.0786 0x056c udfs - ok

14:58:53.0989 0x056c [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:58:54.0114 0x056c UI0Detect - ok

14:58:54.0597 0x056c [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:58:54.0675 0x056c uliagpkx - ok

14:58:54.0909 0x056c [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys

14:58:54.0987 0x056c uliahci - ok

14:58:55.0159 0x056c [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys

14:58:55.0331 0x056c UlSata - ok

14:58:55.0409 0x056c [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

14:58:55.0502 0x056c ulsata2 - ok

14:58:55.0596 0x056c [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:58:55.0767 0x056c umbus - ok

14:58:55.0908 0x056c [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll

14:58:56.0173 0x056c upnphost - ok

14:58:56.0547 0x056c [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:58:56.0719 0x056c usbccgp - ok

14:58:56.0891 0x056c [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:58:59.0340 0x056c usbcir - ok

14:58:59.0449 0x056c [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:58:59.0511 0x056c usbehci - ok

14:58:59.0699 0x056c [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:58:59.0886 0x056c usbhub - ok

14:58:59.0933 0x056c [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

14:58:59.0995 0x056c usbohci - ok

14:59:00.0073 0x056c [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:59:00.0198 0x056c usbprint - ok

14:59:00.0307 0x056c [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

14:59:00.0463 0x056c usbscan - ok

14:59:00.0557 0x056c [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:00.0681 0x056c USBSTOR - ok

14:59:00.0759 0x056c [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

14:59:00.0993 0x056c usbuhci - ok

14:59:01.0134 0x056c [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll

14:59:01.0290 0x056c UxSms - ok

14:59:01.0789 0x056c [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe

14:59:03.0287 0x056c vds - ok

14:59:04.0067 0x056c [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:59:04.0363 0x056c vga - ok

14:59:04.0597 0x056c [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys

14:59:04.0956 0x056c VgaSave - ok

14:59:05.0003 0x056c [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys

14:59:05.0049 0x056c viaagp - ok

14:59:05.0627 0x056c [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys

14:59:05.0923 0x056c ViaC7 - ok

14:59:06.0469 0x056c [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys

14:59:06.0516 0x056c viaide - ok

14:59:06.0594 0x056c [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:59:06.0687 0x056c volmgr - ok

14:59:07.0031 0x056c [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:59:07.0779 0x056c volmgrx - ok

14:59:08.0060 0x056c [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:59:08.0294 0x056c volsnap - ok

14:59:08.0544 0x056c [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

14:59:08.0669 0x056c vsmraid - ok

14:59:09.0792 0x056c [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe

14:59:12.0319 0x056c VSS - ok

14:59:12.0693 0x056c [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll

14:59:13.0224 0x056c W32Time - ok

14:59:13.0317 0x056c [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

14:59:13.0583 0x056c WacomPen - ok

14:59:13.0770 0x056c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

14:59:13.0926 0x056c Wanarp - ok

14:59:14.0019 0x056c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:59:14.0066 0x056c Wanarpv6 - ok

14:59:14.0612 0x056c [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:59:15.0501 0x056c wcncsvc - ok

14:59:15.0673 0x056c [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:59:15.0798 0x056c WcsPlugInService - ok

14:59:15.0938 0x056c [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys

14:59:16.0079 0x056c Wd - ok

14:59:16.0734 0x056c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:59:17.0405 0x056c Wdf01000 - ok

14:59:17.0732 0x056c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:59:17.0935 0x056c WdiServiceHost - ok

14:59:18.0029 0x056c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:59:18.0091 0x056c WdiSystemHost - ok

14:59:18.0372 0x056c [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll

14:59:18.0590 0x056c WebClient - ok

14:59:18.0840 0x056c [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:59:19.0308 0x056c Wecsvc - ok

14:59:19.0433 0x056c [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:59:19.0511 0x056c wercplsupport - ok

