Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with removal of Boot.Tisderv [Solved]


  • This topic is locked This topic is locked

#1
Kuripi

Kuripi

    New Member

  • Member
  • Pip
  • 7 posts
Hello, recently Norton has detected Boot.Tidserv every time I start up my computer. I do not know how or when I acquired it (I think somewhere between 2-3 days ago). The only thing that I have noticed so far is that sometimes when I click on my desktop, after restarting my computer, my cursor turns into the loading one, and stays like that for a long amount of time (I think that may be due to some other reason though). My OS is Windows 7 and currently I am using Norton Internet Security.
Before posting this topic I have tried to fix it on my own.
I have used (in no particular order):
  • Norton: FixTDSS and Norton Power Eraser - Both did not detect anything that was harmful to my computer.
  • Kapersky: TDSSKiller - That did not find anything that seemed threatening.
  • Kapersky: Virus Removal Tool - I haven't actually completed the scan for this yet due to it crashing every time.
  • Malwarebyte Anti-Malware - I don't remember clearly but I believe it said that it didn't find anything with quickscan. *Update* Full scan showed no malicious items.
  • Rkill - My friend recommended this to me, but I still couldn't remove Boot.tidserv after using it.
Any help would be appreciated. Thank you very much.

OTL Log:

OTL logfile created on: 29/01/2013 8:25:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.99 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 64.78% Memory free
17.98 Gb Paging File | 14.68 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.44 Gb Total Space | 492.07 Gb Free Space | 53.64% Space Free | Partition Type: NTFS
Drive D: | 14.07 Gb Total Space | 1.98 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2013/01/28 22:09:30 | 000,717,768 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\Temp\RarSFX6\0377031.exe
PRC - [2013/01/28 22:09:25 | 000,458,208 | ---- | M] (Kaspersky Lab) -- C:\Users\Jennifer\AppData\Local\Temp\9768796\0377031.exe
PRC - [2013/01/28 11:09:15 | 159,056,520 | ---- | M] () -- C:\Users\Jennifer\Desktop\setup_11.0.0.1245.x01_2013_01_28_22_08.exe
PRC - [2013/01/20 11:29:18 | 028,539,272 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/18 18:57:06 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/08 23:05:13 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/12/04 17:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/11/14 19:50:22 | 000,312,376 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/12/21 00:07:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/29 21:09:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/17 14:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/10 07:14:00 | 000,275,816 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/30 16:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/08/07 21:03:41 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 22:09:30 | 000,717,768 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\Temp\RarSFX6\0377031.exe
MOD - [2013/01/28 11:09:15 | 159,056,520 | ---- | M] () -- C:\Users\Jennifer\Desktop\setup_11.0.0.1245.x01_2013_01_28_22_08.exe
MOD - [2013/01/18 18:57:06 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/08 23:05:13 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\wincfi39.dll
MOD - [2010/07/25 01:37:37 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\81ca3fe3628418a3e9e6cd792a828cdd\IAStorUtil.ni.dll
MOD - [2010/07/04 07:36:13 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ffc1f675cecc8a8bc253aa87ec94662f\WindowsBase.ni.dll
MOD - [2009/08/28 12:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 20:56:03 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/13 20:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/13 20:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 20:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 20:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 20:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/13 20:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 20:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2008/08/07 21:03:41 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 08:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013/01/18 18:57:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/17 20:47:32 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/08 23:05:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/12/04 17:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/15 14:49:36 | 000,674,912 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2010/12/21 00:07:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/19 11:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/12/29 21:09:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 14:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/11/11 20:34:59 | 000,069,632 | ---- | M] (SAS Institute Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe -- (JMP License Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/30 16:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/29 07:36:31 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311)
DRV:64bit: - [2013/01/28 22:08:32 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\41268993.sys -- (41268993)
DRV:64bit: - [2013/01/22 21:05:25 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/08 17:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 17:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 17:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/06 18:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 17:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/20 11:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/24 21:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/11/14 19:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/18 17:10:39 | 000,015,768 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSUKD25.SYS -- (JRSUKD25)
DRV:64bit: - [2011/06/18 17:10:39 | 000,012,824 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSKD24.SYS -- (JRSKD24)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/17 14:18:51 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/08/12 18:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2005/04/12 04:21:52 | 000,029,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV - [2013/01/23 21:46:50 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130129.005\ex64.sys -- (NAVEX15)
DRV - [2013/01/23 21:46:50 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130129.005\eng64.sys -- (NAVENG)
DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130126.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/20 13:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/23 10:23:24] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/29 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FBF137DA-1049-4253-B6FD-D2CD1F865BCD}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{C8C3B06C-EDA5-407D-9AE0-82A6B2C08ADE}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{FBF137DA-1049-4253-B6FD-D2CD1F865BCD}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKLM\..\SearchScopes\{C8C3B06C-EDA5-407D-9AE0-82A6B2C08ADE}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{FBF137DA-1049-4253-B6FD-D2CD1F865BCD}: "URL" = http://search.live.c...ms}&FORM=HPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {FBF137DA-1049-4253-B6FD-D2CD1F865BCD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{C8C3B06C-EDA5-407D-9AE0-82A6B2C08ADE}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{FBF137DA-1049-4253-B6FD-D2CD1F865BCD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox"
FF - prefs.js..extensions.enabledAddons: hypem%40downloader.com:2.4
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/01/29 07:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 10:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/22 08:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/01/22 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 18:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 18:57:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 18:57:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 18:57:04 | 000,000,000 | ---D | M]