14:59:19.0651 0x056c [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll

14:59:19.0823 0x056c WerSvc - ok

14:59:20.0571 0x056c [ 72CC6A8CA7891031D6380DB5025C773C, 33D5021C3A2FE8E9F6E2C22F4777E1D82A6B3998EB857B618A3C8838D3C8B03E ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

14:59:21.0507 0x056c winachsf - ok

14:59:21.0788 0x056c [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

14:59:22.0038 0x056c WinDefend - ok

14:59:22.0116 0x056c WinHttpAutoProxySvc - ok

14:59:22.0365 0x056c [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:59:22.0443 0x056c Winmgmt - ok

14:59:22.0943 0x056c [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll

14:59:24.0128 0x056c WinRM - ok

14:59:24.0393 0x056c [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll

14:59:24.0924 0x056c Wlansvc - ok

14:59:25.0002 0x056c [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

14:59:25.0189 0x056c WmiAcpi - ok

14:59:25.0298 0x056c [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:59:25.0392 0x056c wmiApSrv - ok

14:59:25.0969 0x056c [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

14:59:26.0702 0x056c WMPNetworkSvc - ok

14:59:26.0905 0x056c [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:59:27.0030 0x056c WPCSvc - ok

14:59:27.0155 0x056c [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:59:27.0498 0x056c WPDBusEnum - ok

14:59:27.0966 0x056c [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:59:28.0668 0x056c WPFFontCache_v0400 - ok

14:59:28.0746 0x056c [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:59:28.0855 0x056c ws2ifsl - ok

14:59:28.0964 0x056c [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll

14:59:29.0042 0x056c wscsvc - ok

14:59:29.0089 0x056c WSearch - ok

14:59:30.0228 0x056c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll

14:59:32.0630 0x056c wuauserv - ok

14:59:32.0771 0x056c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:59:33.0051 0x056c WudfPf - ok

14:59:33.0192 0x056c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:59:33.0395 0x056c WUDFRd - ok

14:59:33.0488 0x056c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:59:33.0551 0x056c wudfsvc - ok

14:59:33.0785 0x056c [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

14:59:33.0878 0x056c XAudio - ok

14:59:34.0081 0x056c [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

14:59:34.0393 0x056c XAudioService - ok

14:59:34.0471 0x056c ================ Scan global ===============================

14:59:34.0611 0x056c [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll

14:59:34.0767 0x056c [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll

14:59:35.0298 0x056c [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll

14:59:35.0501 0x056c [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe

14:59:35.0657 0x056c [ Global ] - ok

14:59:35.0672 0x056c ================ Scan MBR ==================================

14:59:35.0703 0x056c [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0

14:59:39.0947 0x056c \Device\Harddisk0\DR0 - ok

14:59:39.0962 0x056c ================ Scan VBR ==================================

14:59:39.0993 0x056c [ 4757E27AF81DC8DAAD324B154E5844B9 ] \Device\Harddisk0\DR0\Partition1

14:59:40.0149 0x056c \Device\Harddisk0\DR0\Partition1 - ok

14:59:40.0227 0x056c [ 6831DF6F1DFB1736CFACC4176376C1B5 ] \Device\Harddisk0\DR0\Partition2

14:59:40.0227 0x056c \Device\Harddisk0\DR0\Partition2 - ok

14:59:40.0243 0x056c ================ Scan generic autorun ======================

14:59:40.0836 0x056c [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe

14:59:41.0912 0x056c Windows Defender - ok

14:59:42.0209 0x056c [ 85B8925F1A477DF7AEC93CABBEB04F1F, 5E8347C600A4BCD36196DFF98BE880FFABD67A2AC7834FC63E94EAB84FFFEA42 ] c:\hp\support\hpsysdrv.exe

14:59:48.0355 0x056c hpsysdrv - detected UnsignedFile.Multi.Generic ( 1 )

14:59:50.0991 0x056c Detect skipped due to KSN trusted

14:59:50.0991 0x056c hpsysdrv - ok

14:59:51.0163 0x056c [ B1361669BDC6ED612C35B7C67ADA2240, 85ECCA86F7FFD69A0B6BDDC6844FB2E935744B8A825DEAE160180833C556B08B ] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

14:59:54.0798 0x056c OsdMaestro - detected UnsignedFile.Multi.Generic ( 1 )

14:59:57.0387 0x056c Detect skipped due to KSN trusted

14:59:57.0387 0x056c OsdMaestro - ok

15:00:00.0757 0x056c [ F3B864BF39CDB3A71F2774DD02FC1090, 12BE0C140C89F4F60428B489E9854BE9A6BC6C8AC395AA3CAFD39C888C2A0779 ] C:\Windows\RtHDVCpl.exe

15:00:10.0304 0x056c RtHDVCpl - ok

15:00:10.0569 0x056c [ 57FDEC0DBE3FC684850D8240F981F053, E99F2922B4A4AF2F1CC9416BE1E63063C02DB7BB236BE6F4E475922CB1F127B2 ] C:\Program Files\HP\DVDPlay\DPService.exe

15:00:15.0093 0x056c DPService - detected UnsignedFile.Multi.Generic ( 1 )

15:00:25.0311 0x056c DPService ( UnsignedFile.Multi.Generic ) - warning

15:00:28.0541 0x056c [ B93C4070F24E46B0097648C276B5039E, 5113AAB400D456A5C11EF47E40755755F227BB4A7134C0E2C81F6199C896BD98 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

15:00:28.0697 0x056c HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )

15:00:31.0505 0x056c Detect skipped due to KSN trusted

15:00:31.0505 0x056c HP Software Update - ok

15:00:31.0988 0x056c [ DEB2A99C1AD9B9190C78E895AE60A745, D003BEA585EAC0110BFC69E127D8C1C0BA1E76E51EC7C7B844EAD7B6DACCBAF6 ] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

15:00:32.0441 0x056c Symantec PIF AlertEng - ok

15:00:32.0659 0x056c [ FA7EB9AFF3D726A6BF0494BEE7E378F6, 79FD8DD1303EA9C1BCC397E2E4695EE539BF3EAC1F6911EFC825DE7412E1DD56 ] C:\Program Files\QuickTime\qttask.exe

15:00:32.0768 0x056c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )

15:00:35.0592 0x056c Detect skipped due to KSN trusted

15:00:35.0592 0x056c QuickTime Task - ok

15:00:35.0779 0x056c [ 29BE51557A3E686B297BE273EB17CA67, BFE3D26F3B3B1E3328620612BE450BCA0DEB7BB6C9E0D0199A55D3CE39953FA0 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe

15:00:35.0982 0x056c TkBellExe - ok

15:00:36.0013 0x056c NvSvc - ok

15:00:36.0044 0x056c NvCplDaemon - ok

15:00:36.0075 0x056c NvMediaCenter - ok

15:00:36.0325 0x056c [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

15:00:39.0632 0x056c Adobe Reader Speed Launcher - ok

15:00:40.0443 0x056c [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

15:00:41.0910 0x056c Adobe ARM - ok

15:00:42.0846 0x056c [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe

15:00:45.0092 0x056c MSC - ok

15:00:45.0966 0x056c [ 31539595F006DAE39F719735F30C3570, 9484FF4AE6D74CAEE4AA0003D4E5AA58BD29473635712FA63E0BE90D83BB88AE ] C:\Windows\SMINST\launcher.exe

15:00:46.0574 0x056c Launcher - detected UnsignedFile.Multi.Generic ( 1 )

15:00:49.0148 0x056c Detect skipped due to KSN trusted

15:00:49.0148 0x056c Launcher - ok

15:00:58.0524 0x056c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe

15:01:01.0909 0x056c Sidebar - ok

15:01:01.0940 0x056c WindowsWelcomeCenter - ok

15:01:03.0672 0x056c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe

15:01:09.0506 0x056c Sidebar - ok

15:01:09.0537 0x056c WindowsWelcomeCenter - ok

15:01:09.0771 0x056c [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

15:01:09.0865 0x056c swg - ok

15:01:09.0881 0x056c Waiting for KSN requests completion. In queue: 1

15:01:10.0895 0x056c Waiting for KSN requests completion. In queue: 1

15:01:11.0909 0x056c Waiting for KSN requests completion. In queue: 1

15:01:18.0975 0x056c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )

15:01:20.0255 0x056c Win FW state via NFP2: enabled

15:01:22.0907 0x056c ============================================================

15:01:22.0907 0x056c Scan finished

15:01:22.0907 0x056c ============================================================

15:01:24.0030 0x0528 Detected object count: 2

15:01:24.0030 0x0528 Actual detected object count: 2

15:04:09.0920 0x0528 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:09.0920 0x0528 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:09.0920 0x0528 DPService ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:09.0920 0x0528 DPService ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

The logs are looking good, except instead of the OTL fix log, you posted a copy of your original scan log. Please look in here: C:\_OTL\MovedFiles and you'll find a copy of the fix log. Please post that log along with the requested logs in this post.

Let's continue. :thumbsup:


Step 1: Program Uninstall

Please uninstall the following program from your machine as it is an adware/malware related program. We've removed a lot of it via the OTL fix, so if the machine gives you a message about unable to locate the uninstaller and want to remove it from the list, please answer yes.

DictionaryBoss Firefox Toolbar


How is the machine running now?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 2: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • OTL Fix Log
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#6
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service LiveUpdate Notice Ex stopped successfully!
Service LiveUpdate Notice Ex deleted successfully!
File c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon not found.
Service DictionaryBossService stopped successfully!
Service DictionaryBossService deleted successfully!
C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe moved successfully.
Prefs.js: v4ffxtbr%40DictionaryBoss.com:6.66.4.32989 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@DictionaryBoss.com/Plugin\ deleted successfully.
C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\DictionaryBoss\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\DictionaryBoss\bar\1.bin\chrome folder moved successfully.
C:\Program Files\DictionaryBoss\bar\1.bin folder moved successfully.
C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected]\plugins folder moved successfully.
C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\extensions\[email protected] folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AddressBookReminderApp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DictionaryBoss Search Scope Monitor deleted successfully.
File C:\Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe5b227-d44c-11e3-9597-001bb9845aca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe5b227-d44c-11e3-9597-001bb9845aca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe5b227-d44c-11e3-9597-001bb9845aca}\ not found.
File H:\MotoCastSetup.exe -a not found.
========== FILES ==========
C:\Program Files\DictionaryBoss\bar\Settings folder moved successfully.
C:\Program Files\DictionaryBoss\bar\Message folder moved successfully.
C:\Program Files\DictionaryBoss\bar\IE9Mesg folder moved successfully.
C:\Program Files\DictionaryBoss\bar\gen1 folder moved successfully.
C:\Program Files\DictionaryBoss\bar folder moved successfully.
C:\Program Files\DictionaryBoss folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mary Jo
->Temp folder emptied: 10330126 bytes
->Temporary Internet Files folder emptied: 308880575 bytes
->FireFox cache emptied: 136793173 bytes
->Flash cache emptied: 128958 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1180588577 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,561.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 08282014_134130