[2009/12/31 18:53:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
[2013/01/26 12:20:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions
[2010/07/09 17:11:17 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 15:18:56 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/15 04:17:41 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/04/13 16:10:09 | 000,000,000 | -H-D | M] (Gradient iCool) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/03/15 04:17:41 | 000,000,000 | -H-D | M] (Personas) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\[email protected]
[2012/10/03 15:23:19 | 000,033,474 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\[email protected]
[2012/12/05 18:49:29 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013/01/05 00:07:18 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/23 20:51:59 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/07 15:57:42 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/13 01:03:26 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/01/26 12:20:24 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/03/28 16:02:46 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/10/17 14:45:17 | 000,000,929 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\searchplugins\conduit.xml
[2013/01/18 18:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/18 18:57:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/18 18:57:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/02/21 02:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/08/30 00:04:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 23:15:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: Google Drive = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AVG Safe Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: AVG Do Not Track = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/06/05 16:58:28 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jennifer\AppData\Local\Akamai\netsession_win.exe ()
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPS2OneNote.lnk = C:\Users\Jennifer\AppData\Roaming\Microsoft\Installer\{647CF927-A933-49E5-BE23-7493806DE280}\_2B61F327AF75D68B1BB476.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_28077654.lnk = C:\Users\Jennifer\AppData\Local\Temp\_uninst_28077654.bat ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_41268993.lnk = C:\Users\Jennifer\AppData\Local\Temp\_uninst_41268993.bat ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67340612.lnk = C:\Users\Jennifer\AppData\Local\Temp\_uninst_67340612.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Evernote - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fishbattle.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} https://members.hang...KKeyProInst.cab (CKKeyPro Crypto support Class (CKNhnInst))
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://c9.hangame.co...anSetup1040.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10AB1D31-B99B-4BCD-ACB7-C8B37914396C}: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D470F0A6-D9E2-41F2-A5C4-7F1663BD168E}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d5c91309-37a9-11e0-b9e4-0026183e20c4}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c91309-37a9-11e0-b9e4-0026183e20c4}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{d5c91309-37a9-11e0-b9e4-0026183e20c4}\Shell\setup\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 08:24:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2013/01/29 07:46:46 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\41268993.sys
[2013/01/29 07:36:31 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/01/29 07:28:35 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\FixTDSS.exe
[2013/01/29 07:05:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\rkill
[2013/01/29 07:05:20 | 000,958,368 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill64.exe
[2013/01/29 07:03:46 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill.exe
[2013/01/29 03:09:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/29 03:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/29 03:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/29 03:08:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/29 03:07:21 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jennifer\Desktop\TDSSKiller.exe
[2013/01/29 02:52:56 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\NPE.exe
[2013/01/28 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\pctsGui
[2013/01/28 19:46:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\PC Tools
[2013/01/28 19:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013/01/28 19:33:25 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013/01/28 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/01/28 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/01/28 19:32:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\TestApp
[2013/01/28 19:31:04 | 004,166,104 | ---- | C] (PC Tools) -- C:\Users\Jennifer\Desktop\PCTools_Safe_Install_IS.exe
[2013/01/28 11:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/28 10:30:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\NPE
[2013/01/28 10:23:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Programs
[2013/01/22 22:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/22 22:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/22 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Symantec
[2013/01/18 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/30 20:57:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\DragonSaga
[2012/12/30 20:51:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\DragonSaga
[2012/12/30 19:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jennifer\*.tmp files -> C:\Users\Jennifer\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/29 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2013/01/29 08:07:00 | 000,000,912 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1000UA.job
[2013/01/29 08:05:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 08:02:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1001UA.job
[2013/01/29 07:47:38 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 07:47:38 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 07:47:20 | 000,001,014 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_41268993.lnk
[2013/01/29 07:43:03 | 000,000,920 | ---- | M] () -- C:\{3F531351-F57D-4BC3-9B34-4DAD9CBA2314}
[2013/01/29 07:38:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 07:38:01 | 2945,785,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 07:36:31 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/01/29 07:28:35 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\FixTDSS.exe
[2013/01/29 07:05:20 | 000,958,368 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill64.exe
[2013/01/29 07:03:49 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill.exe
[2013/01/29 03:31:03 | 000,001,014 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67340612.lnk
[2013/01/29 03:25:59 | 000,000,920 | ---- | M] () -- C:\{D316859A-F1A3-4461-820A-A4F2A757FD5B}
[2013/01/29 03:09:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 03:07:09 | 002,195,061 | ---- | M] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2013/01/29 02:52:57 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\NPE.exe
[2013/01/28 22:08:32 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\41268993.sys
[2013/01/28 22:07:00 | 000,000,860 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1000Core.job
[2013/01/28 19:45:22 | 001,298,981 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/01/28 19:45:22 | 001,143,965 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB
[2013/01/28 17:02:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1001Core.job
[2013/01/28 11:10:45 | 000,001,014 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_28077654.lnk
[2013/01/28 11:09:15 | 159,056,520 | ---- | M] () -- C:\Users\Jennifer\Desktop\setup_11.0.0.1245.x01_2013_01_28_22_08.exe
[2013/01/24 21:04:15 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021
[2013/01/23 21:35:22 | 000,001,057 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/23 21:35:16 | 000,001,031 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk
[2013/01/23 21:03:10 | 000,002,384 | ---- | M] () -- C:\Users\Jennifer\Desktop\Google Chrome.lnk
[2013/01/22 21:05:25 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/22 21:05:25 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/22 21:05:25 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/20 02:19:10 | 000,355,761 | ---- | M] () -- C:\Users\Jennifer\Desktop\so troll.jpg
[2013/01/18 21:10:07 | 000,001,833 | -H-- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/14 20:58:35 | 000,001,568 | ---- | M] () -- C:\Users\Jennifer\Desktop\Windows Media Player.lnk
[2013/01/10 14:06:37 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/09 23:44:09 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\isolate.ini
[2013/01/09 03:03:58 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jennifer\*.tmp files -> C:\Users\Jennifer\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/29 07:47:20 | 000,001,014 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_41268993.lnk
[2013/01/29 07:43:03 | 000,000,920 | ---- | C] () -- C:\{3F531351-F57D-4BC3-9B34-4DAD9CBA2314}
[2013/01/29 03:31:03 | 000,001,014 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67340612.lnk
[2013/01/29 03:25:59 | 000,000,920 | ---- | C] () -- C:\{D316859A-F1A3-4461-820A-A4F2A757FD5B}
[2013/01/29 03:09:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 03:07:12 | 002,195,061 | ---- | C] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2013/01/28 19:33:35 | 001,298,981 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/01/28 11:10:45 | 000,001,014 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_28077654.lnk
[2013/01/28 11:07:38 | 159,056,520 | ---- | C] () -- C:\Users\Jennifer\Desktop\setup_11.0.0.1245.x01_2013_01_28_22_08.exe
[2013/01/20 02:18:58 | 000,355,761 | ---- | C] () -- C:\Users\Jennifer\Desktop\so troll.jpg
[2013/01/14 20:58:35 | 000,001,568 | ---- | C] () -- C:\Users\Jennifer\Desktop\Windows Media Player.lnk
[2012/12/18 17:09:11 | 000,027,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\dt.dat
[2012/12/07 14:11:22 | 000,000,210 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/06 21:46:00 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\5E97.exe
[2012/06/08 18:21:21 | 000,000,048 | ---- | C] () -- C:\Users\Jennifer\jagex_cl_runescape_LIVE2.dat
[2012/06/08 18:10:26 | 000,000,048 | ---- | C] () -- C:\Users\Jennifer\jagex_cl_runescape_LIVE1.dat
[2012/06/08 18:06:35 | 000,000,047 | ---- | C] () -- C:\Users\Jennifer\jagex_cl_runescape_LIVE.dat
[2011/12/30 14:47:47 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~FCo2LaVombtttg
[2011/12/30 14:47:47 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~FCo2LaVombtttgr
[2011/12/09 16:01:01 | 000,000,653 | -H-- | C] () -- C:\Users\Jennifer\Libraries - Shortcut.lnk
[2011/10/13 12:30:24 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/09 22:08:50 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/06/09 22:08:50 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/05/30 22:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/30 22:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/05/12 00:23:14 | 000,579,440 | ---- | C] () -- C:\Windows\SysWow64\NJUninst.exe
[2011/04/20 15:52:57 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/30 23:57:55 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011/03/18 06:39:08 | 000,000,111 | -H-- | C] () -- C:\Users\Jennifer\webct_upload_applet.properties
[2010/12/09 01:35:26 | 000,690,045 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmpIMAGEFROMCAMSCANNER.0
[2010/12/09 01:35:26 | 000,659,071 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmpIMAGEFROMCAMSCANNER.JPG
[2010/10/22 17:23:31 | 000,086,004 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.4
[2010/10/22 17:23:31 | 000,084,742 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.3
[2010/10/22 17:23:30 | 000,082,990 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.2
[2010/10/22 17:23:29 | 000,081,514 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.1
[2010/10/22 17:23:26 | 000,283,924 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.0
[2010/10/22 17:23:26 | 000,081,514 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.JPG
[2010/07/09 04:07:18 | 000,000,096 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\fusioncache.dat
[2010/05/03 18:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/23 20:48:39 | 000,000,322 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/02/18 00:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/02/17 23:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/17 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.minecraft
[2010/02/07 02:15:08 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\acccore
[2012/12/13 15:44:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\AVG2013
[2012/10/17 14:34:28 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Azureus
[2010/11/27 13:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\BITS
[2011/06/09 22:28:08 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\BugTrap Console Test108
[2011/06/05 20:50:45 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ClientKeeper
[2011/02/14 01:14:51 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\DAEMON Tools Lite
[2010/12/11 00:14:21 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\DFO Control Panel
[2012/12/30 20:51:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\DragonSaga
[2013/01/29 07:39:35 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2010/11/27 13:26:03 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\FlashGet
[2010/11/27 13:26:01 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\FlashGetBHO
[2011/07/10 17:42:33 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\go
[2011/12/23 22:39:37 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\GrabPro
[2012/03/18 18:26:34 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ijjigame
[2011/11/26 01:38:47 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Leawo
[2010/10/04 18:05:13 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\LolClient
[2012/05/23 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LolClient2
[2010/12/10 22:36:15 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\NeopleLauncherDFO
[2013/01/29 03:20:13 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Orbit
[2013/01/28 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\pctsGui
[2011/12/22 16:38:22 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ProgSense
[2012/09/20 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\runic games
[2010/12/11 23:29:06 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Softland
[2010/03/13 02:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Spyware Terminator
[2010/12/13 15:51:59 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Subversion
[2012/02/11 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TeamViewer
[2009/12/31 18:53:26 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2013/01/28 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TestApp
[2011/11/28 22:34:26 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\TS3Client
[2011/06/08 00:01:58 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ts3overlay
[2012/12/13 14:14:46 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TuneUp Software
[2010/02/15 18:08:28 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BEB15613
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D06A4C76
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extra Log:

OTL Extras logfile created on: 29/01/2013 8:25:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.99 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 64.78% Memory free
17.98 Gb Paging File | 14.68 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.44 Gb Total Space | 492.07 Gb Free Space | 53.64% Space Free | Partition Type: NTFS
Drive D: | 14.07 Gb Total Space | 1.98 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Jennifer\Desktop\Chris\FlashGet\FlashGet3.exe" = C:\Users\Jennifer\Desktop\Chris\FlashGet\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Jennifer\Desktop\Chris\FlashGet\FlashGet3.exe" = C:\Users\Jennifer\Desktop\Chris\FlashGet\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{121D89EB-7190-4C3E-A4F2-6684A58991D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{132D99BE-2CBF-462B-A1DA-CDF6622B76C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{135368D4-0517-43A1-B55D-B5A42F942366}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{187A56A7-FFED-4B09-9B77-BB015D250752}" = rport=137 | protocol=17 | dir=out | app=system |
"{1A72849C-5A9E-4412-BA7A-7FEF74242C82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DDDCF1F-DB09-4074-A44C-CC318D0516B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{20482B63-96A5-4D72-A4ED-52C8777290AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A6FF319-B112-4FBB-BCFA-B2D69678164E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DD72A50-3941-412B-8B67-FE6F64542A1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F118126-15C6-40C9-812C-4093E1396C33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3525A0AC-E943-47F4-B491-A980910D9AC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{387DE498-429F-4654-86E6-01D947370515}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{459784AC-9644-4B1D-B1EE-5B51C5E6B8E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48260FDC-363B-4260-BBB9-C71335DC908E}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F2E8F2F-6A39-4C4F-8E76-A41EFEAF1A7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5138D001-B747-441F-BBF3-20137576484B}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{5DF4C100-0462-4A01-BBFC-C752546804E3}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{5E973CD4-59F0-4A48-BC5B-BB211F8F9AA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62EB1B6B-C076-4ACF-9162-5C3BFCE65774}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{660DDB5B-021F-493A-A5DB-39101A3BBF65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68099FA2-E564-470B-BED1-9D2515C02F38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7452EFCE-2064-4234-B66C-21B6EAA6E9DD}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{79917D07-44F6-48DA-921A-5AF9EEBFFCC1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{866AA6A2-00AE-46AA-87A6-03351225360F}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8CB7B539-E857-427C-B3DE-3C1043E3A494}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F888ADE-0FA5-4973-B404-D768CF00FA42}" = rport=138 | protocol=17 | dir=out | app=system |
"{9C5BD8BC-A135-4CF3-9BCC-CEB7F83FFB07}" = rport=139 | protocol=6 | dir=out | app=system |
"{A3933EBD-B701-4A87-99A5-EF266124C5E4}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{A8E5ED5C-C047-4AC9-9DF1-DD2D06D76BA2}" = lport=137 | protocol=17 | dir=in | app=system |
"{B25F7F53-96FB-4F65-9693-4AA503F0B3C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{B3B20125-B3ED-4CFA-B3A7-FE11ACD0658E}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{CD60B751-A7A7-4D1A-AC2E-9AD6C0BD1368}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5E86E7E-37FB-449A-8C82-821CE7467513}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E13E51BB-68B5-4366-83FE-93538F6D2829}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{EFF719BD-719B-471B-AFC0-6A3F3A96C18C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6338B58-C4E9-4D2C-B78D-4368068E1508}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003BB71A-A7AF-4125-A8C7-62F97B8D0DB2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{00EF3E2F-0632-4364-B11B-222E5A603B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{03E0ADF9-5AFD-4F1F-958B-F0A072503D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"{04E38277-3535-4DA7-A0D4-9F3E9229FBB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{099FF01F-5505-4F55-B95C-0B7E8FB38AC7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{0AE171F4-B7F9-4F0D-8780-15F936366F35}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{0B31E681-8D10-4159-B1D5-31741FCEA6DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{0C209718-89DC-4822-963A-AC117EF38186}" = protocol=17 | dir=in | app=k:\program files\ventrilo\ventrilo.exe |
"{0D347D65-51BA-4AA6-BE95-E16B11006E16}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{0FDE85D7-7CCE-43A4-A2F2-D07949AD46B5}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{10841E8B-0A13-4CB3-BCE6-A56D1B6A04C4}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{10846EAD-D4FE-427F-89C2-2D4B3EEE4D1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{10FF4C8A-780D-455E-93DE-EDE5005AFEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{12E61F18-1430-45EA-ADD9-D3F16E1D73AA}" = protocol=6 | dir=in | app=k:\program files\steam.exe |
"{14969BC1-AEA3-4BCA-8F98-7A433FC0AFD4}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{14FBB755-5E12-4A1E-84DD-CA865224DF6C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{15787427-4A56-4FE1-9B8B-586FA378991A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{15E2140A-225D-40C8-A43F-510FF9699CD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{160D280B-C794-4DA3-A514-57EDD81E3BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"{1B4C4B16-63DD-44F4-969D-FF53FF95B2E9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1BCF5D12-26C7-4289-8DF9-AA558FA6672F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"{1D73531C-6CAB-43DE-A469-9378CFA83E31}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{1DA0B1A8-71CA-4DF7-A9E4-4C498F70C14B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1DED22C4-AA98-47F4-AFE2-FB64A6DE7B88}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{1F762B7D-712F-4FDB-A1D1-47A4BB445449}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{2055AACE-8998-4BE5-9958-E1C5CCCE2022}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{208734CA-81FB-42D9-8F35-F7EF6ED8D7D4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{217E18FB-1A49-4B15-8F05-D4E2CFC545EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
"{21BBF590-CFFC-4953-B74F-0E7D957078C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2609E54E-30CD-484D-9160-FEBAEA6D4DD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2755511D-BAFF-4C02-B2C5-E38A80A67D09}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{281C47B3-E4C1-4917-83A4-834E9A160074}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2969E716-C016-4B14-965E-20D9B3766256}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{29A597CD-1639-4B95-93AD-E9F905F02CBD}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{2CBCDF1B-A136-447D-AC7A-B664A900332D}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{2D386448-8D18-4444-8ADC-A102FE8FF8BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{2FE180A5-073C-4762-BF3A-C123C62F5198}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3007B49A-B428-4E0D-BD40-5887919F4698}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{30217DF7-F581-4171-A457-913FBF5917D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{34F37C40-7DA0-4EE0-B6E4-65759684AF03}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\brite9100\counter-strike\hl.exe |
"{38541DEE-7068-4A49-9347-BC3E48DE6C05}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{38AC9035-09BA-49E6-B607-9AA947551F10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38B96F86-7C81-4F69-AD59-CAE97F664D7E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{399A2AB9-98C2-4223-BE00-3DA4D257D34D}" = protocol=6 | dir=in | app=k:\program files\riot games\league of legends\air\lolclient.exe |
"{3C0D6836-F794-4E81-90DD-F64E00DA1B6F}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{3C7AAB05-51F4-42D0-8797-ABA6A97B543E}" = protocol=17 | dir=in | app=k:\program files\steam.exe |
"{430FAD1C-69BE-4EA7-A63D-B6237D8F5473}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{45914172-E44A-4ECD-9F29-DD0BDE116944}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{464A71AC-6F55-4D1A-9A74-5E7DD5A5830C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{46882A6B-00BB-48E6-96AA-057235E070C3}" = protocol=17 | dir=in | app=k:\program files\riot games\league of legends\air\lolclient.exe |
"{4B080EAD-6C3E-4264-B44D-457888ED849A}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{4B2A3F28-8104-4F0A-8080-D915D0B62FC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B98394F-D276-4394-9428-9AAF8D96F09E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4BBB5DF4-0ED2-4925-814F-4C6B73DB072C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4CA44D60-69F9-4C1D-9324-17782116BB8D}" = protocol=17 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D68176A-D32C-419D-A16D-215F265658E1}" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"{5085AF6A-83AD-452C-98B4-62F4EE065F26}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{51CCF375-6ADA-4768-9F92-6FF6C4386156}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5206ED3B-240D-4589-B20C-3468B858BD72}" = protocol=17 | dir=in | app=k:\program files\riot games\league of legends\game\league of legends.exe |
"{531DB674-A31F-468B-B1B9-04715DC4B502}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5364A8D7-0F0F-43FA-9428-DF9B6DBF055B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{55DBF0C3-8BAD-4FBA-B06D-068AD35FD703}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{58FC3B95-C21B-47BA-A4B2-C344AA53648A}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{5ACC387D-618D-496D-BE96-39DAC9BB93C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B0A37DA-AF20-406D-BA17-256837D1C4AD}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5BD4B5D1-A243-4209-A897-B47C78CA9E98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CAA1E65-EBEC-421B-A986-8CD2A2A115D4}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{5D078759-974C-4722-89A0-2CF18E9E88D6}" = protocol=6 | dir=in | app=k:\program files\vindictus\en-us\nmservice.exe |
"{5DEF2F1A-0C41-4827-AAFE-D2DA1E9615DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5E966C8A-AB5C-4222-9FE7-C6D4DC461876}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{60A66260-33F7-4411-86C4-DC5850EEB5D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6164BE42-C1F1-47DC-A25D-9EF2DA3C1DA8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{62E84F96-4A1F-426D-99A6-E355F0FBD133}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65356012-2EAD-4E80-ACAB-DE9D5FDE6A3A}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\brite9100\counter-strike\hl.exe |
"{6716F851-92BE-4B9E-8172-CF206C196E16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"{6765FB94-8FF7-4CD0-BD3C-E92888A1AE2D}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{6778D77D-92F8-43EC-83B3-59D4B29BE079}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6A0E17ED-F7DB-4613-A197-EBCBFA0270D1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{6B2DA4D7-1F0C-4B28-8E73-2E455F819A18}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6C091675-C88F-4C0B-B337-3572735DFBC1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6C34C7D7-F38C-4413-B48D-96CAF888A7A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6E2857B9-2840-4CD5-A2E4-267D51C65B67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E687A8C-0C24-46B0-A456-E5BD8A62FA16}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6FA725BA-CBFC-4C51-AF3F-37ACED4BD73B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
"{703F20B9-98CB-4F1B-A08A-42D8A28874A3}" = protocol=6 | dir=in | app=c:\users\jennifer\desktop\crossfire_downloader.exe |
"{732255E0-7FA3-447E-B190-865E340F966F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{75B2B675-E634-47C4-B4D1-8AFC0EF173F1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{79599809-1ACA-4629-A405-80D17CCBBCC2}" = protocol=17 | dir=in | app=c:\users\jennifer\desktop\crossfire_downloader.exe |
"{7D2DE6F2-0C73-4B4B-AC20-2882B325F898}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{7DA95688-91BF-4FE1-89FB-1BBE1AAAF11B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7ED6FF1F-2F0C-4F1A-933E-B79709ED4DA6}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{8230C805-BD14-4C19-868A-B5D5322AC459}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{82AF1849-BCFE-472B-9576-AE1A9655E682}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{860C9199-ACFF-4210-800A-24CC691E9B7E}" = protocol=6 | dir=in | app=k:\program files\riot games\league of legends\game\league of legends.exe |
"{959725EE-8CC4-40C2-8F04-FAF762362CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{959A04B0-9FC0-4F58-A7E7-CAE058F0B688}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{96996E6C-1192-480D-8419-D608CC77227D}" = protocol=6 | dir=in | app=c:\program files (x86)\garena classic\garena.exe |
"{97846F17-5FDF-49DD-8F0D-11ECE4E45032}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{98FA53B3-ABA0-4124-B275-773155C392DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{994D68A1-70A7-431E-A848-CCD76EF3274A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{99FAF756-6707-4398-BE77-1913A79521DD}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{9C263458-9364-4BA2-B9F1-B668CACBA4DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CDC4F14-7625-4347-AE44-46CB334DA53A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9F6AB79E-261D-4381-AD96-5751F95F9D8D}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{9F6BC937-5EA1-4D11-8D8C-278F7A8AA3B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A1D20175-BD92-4B07-BE5A-DDD8C6B608CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{A281598A-CA25-4BCB-9C78-176BAE9687D2}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{A3627C13-2B88-4280-8A5D-E3ED32179102}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{A536FFDE-A6A4-433A-A846-160D7276AD69}" = protocol=6 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{A64C34AA-3ECF-4FBB-B40F-7B07D47F118A}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\magicka\magicka.exe |
"{A7DD396C-00AA-46CA-84B9-31C5EE4D9248}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7FABB15-5E6A-454A-AD2E-9707024A5BA2}" = protocol=17 | dir=in | app=c:\program files (x86)\garena classic\garena.exe |
"{A9F38A4D-A8C0-4D56-94A4-C3C8790265E8}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AA365034-D2FC-43E6-8BD5-4F86572DC7F2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD21D676-2907-4DAE-A5D9-79B68EEB03A9}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{AEAD1841-12EC-477D-A60A-290E84A20C6E}" = protocol=17 | dir=in | app=c:\sg interactive\grand chase\main.exe |
"{AECB22E1-25C6-4F73-BAE3-8BFD18B740EE}" = protocol=17 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{AEEDC2BF-C5B9-401C-96F3-43F6313133B4}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B0F1EA65-C691-4530-A680-93F39C80C2A9}" = protocol=6 | dir=in | app=c:\program files (x86)\cf downloader\cf downloader.exe |
"{B272FC4D-0A82-47E4-8E8D-1CBE881A622C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead rising 2\deadrising2.exe |
"{B2FD97FE-C347-4124-8605-B246E5CCED96}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B31D725A-FBC5-450D-9DA7-A57240AA345A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B3BED966-A976-4C4B-B92D-0F1ED074CB83}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B4333BB5-91D4-45D0-A6BC-5258E0ED71D2}" = protocol=6 | dir=out | app=system |
"{B491D651-458B-4094-ABF2-75A8D2498F51}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B5B80629-9F36-4297-B797-DF6924E0F053}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{B7520D9F-ED76-4E78-8A72-C522B68D83DD}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\magicka\magicka.exe |
"{B8DF7BBA-F0E1-43B5-A049-C9F867271733}" = protocol=6 | dir=in | app=k:\program files\ventrilo\ventrilo.exe |
"{B8F7C708-F71C-4189-B66B-D4753E01304D}" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{BA05A896-0A85-4196-B2D3-F30D6331DEA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead rising 2\deadrising2.exe |
"{BB0BE186-3AD1-4140-973C-4D0E43047321}" = protocol=6 | dir=in | app=c:\sg interactive\grand chase\main.exe |
"{BF7F0BE1-CC4A-4489-9331-D4F561EEA0F1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BF990E0C-2C8C-4B93-8921-C7650DA5394B}" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2801EA8-1F7C-480D-B973-385C5E15B917}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C4A82E61-1E46-4E6D-9D22-4D07C3E7DA24}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C557CE1E-F52B-490B-B3A6-546C44713814}" = protocol=6 | dir=in | app=c:\users\jennifer\desktop\vindictus\en-us\nmservice.exe |
"{C6D28EAF-B35F-46FB-8751-B966EB4104B2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C85A9B22-6B98-4BC6-B2A9-CE9C353430D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{CB162149-9EB3-4ED8-A614-474B8AD056E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD06A8B7-B0AD-4644-8AB7-40160756A1D0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CDCFB94C-0249-4BD2-92F4-A8E155B48832}" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{D093C013-4960-46E1-A19D-A74E4D0FF292}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{D18E7748-D6B0-48F0-B8C0-91DCD9379234}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D2380ADF-5BFC-42E3-9F26-F7BFE73E0E68}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{D2E94F18-93D2-40AC-BEBB-9814CEB4BA8A}" = protocol=17 | dir=in | app=k:\program files\vindictus\en-us\nmservice.exe |
"{D5858842-1344-48A8-970C-7FBF7E05D93B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D72E7984-2A40-4A7C-A5A5-DAF9E6C6F750}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D8953C88-B252-4F64-95EB-71847C3A3DEF}" = protocol=17 | dir=in | app=n:\games\touhou project\touhou project\th09 ~ phantasmagoria of flower view\kaei\adonise.exe |
"{DB888E7A-D2E6-4D77-A60E-A4FC92E06876}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{DECA2CFB-146E-4BA2-B9A4-4F4E01C9A0A4}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{DEE8763A-C8D7-45FD-BFF9-585E6CEBB60C}" = protocol=17 | dir=in | app=c:\program files (x86)\cf downloader\cf downloader.exe |
"{DFEEAC52-0883-497B-A406-49B0CDB066AC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E032DC76-D45E-43DD-9D31-09382ABA8ADE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E0CD28BC-A420-4B52-A069-EE7C7BB04E13}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{E1BEE44F-790A-4E53-8311-62C97711C1FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E6F798D4-416B-423D-8983-A1E8BFA8FE79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{E8F20F9F-A52D-47A0-8249-E38DBEA486BB}" = protocol=6 | dir=in | app=n:\games\touhou project\touhou project\th09 ~ phantasmagoria of flower view\kaei\adonise.exe |
"{EAEACCDB-AB61-4B68-948C-F24B08944C55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EB3691CC-A23E-449A-ACE6-3325DAE6A0E6}" = protocol=17 | dir=in | app=c:\users\jennifer\desktop\vindictus\en-us\nmservice.exe |
"{EB94C495-0E9E-4246-932C-945C30241CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{ED605FB1-B143-47C3-8E64-334B9CD8585D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{EEC5CBA5-2FAA-44AD-BFE9-1929EAC0E368}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F03751B0-BA09-46EC-B426-8D640B618351}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{F0EF898A-996C-4ECB-AA81-8065D4F4F3F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{F0FB114E-598E-4DCC-981D-76B113F91947}" = protocol=6 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"{F24BA107-D094-42BB-8E25-C4806E28FB51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{F252C18F-6E9D-4961-8304-E2320424C869}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F28BF848-4C72-41F3-B716-4847477A60EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2C85F86-96C2-4604-A7B2-CDC09FB1B1D3}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{F394BD97-06A5-4636-A7F5-6A825EE0CBE2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F4DE4ED9-F44E-453D-A621-0A71A23AB8D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F576C8C6-23B1-4BE0-9AE1-A788B74AC9C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{F5D2F1A0-8B0A-47DA-B410-CB1EE3B81816}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA2F43BB-B4B0-4CD7-A7C6-83E0D7E31656}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FAB9DADE-65E9-46CD-AFBB-0C3798F2F45B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FB674B8F-93DF-401A-90D3-D940265C637F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{FFE60179-9725-4C5F-A3A1-50616321CD24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{0377B8FC-80BE-42A0-8A1D-367E9508B559}K:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=k:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{04C02A58-FEDD-459F-AAC1-3E6A09D30FFC}C:\users\jennifer\desktop\chris\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\jennifer\desktop\chris\starcraft\starcraft.exe |
"TCP Query User{05DEA8F7-07B8-4C84-9ADE-13CAAF7CBF7E}K:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{15A795B9-BFE7-4081-88B0-D35D106E7A59}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{16C851D2-842B-4A4C-AB39-C0DE655AEF61}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{18907939-1E45-401C-BEFA-DAA0F56BF0D1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{30D8BD99-22B1-4393-85DA-E12F2E114A76}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{311E644C-063A-400E-A5DF-EAF70181E633}C:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{330EE07F-0255-4C92-B90B-4BFD9CB4E39F}K:\program files\steam\steam.exe" = protocol=6 | dir=in | app=k:\program files\steam\steam.exe |
"TCP Query User{421A90E5-3DCC-4CFC-A48F-F912E49067FE}C:\users\jennifer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\local\akamai\netsession_win.exe |
"TCP Query User{42BA3E96-2F72-4CAD-9621-2134FF6D2614}K:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=k:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{4BC5F152-ABEF-4825-B460-A51CA0CE4A1C}C:\users\jennifer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\local\akamai\netsession_win.exe |
"TCP Query User{52AA065F-70B5-4DCD-997F-6CAD71680A49}K:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe |
"TCP Query User{53305879-60B9-4EDB-A99A-5F3E1796EADB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{53427834-3679-4C26-9B55-04B366EDD5C0}K:\program files\steam\steam.exe" = protocol=6 | dir=in | app=k:\program files\steam\steam.exe |
"TCP Query User{6FC718E2-0B33-4C16-A52D-4D8A09FBB77E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{719B1F3A-FACD-4C0F-B84D-50B2B3445FF8}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{759696DD-A10D-4042-B963-A5B01D3C1890}K:\program files\steam\steamapps\brite9100\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\brite9100\zombie panic! source\hl2.exe |
"TCP Query User{8E360178-D61D-468D-AAC3-D846472F7BB4}K:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=k:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{91A41D94-28A3-4E16-9A6B-384268D35587}C:\nexon\maplestory\arcanems.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\arcanems.exe |
"TCP Query User{92D3B8A1-F998-4EDD-8B40-FC588701506D}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe |
"TCP Query User{9648F16E-50EC-4C4F-90F5-073439A26941}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{984B1BDD-B869-44EB-BF55-9E65DF1BD4E9}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{A4681131-75F7-4486-BF9F-8C5FFC664BDD}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{A7D607D2-BFD2-4195-8FE4-03F24222F24B}K:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe |
"TCP Query User{A888339D-09F9-4DC2-A825-5D3BE87DFDD4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{BD940455-8E2B-4D61-A25B-534761F71C47}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"TCP Query User{C4497476-8DCC-44D2-9FDD-B2A79F61E14C}C:\users\andrew\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\andrew\appdata\local\temp\gw2.exe |
"TCP Query User{C7569309-533E-4BD7-94FD-2E6D9E12B71C}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{CA3E70D1-0FE8-4BDA-984B-A5E6508D7798}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{DA8FD2E3-AE6F-4983-AB0A-40709230733D}N:\Games\touhou project\touhou project\th09 ~ phantasmagoria of flower view\kaei\th09e.exe" = protocol=6 | dir=in | app=n:\games\touhou project\touhou project\th09 ~ phantasmagoria of flower view\kaei\th09e.exe |
"TCP Query User{E99F56CD-56D6-4E69-9314-11FC59627B08}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"TCP Query User{E9CBFF88-0CF3-4B8B-A40A-3627A5CD4668}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{EA7BF8FF-2DE3-4BBC-91D4-6C0800D07419}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F66203C9-8183-4FC9-B222-1ABFB0DF9B42}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{FDF97973-22DB-40D5-9D46-1AAFAA39E651}K:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=k:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{034EBE0D-B041-4115-8BFD-DDD70D3CFFE8}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{073C3F1A-FBDF-46F7-85FE-378070F7F90F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{0CFE925A-D986-4BA4-A8F5-CDBBD5FB8523}K:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe |
"UDP Query User{0F9B81FC-8B6F-46AA-BFF1-7EACCF2E30A9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{13E32BD2-0C5E-41C3-8F54-20C678D78951}C:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1532C26D-6929-4672-8AF5-1F6C4990FA01}K:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{22528223-26CC-483E-B167-10B4F4CFB4E9}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{2CC0240A-247F-41AC-B630-8307C4C3D425}K:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=k:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{33FB15F6-BAEB-4390-A0E8-39611469F7DC}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"UDP Query User{4224E88E-6EE2-4ECA-8F5C-BFAF015927D0}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{4AAF60C3-988F-44BA-B074-FF31EB24DD97}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{51678012-C43E-4FBD-93B5-4106CEA2C4B0}C:\users\jennifer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{533D2484-BF52-4CC0-8813-0F8510663DEB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{608E3CA0-F1EC-431D-B140-444436067AD4}K:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\brite9100\team fortress 2\hl2.exe |
"UDP Query User{62601671-D64F-4506-A680-C492485DD299}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{67CBBEF2-8FB1-4417-97AA-66CC5B648E72}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{795F41B3-DE15-4E54-8C5C-95C5A86E0C5D}N:\Games\touhou project\touhou project\th09 ~ phantasmagoria of flower view\kaei\th09e.exe" = protocol=17 | dir=in | app=n:\games\touhou project\touhou project\th09 ~ phantasmagoria of flower view\kaei\th09e.exe |
"UDP Query User{7BE9D748-02CA-49AE-98BA-C0FA4454F22C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{840150FD-33E5-4A75-A134-A490452D1885}K:\program files\steam\steamapps\brite9100\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\brite9100\zombie panic! source\hl2.exe |
"UDP Query User{84ACE1D1-A6F5-4A39-AA7C-4B246C82B437}C:\users\andrew\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\andrew\appdata\local\temp\gw2.exe |
"UDP Query User{A2BE2771-58C9-4903-BE11-7481D713F56C}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{A5BA2675-DFB9-4B5F-8110-257E09C7A2D2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A8007836-3003-42A6-9E14-C5B441DB91BB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{AF6D78E8-6121-49A1-A315-BDEA8D5C764B}C:\nexon\maplestory\arcanems.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\arcanems.exe |
"UDP Query User{B21D776A-CCA2-434F-B023-5B8CF162BDDF}K:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=k:\program files\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{B567B4AE-E967-4131-B203-61C573E2255A}K:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=k:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{BC2B9803-566F-48A0-97F5-CAA8CE29B66B}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe |
"UDP Query User{C529E329-75BC-493A-A576-9B9BE98E189E}C:\users\jennifer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C99A6088-1D41-408C-92FA-14E5BAD24E6F}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"UDP Query User{D16E3A02-8BCD-40ED-A50F-99B148EC5B74}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{E8AEA343-00EB-425B-A35E-FD186888F089}C:\users\jennifer\desktop\chris\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\jennifer\desktop\chris\starcraft\starcraft.exe |
"UDP Query User{EBEE14C4-8D5D-4624-908D-8BACA455A667}K:\program files\steam\steam.exe" = protocol=17 | dir=in | app=k:\program files\steam\steam.exe |
"UDP Query User{EFA56934-06C2-4FED-8E06-8CB1A128B684}K:\program files\steam\steam.exe" = protocol=17 | dir=in | app=k:\program files\steam\steam.exe |
"UDP Query User{EFC0B988-710A-41E6-A244-7AADD12A37B3}K:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=k:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{FDD8EE5D-9FAD-41EC-8FF8-FC1C0DC99ED1}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{FFF8460B-B35D-4AD1-8A83-4A26BE9C62D5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{556A649F-72D2-4E41-A40C-794E0277AADB}" = System Requirements Lab CYRI
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{647CF927-A933-49E5-BE23-7493806DE280}" = XPS2OneNote
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70BA8212-E087-4992-8E65-9BE31944586F}" = JMP 7
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.6 Professional
"Adobe Acrobat 8 Professional_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Cross Fire_is1" = Cross Fire En
"Garena Classic 2011" = Garena Classic 2011
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft DirectX SDK (February 2010)" = Microsoft DirectX SDK (February 2010)
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.6" = Python 2.6 pywin32-212
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SD Gundam Capsule Fighter" = SD Gundam Capsule Fighter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 45740" = Dead Rising 2
"Steam App 49520" = Borderlands 2
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit
"Xfire" = Xfire (remove only)
"XiphQT" = Xiph QuickTime Components
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/01/2013 2:50:08 AM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/01/2013 6:56:50 AM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/01/2013 7:02:12 AM | Computer Name = Andrew-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 29/01/2013 7:03:55 AM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Dreamweaver.exe, version: 9.0.0.3481, time
stamp: 0x4600622f Faulting module name: Dreamweaver.exe, version: 9.0.0.3481, time
stamp: 0x4600622f Exception code: 0xc0000005 Fault offset: 0x0087aebd Faulting process
id: 0x18e4 Faulting application start time: 0x01cdfe104e722ac3 Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe Faulting
module path: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
Report
Id: 923b09e4-6a03-11e2-b5f7-0026183e20c4

Error - 29/01/2013 7:23:25 AM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/01/2013 9:02:23 AM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 0377031.exe, version: 11.0.0.1245, time
stamp: 0x4d936e61 Faulting module name: avs.ppl, version: 11.0.0.1245, time stamp:
0x4d937058 Exception code: 0xc0000005 Fault offset: 0x00027969 Faulting process id:
0xbd0 Faulting application start time: 0x01cdfe141f3102f7 Faulting application path:
C:\Users\Jennifer\AppData\Local\Temp\8713169\0377031.exe Faulting module path: C:\Users\Jennifer\AppData\Local\Temp\8713169\avs.ppl
Report
Id: 1efac1dd-6a14-11e2-b2ec-0026183e20c4

Error - 29/01/2013 9:56:54 AM | Computer Name = Andrew-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 29/01/2013 9:57:48 AM | Computer Name = Andrew-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Python\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 29/01/2013 11:33:12 AM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/01/2013 11:40:09 AM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 02/02/2012 2:27:35 PM | Computer Name = Andrew-PC | Source = MCUpdate | ID = 0
Description = 10:27:35 AM - Error connecting to the internet. 10:27:35 AM - Unable
to contact server..

Error - 02/02/2012 2:27:44 PM | Computer Name = Andrew-PC | Source = MCUpdate | ID = 0
Description = 10:27:40 AM - Error connecting to the internet. 10:27:40 AM - Unable
to contact server..

Error - 17/05/2012 2:42:05 PM | Computer Name = Andrew-PC | Source = MCUpdate | ID = 0
Description = 11:42:04 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ OSession Events ]
Error - 09/12/2009 11:46:05 PM | Computer Name = Andrew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21488
seconds with 9780 seconds of active time. This session ended with a crash.

Error - 10/08/2010 8:09:25 AM | Computer Name = Andrew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/08/2010 7:57:54 PM | Computer Name = Andrew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/03/2011 11:53:26 PM | Computer Name = Andrew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 10:55:11 PM | Computer Name = Andrew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/10/2011 8:30:17 PM | Computer Name = Andrew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/01/2013 2:49:36 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 29/01/2013 6:55:42 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 29/01/2013 6:55:46 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 29/01/2013 7:02:38 AM | Computer Name = Andrew-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007371b: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 and
Windows Server 2008 R2 for x64-based Systems (KB982526).

Error - 29/01/2013 7:22:48 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 29/01/2013 7:22:50 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 29/01/2013 11:32:44 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 29/01/2013 11:32:46 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 29/01/2013 11:38:48 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 29/01/2013 11:38:51 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.


< End of report >

Edited by Kuripi, 29 January 2013 - 01:27 PM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Kuripi, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Thank you for the logs. I am in the process of analyzing them, but the first thing we need to address is the number of AntiVirus programs on the system.

I see that you have more than one anti-virus program installed and running. You should only have one anti-virus program installed and running. Anti-virus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more anti-virus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS anti-virus protection.

You currently have Norton Internet Security and AVG 2013 running at the same time. And you also still have remnants of AVG 2012 left on the system.
Please let me know which AV you want to continue with (from your post, I'm assuming it's Norton) and we will remove the others.

I also want to look at the TDSSKiller log that the scan should have produced.
TDSSKiller creates the report in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply
  • 0

#3
Kuripi

Kuripi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much godawgs! Thank you for informing me about Anti-viral protection, and yes I would like to keep Norton. As for the TDSSKiller log, I'm assuming that I can just copy/paste the latest report

TDSSKiller Log:

09:10:09.0495 2080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:10:10.0140 2080 ============================================================
09:10:10.0140 2080 Current date / time: 2013/01/29 09:10:10.0140
09:10:10.0140 2080 SystemInfo:
09:10:10.0140 2080
09:10:10.0140 2080 OS Version: 6.1.7600 ServicePack: 0.0
09:10:10.0140 2080 Product type: Workstation
09:10:10.0140 2080 ComputerName: ANDREW-PC
09:10:10.0140 2080 UserName: Jennifer
09:10:10.0140 2080 Windows directory: C:\Windows
09:10:10.0140 2080 System windows directory: C:\Windows
09:10:10.0140 2080 Running under WOW64
09:10:10.0140 2080 Processor architecture: Intel x64
09:10:10.0140 2080 Number of processors: 8
09:10:10.0140 2080 Page size: 0x1000
09:10:10.0140 2080 Boot type: Normal boot
09:10:10.0140 2080 ============================================================
09:10:11.0185 2080 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:10:11.0210 2080 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:10:11.0225 2080 ============================================================
09:10:11.0225 2080 \Device\Harddisk0\DR0:
09:10:11.0225 2080 MBR partitions:
09:10:11.0225 2080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72AE0A95
09:10:11.0225 2080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72AE0AD4, BlocksNum 0x1C24EED
09:10:11.0225 2080 \Device\Harddisk1\DR1:
09:10:11.0225 2080 MBR partitions:
09:10:11.0225 2080 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
09:10:11.0225 2080 ============================================================
09:10:11.0325 2080 C: <-> \Device\Harddisk0\DR0\Partition1
09:10:12.0220 2080 D: <-> \Device\Harddisk0\DR0\Partition2
09:10:12.0230 2080 K: <-> \Device\Harddisk1\DR1\Partition1
09:10:12.0230 2080 ============================================================
09:10:12.0230 2080 Initialize success
09:10:12.0230 2080 ============================================================
09:10:23.0215 6232 ============================================================
09:10:23.0215 6232 Scan started
09:10:23.0215 6232 Mode: Manual; SigCheck; TDLFS;
09:10:23.0215 6232 ============================================================
09:10:30.0983 6232 ================ Scan system memory ========================
09:10:30.0983 6232 System memory - ok
09:10:30.0983 6232 ================ Scan services =============================
09:10:33.0588 6232 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
09:10:34.0119 6232 1394ohci - ok
09:10:34.0669 6232 [ E656FE10D6D27794AFA08136685A69E8 ] 41268993 C:\Windows\system32\DRIVERS\41268993.sys
09:10:35.0154 6232 41268993 - ok
09:10:35.0224 6232 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
09:10:35.0239 6232 ACPI - ok
09:10:35.0374 6232 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
09:10:35.0579 6232 AcpiPmi - ok
09:10:36.0179 6232 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
09:10:36.0194 6232 Adobe Version Cue CS3 - ok
09:10:37.0664 6232 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:10:37.0684 6232 AdobeFlashPlayerUpdateSvc - ok
09:10:37.0934 6232 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:10:37.0969 6232 adp94xx - ok
09:10:38.0044 6232 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:10:38.0079 6232 adpahci - ok
09:10:38.0114 6232 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:10:38.0134 6232 adpu320 - ok
09:10:38.0339 6232 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:10:40.0981 6232 AeLookupSvc - ok
09:10:41.0136 6232 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
09:10:41.0176 6232 AFD - ok
09:10:41.0221 6232 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
09:10:41.0231 6232 agp440 - ok
09:10:41.0301 6232 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:10:41.0581 6232 ALG - ok
09:10:41.0856 6232 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
09:10:41.0876 6232 aliide - ok
09:10:41.0881 6232 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
09:10:41.0896 6232 amdide - ok
09:10:41.0941 6232 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:10:42.0336 6232 AmdK8 - ok
09:10:42.0371 6232 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:10:43.0541 6232 AmdPPM - ok
09:10:43.0606 6232 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
09:10:43.0626 6232 amdsata - ok
09:10:43.0696 6232 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:10:43.0726 6232 amdsbs - ok
09:10:43.0741 6232 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
09:10:43.0761 6232 amdxata - ok
09:10:43.0826 6232 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
09:10:44.0174 6232 AppID - ok
09:10:44.0219 6232 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:10:44.0324 6232 AppIDSvc - ok
09:10:44.0334 6232 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
09:10:44.0454 6232 Appinfo - ok
09:10:44.0509 6232 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:10:44.0524 6232 Apple Mobile Device - ok
09:10:44.0539 6232 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:10:44.0554 6232 arc - ok
09:10:44.0589 6232 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:10:44.0609 6232 arcsas - ok
09:10:44.0754 6232 aspnet_state - ok
09:10:44.0809 6232 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:10:44.0924 6232 AsyncMac - ok
09:10:44.0974 6232 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
09:10:44.0994 6232 atapi - ok
09:10:45.0074 6232 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:10:45.0154 6232 athr - ok
09:10:45.0244 6232 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:10:45.0324 6232 AudioEndpointBuilder - ok
09:10:45.0334 6232 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:10:45.0369 6232 AudioSrv - ok
09:10:45.0749 6232 [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
09:10:45.0804 6232 avgfws - ok
09:10:46.0109 6232 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
09:10:46.0264 6232 AVGIDSAgent - ok
09:10:46.0319 6232 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
09:10:46.0339 6232 avgwd - ok
09:10:46.0414 6232 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:10:46.0744 6232 AxInstSV - ok
09:10:47.0109 6232 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:10:47.0194 6232 b06bdrv - ok
09:10:47.0274 6232 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:10:47.0329 6232 b57nd60a - ok
09:10:47.0369 6232 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:10:47.0424 6232 BDESVC - ok
09:10:47.0474 6232 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:10:47.0554 6232 Beep - ok
09:10:47.0594 6232 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
09:10:47.0669 6232 BFE - ok
09:10:47.0939 6232 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
09:10:47.0989 6232 BHDrvx64 - ok
09:10:48.0129 6232 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
09:10:48.0224 6232 BITS - ok
09:10:48.0279 6232 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:10:48.0319 6232 blbdrive - ok
09:10:48.0394 6232 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:10:48.0419 6232 Bonjour Service - ok
09:10:48.0444 6232 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:10:48.0499 6232 bowser - ok
09:10:48.0584 6232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:10:48.0634 6232 BrFiltLo - ok
09:10:48.0654 6232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:10:48.0704 6232 BrFiltUp - ok
09:10:48.0774 6232 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
09:10:48.0839 6232 Browser - ok
09:10:48.0912 6232 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:10:48.0935 6232 Brserid - ok
09:10:48.0955 6232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:10:49.0010 6232 BrSerWdm - ok
09:10:49.0040 6232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:10:49.0080 6232 BrUsbMdm - ok
09:10:49.0105 6232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:10:49.0125 6232 BrUsbSer - ok
09:10:49.0160 6232 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:10:49.0205 6232 BTHMODEM - ok
09:10:49.0225 6232 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:10:49.0295 6232 bthserv - ok
09:10:49.0460 6232 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys
09:10:49.0480 6232 ccSet_NIS - ok
09:10:49.0500 6232 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:10:49.0570 6232 cdfs - ok
09:10:49.0600 6232 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:10:49.0630 6232 cdrom - ok
09:10:49.0710 6232 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
09:10:49.0760 6232 CertPropSvc - ok
09:10:49.0775 6232 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:10:49.0815 6232 circlass - ok
09:10:49.0850 6232 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:10:49.0875 6232 CLFS - ok
09:10:49.0915 6232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:49.0935 6232 clr_optimization_v2.0.50727_32 - ok
09:10:50.0075 6232 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:10:50.0095 6232 clr_optimization_v2.0.50727_64 - ok
09:10:50.0110 6232 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:10:50.0155 6232 CmBatt - ok
09:10:50.0180 6232 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
09:10:50.0195 6232 cmdide - ok
09:10:50.0215 6232 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
09:10:50.0275 6232 CNG - ok
09:10:50.0295 6232 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:10:50.0315 6232 Compbatt - ok
09:10:50.0335 6232 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:10:50.0350 6232 CompositeBus - ok
09:10:50.0365 6232 COMSysApp - ok
09:10:50.0375 6232 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:10:50.0390 6232 crcdisk - ok
09:10:50.0415 6232 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:10:50.0465 6232 CryptSvc - ok
09:10:50.0570 6232 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:10:50.0680 6232 DcomLaunch - ok
09:10:50.0710 6232 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:10:50.0765 6232 defragsvc - ok
09:10:50.0785 6232 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:10:50.0885 6232 DfsC - ok
09:10:50.0920 6232 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
09:10:50.0985 6232 Dhcp - ok
09:10:50.0985 6232 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:10:51.0050 6232 discache - ok
09:10:51.0065 6232 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:10:51.0075 6232 Disk - ok
09:10:51.0145 6232 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:10:51.0255 6232 Dnscache - ok
09:10:51.0260 6232 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
09:10:51.0295 6232 dot3svc - ok
09:10:51.0320 6232 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
09:10:51.0385 6232 DPS - ok
09:10:51.0430 6232 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:10:51.0460 6232 drmkaud - ok
09:10:51.0540 6232 dump_wmimmc - ok
09:10:51.0595 6232 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:10:51.0635 6232 DXGKrnl - ok
09:10:51.0650 6232 [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
09:10:51.0660 6232 e1yexpress - ok
09:10:51.0680 6232 EagleX64 - ok
09:10:51.0695 6232 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:10:51.0745 6232 EapHost - ok
09:10:51.0835 6232 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:10:52.0000 6232 ebdrv - ok
09:10:52.0100 6232 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:10:52.0155 6232 eeCtrl - ok
09:10:52.0185 6232 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
09:10:52.0230 6232 EFS - ok
09:10:52.0375 6232 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:10:52.0430 6232 ehRecvr - ok
09:10:52.0450 6232 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:10:52.0515 6232 ehSched - ok
09:10:52.0630 6232 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:10:52.0695 6232 elxstor - ok
09:10:52.0740 6232 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:10:52.0760 6232 EraserUtilRebootDrv - ok
09:10:52.0790 6232 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
09:10:52.0835 6232 ErrDev - ok
09:10:52.0950 6232 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:10:53.0025 6232 EventSystem - ok
09:10:53.0045 6232 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:10:53.0080 6232 exfat - ok
09:10:53.0100 6232 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:10:53.0175 6232 fastfat - ok
09:10:53.0225 6232 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
09:10:53.0280 6232 Fax - ok
09:10:53.0315 6232 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:10:53.0370 6232 fdc - ok
09:10:53.0390 6232 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:10:53.0465 6232 fdPHost - ok
09:10:53.0490 6232 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:10:53.0555 6232 FDResPub - ok
09:10:53.0580 6232 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:10:53.0590 6232 FileInfo - ok
09:10:53.0600 6232 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:10:53.0660 6232 Filetrace - ok
09:10:53.0755 6232 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:10:53.0795 6232 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:10:53.0795 6232 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:10:53.0830 6232 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:10:53.0875 6232 flpydisk - ok
09:10:53.0936 6232 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:10:53.0957 6232 FltMgr - ok
09:10:53.0981 6232 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
09:10:54.0056 6232 FontCache - ok
09:10:54.0126 6232 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:10:54.0151 6232 FontCache3.0.0.0 - ok
09:10:54.0171 6232 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:10:54.0191 6232 FsDepends - ok
09:10:54.0206 6232 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:10:54.0226 6232 Fs_Rec - ok
09:10:54.0251 6232 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:10:54.0276 6232 fvevol - ok
09:10:54.0291 6232 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:10:54.0306 6232 gagp30kx - ok
09:10:54.0336 6232 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:10:54.0346 6232 GEARAspiWDM - ok
09:10:54.0506 6232 GGSAFERDriver - ok
09:10:54.0531 6232 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
09:10:54.0581 6232 gpsvc - ok
09:10:54.0616 6232 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
09:10:54.0626 6232 hamachi - ok
09:10:54.0666 6232 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:10:54.0711 6232 hcw85cir - ok
09:10:54.0736 6232 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:10:54.0916 6232 HDAudBus - ok
09:10:54.0951 6232 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:10:55.0001 6232 HidBatt - ok
09:10:55.0021 6232 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:10:55.0041 6232 HidBth - ok
09:10:55.0071 6232 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:10:55.0116 6232 HidIr - ok
09:10:55.0141 6232 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:10:55.0196 6232 hidserv - ok
09:10:55.0236 6232 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:10:55.0261 6232 HidUsb - ok
09:10:55.0306 6232 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:10:55.0381 6232 hkmsvc - ok
09:10:55.0406 6232 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:10:55.0426 6232 HomeGroupListener - ok
09:10:55.0481 6232 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:10:55.0496 6232 HomeGroupProvider - ok
09:10:55.0756 6232 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
09:10:56.0421 6232 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
09:10:56.0421 6232 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
09:10:56.0496 6232 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
09:10:56.0536 6232 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
09:10:56.0536 6232 HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
09:10:56.0646 6232 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
09:10:56.0666 6232 HpSAMD - ok
09:10:56.0821 6232 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:10:56.0896 6232 HTTP - ok
09:10:56.0916 6232 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:10:56.0926 6232 hwpolicy - ok
09:10:56.0976 6232 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:10:56.0991 6232 i8042prt - ok
09:10:57.0066 6232 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:10:57.0091 6232 iaStor - ok
09:10:57.0166 6232 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:10:57.0181 6232 IAStorDataMgrSvc - ok
09:10:57.0246 6232 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
09:10:57.0296 6232 iaStorV - ok
09:10:57.0381 6232 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:10:57.0736 6232 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:10:57.0736 6232 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:10:57.0986 6232 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:10:58.0061 6232 idsvc - ok
09:10:58.0231 6232 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130126.002\IDSvia64.sys
09:10:58.0266 6232 IDSVia64 - ok
09:10:58.0276 6232 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:10:58.0291 6232 iirsp - ok
09:10:58.0426 6232 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
09:10:58.0631 6232 IKEEXT - ok
09:10:58.0976 6232 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:10:59.0091 6232 IntcAzAudAddService - ok
09:10:59.0181 6232 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
09:10:59.0201 6232 intelide - ok
09:10:59.0251 6232 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:11:00.0211 6232 intelppm - ok
09:11:00.0251 6232 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:11:01.0816 6232 IPBusEnum - ok
09:11:01.0846 6232 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:11:03.0411 6232 IpFilterDriver - ok
09:11:05.0243 6232 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:11:06.0848 6232 iphlpsvc - ok
09:11:06.0928 6232 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:11:08.0478 6232 IPMIDRV - ok
09:11:08.0603 6232 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:11:10.0189 6232 IPNAT - ok
09:11:11.0959 6232 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:11:11.0984 6232 IRENUM - ok
09:11:12.0594 6232 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
09:11:12.0609 6232 isapnp - ok
09:11:13.0079 6232 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:11:13.0134 6232 iScsiPrt - ok
09:11:13.0624 6232 [ 6960D14BAC216317B45F95155280B0F4 ] JMP License Service C:\Program Files (x86)\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe
09:11:13.0629 6232 JMP License Service ( UnsignedFile.Multi.Generic ) - warning
09:11:13.0629 6232 JMP License Service - detected UnsignedFile.Multi.Generic (1)
09:11:14.0149 6232 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
09:11:14.0175 6232 JRAID - ok
09:11:15.0275 6232 [ 2B9B87269B1D31F261990049A5F5BFA5 ] JRSKD24 C:\Windows\system32\JRSKD24.SYS
09:11:15.0295 6232 JRSKD24 - ok
09:11:15.0730 6232 [ 6D15A689C9EF15041CE876FF662DB6E1 ] JRSUKD25 C:\Windows\system32\JRSUKD25.SYS
09:11:15.0760 6232 JRSUKD25 - ok
09:11:16.0715 6232 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:11:16.0730 6232 kbdclass - ok
09:11:16.0885 6232 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:11:16.0975 6232 kbdhid - ok
09:11:17.0045 6232 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
09:11:17.0060 6232 KeyIso - ok
09:11:17.0195 6232 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:11:17.0210 6232 KSecDD - ok
09:11:17.0280 6232 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:11:17.0295 6232 KSecPkg - ok
09:11:17.0320 6232 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:11:17.0535 6232 ksthunk - ok
09:11:17.0610 6232 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:11:19.0020 6232 KtmRm - ok
09:11:19.0179 6232 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:11:20.0756 6232 LanmanServer - ok
09:11:21.0046 6232 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:11:22.0666 6232 LanmanWorkstation - ok
09:11:22.0916 6232 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:11:24.0352 6232 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
09:11:24.0352 6232 LightScribeService - detected UnsignedFile.Multi.Generic (1)
09:11:24.0697 6232 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:11:26.0272 6232 lltdio - ok
09:11:27.0027 6232 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:11:28.0552 6232 lltdsvc - ok
09:11:28.0587 6232 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:11:28.0967 6232 lmhosts - ok
09:11:29.0092 6232 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:11:29.0107 6232 LSI_FC - ok
09:11:29.0127 6232 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:11:29.0142 6232 LSI_SAS - ok
09:11:29.0172 6232 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:11:29.0182 6232 LSI_SAS2 - ok
09:11:29.0232 6232 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:11:29.0252 6232 LSI_SCSI - ok
09:11:29.0284 6232 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:11:30.0859 6232 luafv - ok
09:11:31.0079 6232 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:11:31.0089 6232 MBAMProtector - ok
09:11:31.0329 6232 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:11:31.0374 6232 MBAMScheduler - ok
09:11:31.0494 6232 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:11:31.0544 6232 MBAMService - ok
09:11:31.0614 6232 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:11:32.0229 6232 Mcx2Svc - ok
09:11:32.0359 6232 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:11:32.0384 6232 megasas - ok
09:11:32.0474 6232 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:11:32.0504 6232 MegaSR - ok
09:11:32.0614 6232 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:11:34.0184 6232 MMCSS - ok
09:11:34.0932 6232 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:11:34.0992 6232 Modem - ok
09:11:35.0627 6232 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:11:36.0302 6232 monitor - ok
09:11:36.0667 6232 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:11:36.0687 6232 mouclass - ok
09:11:36.0917 6232 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:11:38.0462 6232 mouhid - ok
09:11:40.0006 6232 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:11:40.0016 6232 mountmgr - ok
09:11:40.0736 6232 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:11:40.0811 6232 MozillaMaintenance - ok
09:11:41.0296 6232 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
09:11:41.0321 6232 mpio - ok
09:11:43.0156 6232 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:11:43.0216 6232 mpsdrv - ok
09:11:43.0826 6232 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:11:45.0422 6232 MpsSvc - ok
09:11:45.0647 6232 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:11:47.0367 6232 MRxDAV - ok
09:11:47.0447 6232 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:11:49.0247 6232 mrxsmb - ok
09:11:49.0780 6232 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:11:50.0935 6232 mrxsmb10 - ok
09:11:51.0270 6232 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:11:52.0890 6232 mrxsmb20 - ok
09:11:54.0521 6232 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
09:11:54.0541 6232 msahci - ok
09:11:54.0791 6232 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
09:11:54.0816 6232 msdsm - ok
09:11:55.0331 6232 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:11:55.0861 6232 MSDTC - ok
09:11:56.0001 6232 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:11:56.0056 6232 Msfs - ok
09:11:56.0201 6232 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:11:57.0136 6232 mshidkmdf - ok
09:11:57.0191 6232 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
09:11:57.0211 6232 msisadrv - ok
09:11:57.0476 6232 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:11:59.0061 6232 MSiSCSI - ok
09:11:59.0066 6232 msiserver - ok
09:11:59.0386 6232 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:12:00.0974 6232 MSKSSRV - ok
09:12:01.0149 6232 [ 103B3BBE23AB774B009D182276EC6786 ] msloop C:\Windows\system32\DRIVERS\loop.sys
09:12:01.0164 6232 msloop - ok
09:12:01.0404 6232 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:12:01.0599 6232 MSPCLOCK - ok
09:12:01.0619 6232 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:12:01.0919 6232 MSPQM - ok
09:12:02.0004 6232 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:12:02.0074 6232 MsRPC - ok
09:12:02.0154 6232 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:12:02.0164 6232 mssmbios - ok
09:12:02.0234 6232 MSSQL$SQLEXPRESS - ok
09:12:02.0394 6232 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:12:02.0409 6232 MSSQLServerADHelper - ok
09:12:02.0464 6232 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:12:04.0039 6232 MSTEE - ok
09:12:05.0256 6232 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
09:12:05.0391 6232 msvsmon90 - ok
09:12:05.0446 6232 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:12:05.0461 6232 MTConfig - ok
09:12:05.0531 6232 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:12:05.0541 6232 Mup - ok
09:12:05.0691 6232 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
09:12:07.0286 6232 napagent - ok
09:12:07.0766 6232 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:12:09.0356 6232 NativeWifiP - ok
09:12:09.0638 6232 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130129.005\ENG64.SYS
09:12:09.0728 6232 NAVENG - ok
09:12:10.0413 6232 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130129.005\EX64.SYS
09:12:10.0543 6232 NAVEX15 - ok
09:12:10.0633 6232 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:12:10.0683 6232 NDIS - ok
09:12:10.0883 6232 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:12:11.0093 6232 NdisCap - ok
09:12:11.0378 6232 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:12:11.0968 6232 NdisTapi - ok
09:12:12.0128 6232 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:12:13.0703 6232 Ndisuio - ok
09:12:14.0283 6232 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:12:14.0318 6232 NdisWan - ok
09:12:14.0468 6232 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:12:15.0110 6232 NDProxy - ok
09:12:15.0540 6232 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:12:15.0710 6232 NetBIOS - ok
09:12:15.0800 6232 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:12:16.0040 6232 NetBT - ok
09:12:16.0275 6232 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
09:12:16.0300 6232 Netlogon - ok
09:12:16.0595 6232 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:12:16.0645 6232 Netman - ok
09:12:16.0980 6232 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:12:18.0635 6232 netprofm - ok
09:12:19.0050 6232 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:12:19.0075 6232 NetTcpPortSharing - ok
09:12:20.0788 6232 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:12:20.0808 6232 nfrd960 - ok
09:12:21.0338 6232 [ 4BA84C832E0741A294C4444556DFE993 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
09:12:21.0363 6232 NIS - ok
09:12:21.0533 6232 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:12:21.0578 6232 NlaSvc - ok
09:12:21.0758 6232 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:12:21.0803 6232 Npfs - ok
09:12:21.0958 6232 npggsvc - ok
09:12:21.0958 6232 NPPTNT2 - ok
09:12:22.0058 6232 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:12:23.0688 6232 nsi - ok
09:12:23.0713 6232 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:12:25.0279 6232 nsiproxy - ok
09:12:26.0014 6232 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:12:26.0144 6232 Ntfs - ok
09:12:26.0329 6232 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:12:27.0864 6232 Null - ok
09:12:30.0921 6232 [ 04A048659B8F77F9151308A690F14E87 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:12:31.0531 6232 nvlddmkm - ok
09:12:31.0716 6232 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
09:12:31.0741 6232 nvraid - ok
09:12:31.0816 6232 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
09:12:31.0831 6232 nvstor - ok
09:12:31.0886 6232 [ 35ED605E778509668C08ED15DB96E7CD ] nvsvc C:\Windows\system32\nvvsvc.exe
09:12:31.0901 6232 nvsvc - ok
09:12:31.0916 6232 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
09:12:31.0931 6232 nv_agp - ok
09:12:32.0086 6232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:12:32.0106 6232 odserv - ok
09:12:32.0151 6232 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:12:32.0401 6232 ohci1394 - ok
09:12:32.0471 6232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:12:32.0486 6232 ose - ok
09:12:32.0571 6232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:12:32.0601 6232 p2pimsvc - ok
09:12:32.0641 6232 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:12:33.0181 6232 p2psvc - ok
09:12:33.0236 6232 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:12:33.0261 6232 Parport - ok
09:12:33.0281 6232 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:12:33.0301 6232 partmgr - ok
09:12:33.0551 6232 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:12:34.0136 6232 PcaSvc - ok
09:12:34.0191 6232 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
09:12:34.0211 6232 pci - ok
09:12:34.0251 6232 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
09:12:34.0261 6232 pciide - ok
09:12:34.0286 6232 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:12:34.0301 6232 pcmcia - ok
09:12:34.0948 6232 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:12:35.0438 6232 pcw - ok
09:12:35.0703 6232 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:12:35.0753 6232 PEAUTH - ok
09:12:37.0103 6232 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:12:37.0958 6232 PerfHost - ok
09:12:38.0218 6232 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
09:12:38.0548 6232 pla - ok
09:12:38.0743 6232 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:12:38.0938 6232 PlugPlay - ok
09:12:39.0008 6232 PnkBstrA - ok
09:12:39.0038 6232 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:12:39.0433 6232 PNRPAutoReg - ok
09:12:39.0458 6232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:12:39.0488 6232 PNRPsvc - ok
09:12:39.0653 6232 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:12:41.0275 6232 PolicyAgent - ok
09:12:41.0320 6232 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:12:41.0925 6232 Power - ok
09:12:42.0105 6232 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:12:42.0615 6232 PptpMiniport - ok
09:12:42.0630 6232 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:12:42.0975 6232 Processor - ok
09:12:43.0040 6232 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
09:12:43.0075 6232 ProfSvc - ok
09:12:43.0250 6232 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
09:12:43.0275 6232 ProtectedStorage - ok
09:12:43.0390 6232 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:12:44.0580 6232 Psched - ok
09:12:46.0700 6232 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:12:46.0785 6232 ql2300 - ok
09:12:46.0880 6232 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:12:46.0905 6232 ql40xx - ok
09:12:47.0000 6232 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:12:47.0035 6232 QWAVE - ok
09:12:47.0215 6232 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:12:47.0785 6232 QWAVEdrv - ok
09:12:47.0810 6232 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:12:49.0370 6232 RasAcd - ok
09:12:50.0316 6232 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:12:50.0996 6232 RasAgileVpn - ok
09:12:51.0036 6232