Files\Folders moved on Reboot...
C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWZHQ62\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWZHQ62\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot moved successfully.
C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWZHQ62\PRmiXeptR36kaC0GEAetxrFt29aCHKT7otDW9l62Aag[1].eot moved successfully.
C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWZHQ62\xjAJXh38I15wypJXxuGMBmfQcKutQXcIrRfyR5jdjY8[1].eot moved successfully.
C:\Users\Mary Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SPHZEZ5\342576-computer-slowing-to-a-crawl[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#7
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 8/29/2014 12:06:30 PM, SYSTEM, MARYJO-PC, Protection, Malware Protection, Starting,
Protection, 8/29/2014 12:06:30 PM, SYSTEM, MARYJO-PC, Protection, Malware Protection, Started,
Protection, 8/29/2014 12:06:31 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/29/2014 12:08:02 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Started,
Update, 8/29/2014 12:08:20 PM, SYSTEM, MARYJO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1,
Update, 8/29/2014 12:08:24 PM, SYSTEM, MARYJO-PC, Manual, Malware Database, 2014.3.4.9, 2014.8.29.5,
Protection, 8/29/2014 12:08:25 PM, SYSTEM, MARYJO-PC, Protection, Refresh, Starting,
Protection, 8/29/2014 12:08:25 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/29/2014 12:08:25 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/29/2014 12:08:34 PM, SYSTEM, MARYJO-PC, Protection, Refresh, Success,
Protection, 8/29/2014 12:08:34 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/29/2014 12:08:34 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Started,
Protection, 8/29/2014 12:49:18 PM, SYSTEM, MARYJO-PC, Protection, Malware Protection, Starting,
Protection, 8/29/2014 12:49:18 PM, SYSTEM, MARYJO-PC, Protection, Malware Protection, Started,
Protection, 8/29/2014 12:49:18 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/29/2014 12:51:20 PM, SYSTEM, MARYJO-PC, Protection, Malicious Website Protection, Started,

(end)


  • 0

#8
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0d9b075b54f5554fa5603b9b7f16405c
# engine=19906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-29 07:50:47
# local_time=2014-08-29 03:50:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10940812 80527469 0 0
# scanned=181195
# found=38
# cleaned=0
# scan_time=7792
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\AppIntegrator64.exe"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\AppIntegratorStub64.dll"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\CREXT.DLL"
sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\CrExtPv4.exe"
sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\DPNMNGR.DLL"
sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\EXEMANAGER.DLL"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\Hpg64.dll"
sh=9FA3B02605AC25070611C0AB66D139A20810DE2E ft=1 fh=0243570f36dc068b vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll"
sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\T8EXTEX.DLL"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\T8EXTPEX.DLL"
sh=7BBFF8810BB79104FE275FBBF7DE48DCBD877E01 ft=1 fh=946da15070ee37db vn="probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\T8HTML.DLL"
sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\T8TICKER.DLL"
sh=1A77EA9E7975B74FB40A3B624896E30CAA8CCC3E ft=1 fh=fd94b5f53ab27b7a vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4bar.dll"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4datact.dll"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4dyn.dll"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4feedmg.dll"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4highin.exe"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4hkstub.dll"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4htmlmu.dll"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4httpct.dll"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4idle.dll"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4impipe.exe"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4medint.exe"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4mlbtn.dll"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4msg.dll"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4Plugin.dll"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4radio.dll"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4regfft.dll"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4reghk.dll"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4script.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4skin.dll"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4sknlcr.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4skplay.exe"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4tpinst.dll"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\v4uabtn.dll"
sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08282014_134130\C_Program Files\DictionaryBoss\bar\1.bin\VERIFY.DLL"
 


  • 0

#9
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     14.0.0.145  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 


  • 0

#10
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

The computer still has it's moments.  It's running a bit better but if it doesn't want to open a program or browser you are going to wait and wait a while.  It can be a stubborn critter.


  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Please restart Malwarebytes Antimalware, Click History, then Application Logs, then check the Select box by the first [/b]Scan Log[/b] in the list.

Click View, then click Export, select [/b]text file[/b] and save to the desktop as MBAM.txt and post in your next reply.

The log you posted was a protection log, not the scan log.

The OTL fix log looks great, as does the ESET log. All the items ESET found are already harmlessly quarantined. :thumbsup:

The computer still has it's moments. It's running a bit better but if it doesn't want to open a program or browser you are going to wait and wait a while. It can be a stubborn critter.

Is it an older machine? I noticed there's less than a gig of memory on the machine and only 28% available.
  • 0

#12
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/29/2014
Scan Time: 12:11:17 PM
Logfile: mbam1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.29.05
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Mary Jo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279152
Time Elapsed: 19 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{3042df7a-e900-4389-9b94-923df0daa57e}, Quarantined, [f6a3d8f1ed8e91a585dac5ed6f93b54b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\DictionaryBoss.SkinLauncherSettings, Quarantined, [5544c9003e3dbd79fbdc6749ad559c64],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\DictionaryBoss.SkinLauncherSettings.1, Quarantined, [d1c81daca7d45adc63748b250ef40ef2],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\DictionaryBoss, Quarantined, [bcdd73567ffc3df9824e5caaf21150b0],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3059233835-3353280660-999596595-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DictionaryBoss, Quarantined, [138625a42259ef4770867d83956e916f],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MindSpark.A, C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\DictionaryBoss, Quarantined, [9207e2e74b3050e605541bb141c1649c],

Files: 2
PUP.Optional.InstallBrain, C:\Users\Mary Jo\Downloads\SpeedAnalysisSetup.exe, Quarantined, [9ffab118ef8c290d5b69346efc059868],
PUP.Optional.MindSpark.A, C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default\DictionaryBoss\D7537C99-FE3A-43D6-898F-48235875151B.sqlite, Quarantined, [9207e2e74b3050e605541bb141c1649c],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#13
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

It's not very old there just isn't much to it.  It's my Mom's computer and she doesn't need a whole lot of computer, 


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

It's not very old there just isn't much to it.  It's my Mom's computer and she doesn't need a whole lot of computer,


Ok, let's take a look with a different scan tool. :thumbsup:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

FRST Log

Addition.txt Log

  • 0

#15
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01
Ran by Mary Jo (administrator) on MARYJO-PC on 30-08-2014 13:37:15
Running from C:\Users\Mary Jo\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [81920 2007-02-13] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2007-11-28] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-12-07] (Apple Computer, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-02-10] (RealNetworks, Inc.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3059233835-3353280660-999596595-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-09-25] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe (Creative Home)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Mary Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.accessnorthga.com/
SearchScopes: HKLM - {4142FB87-24E0-4BC9-92C3-3065E33EEE36} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKLM - {41B359D3-69B3-49EA-9AD1-ECF6847CE104} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {41B359D3-69B3-49EA-9AD1-ECF6847CE104} URL = http://www.ask.com/w...}&l=dis&o=uscqd
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 24.159.64.23 66.189.0.100

FireFox:
========
FF ProfilePath: C:\Users\Mary Jo\AppData\Roaming\Mozilla\Firefox\Profiles\8qeltcfb.default
FF Homepage: hxxp://www.accessnorthga.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010-02-10]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-19] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2007-11-28] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 13:37 - 2014-08-30 13:38 - 00014133 _____ () C:\Users\Mary Jo\Downloads\FRST.txt
2014-08-30 13:36 - 2014-08-30 13:37 - 00000000 ____D () C:\FRST
2014-08-30 13:35 - 2014-08-30 13:35 - 01095680 _____ (Farbar) C:\Users\Mary Jo\Downloads\FRST.exe
2014-08-29 20:06 - 2014-08-29 20:06 - 00002228 _____ () C:\mbam2.txt
2014-08-29 20:06 - 2014-08-29 20:06 - 00002228 _____ () C:\mbam1.txt
2014-08-29 16:07 - 2014-08-29 16:07 - 00854417 _____ () C:\Users\Mary Jo\Downloads\SecurityCheck.exe
2014-08-29 16:04 - 2014-08-29 16:04 - 00001690 _____ () C:\MBAM.txt
2014-08-29 13:23 - 2014-08-29 13:23 - 00000000 ____D () C:\Program Files\ESET
2014-08-29 13:18 - 2014-08-29 13:20 - 02347384 _____ (ESET) C:\Users\Mary Jo\Downloads\esetsmartinstaller_enu(1).exe
2014-08-29 13:15 - 2014-08-29 13:16 - 02347384 _____ (ESET) C:\Users\Mary Jo\Downloads\esetsmartinstaller_enu.exe
2014-08-29 12:34 - 2014-08-29 12:34 - 00001059 _____ () C:\mam1.txt
2014-08-29 12:08 - 2014-08-30 11:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 12:05 - 2014-08-29 12:05 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 12:05 - 2014-08-29 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-29 12:05 - 2014-08-29 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-29 12:05 - 2014-08-29 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-29 12:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-29 12:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-29 12:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-29 12:01 - 2014-08-29 12:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mary Jo\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:38 - 2014-08-28 14:45 - 00000000 ____D () C:\AdwCleaner
2014-08-28 14:30 - 2014-08-28 14:30 - 00005317 _____ () C:\Users\Mary Jo\Desktop\JRT.txt
2014-08-28 14:22 - 2014-08-28 14:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\_OTL
2014-08-28 09:17 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:17 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:52 - 2014-08-27 15:52 - 00034630 _____ () C:\Users\Mary Jo\Downloads\Extras.Txt
2014-08-27 15:49 - 2014-08-27 15:49 - 00046020 _____ () C:\Users\Mary Jo\Downloads\OTL.Txt
2014-08-27 15:27 - 2014-08-27 15:27 - 00602112 _____ (OldTimer Tools) C:\Users\Mary Jo\Desktop\OTL.exe
2014-08-16 10:27 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 10:27 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 10:27 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 10:26 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:09 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:09 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 16:09 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:09 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:09 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:09 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 16:09 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:08 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:08 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:08 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:08 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:08 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:08 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:08 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:08 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:08 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:08 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:08 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:08 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:08 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:08 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:08 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:08 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:08 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:08 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:08 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:08 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 16:08 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:08 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 13:38 - 2014-08-30 13:37 - 00014133 _____ () C:\Users\Mary Jo\Downloads\FRST.txt
2014-08-30 13:37 - 2014-08-30 13:36 - 00000000 ____D () C:\FRST
2014-08-30 13:35 - 2014-08-30 13:35 - 01095680 _____ (Farbar) C:\Users\Mary Jo\Downloads\FRST.exe
2014-08-30 13:22 - 2009-12-25 14:27 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-30 13:17 - 2009-11-08 05:08 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-08-30 13:14 - 2012-03-29 12:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 13:10 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 13:10 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 12:59 - 2007-07-13 11:49 - 02069125 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 11:19 - 2014-08-29 12:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 09:11 - 2009-12-25 14:27 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 09:10 - 2007-06-28 04:47 - 00249440 _____ () C:\Windows\PFRO.log
2014-08-30 09:10 - 2007-06-28 04:44 - 00000000 ____D () C:\Windows\SMINST
2014-08-30 09:10 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 23:17 - 2006-11-02 08:58 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-29 20:06 - 2014-08-29 20:06 - 00002228 _____ () C:\mbam2.txt
2014-08-29 20:06 - 2014-08-29 20:06 - 00002228 _____ () C:\mbam1.txt
2014-08-29 16:07 - 2014-08-29 16:07 - 00854417 _____ () C:\Users\Mary Jo\Downloads\SecurityCheck.exe
2014-08-29 16:04 - 2014-08-29 16:04 - 00001690 _____ () C:\MBAM.txt
2014-08-29 13:23 - 2014-08-29 13:23 - 00000000 ____D () C:\Program Files\ESET
2014-08-29 13:20 - 2014-08-29 13:18 - 02347384 _____ (ESET) C:\Users\Mary Jo\Downloads\esetsmartinstaller_enu(1).exe
2014-08-29 13:16 - 2014-08-29 13:15 - 02347384 _____ (ESET) C:\Users\Mary Jo\Downloads\esetsmartinstaller_enu.exe
2014-08-29 12:42 - 2014-08-29 12:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mary Jo\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 12:34 - 2014-08-29 12:34 - 00001059 _____ () C:\mam1.txt
2014-08-29 12:05 - 2014-08-29 12:05 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 12:05 - 2014-08-29 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-29 12:05 - 2014-08-29 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-29 12:05 - 2014-08-29 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-28 14:45 - 2014-08-28 14:38 - 00000000 ____D () C:\AdwCleaner
2014-08-28 14:30 - 2014-08-28 14:30 - 00005317 _____ () C:\Users\Mary Jo\Desktop\JRT.txt
2014-08-28 14:22 - 2014-08-28 14:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\_OTL
2014-08-28 09:48 - 2006-11-02 08:44 - 00497384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 15:52 - 2014-08-27 15:52 - 00034630 _____ () C:\Users\Mary Jo\Downloads\Extras.Txt
2014-08-27 15:49 - 2014-08-27 15:49 - 00046020 _____ () C:\Users\Mary Jo\Downloads\OTL.Txt
2014-08-27 15:27 - 2014-08-27 15:27 - 00602112 _____ (OldTimer Tools) C:\Users\Mary Jo\Desktop\OTL.exe
2014-08-27 15:14 - 2007-06-28 03:57 - 00008929 _____ () C:\ProgramData\hpzinstall.log
2014-08-22 21:03 - 2014-08-28 09:17 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:26 - 2014-08-28 09:17 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:50 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-16 12:33 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-08-16 12:04 - 2006-11-02 06:33 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 11:20 - 2007-06-28 04:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 11:18 - 2013-07-30 08:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 10:37 - 2006-11-02 06:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-31 09:24 - 2012-05-31 21:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Mary Jo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 09:17

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014 01
Ran by Mary Jo at 2014-08-30 13:38:55
Running from C:\Users\Mary Jo\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_Scan (Version: 82.0.203.000 - Hewlett-Packard) Hidden
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DictionaryBoss Firefox Toolbar (HKLM\...\DictionaryBossbar Uninstall Firefox) (Version:  - Mindspark Interactive Network) <==== ATTENTION
DJ_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 82.0.203.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Hallmark Card Studio 2011 (HKLM\...\{62687EAC-F27D-49AC-A0E2-3899B0459113}) (Version: 12.0.4.5 - Hallmark Software)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet All-In-One Software 8.0 (HKLM\...\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}) (Version: 8.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Photosmart Essential2.5 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Support Solutions Framework (HKLM\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM\...\{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}) (Version: 1.1.17 - Hewlett-Packard)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.005 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 Trial (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1701 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-08-2014 13:56:29 Scheduled Checkpoint
23-08-2014 13:21:19 Scheduled Checkpoint
23-08-2014 14:06:27 Windows Update
24-08-2014 15:37:14 Scheduled Checkpoint
25-08-2014 16:28:33 Scheduled Checkpoint
26-08-2014 16:14:11 Scheduled Checkpoint
26-08-2014 17:16:11 Windows Update
27-08-2014 13:41:57 Scheduled Checkpoint
27-08-2014 16:42:49 Configured Microsoft Office Home and Student 2007 Trial
27-08-2014 17:00:29 Configured Microsoft Office Home and Student 2007 Trial
28-08-2014 13:15:07 Windows Update
28-08-2014 17:42:44 OTL Restore Point - 8/28/2014 1:41:46 PM
29-08-2014 13:38:08 Scheduled Checkpoint
29-08-2014 16:57:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-08-28 13:55 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2DB3511D-9FB0-40B1-A306-5613723953BC} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3807279A-615A-479A-B538-9BF61D567AD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {3EE5FACF-6E51-4C77-9B83-98D59F5B2FED} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {92C03EA5-2155-483C-B1A0-A37600A26939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-25] (Google Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {B7A485EE-D2FF-43D0-BF19-317459407A9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-25] (Google Inc.)
Task: {C33BB65A-5A99-4730-B029-5626022EF452} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-18] (Google)
Task: {CDB1A0E2-2343-4AB1-B4D0-CAE90C916ED7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Mary Jo => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-30 12:31 - 2014-07-30 12:32 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 17:17 - 2014-07-08 17:17 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP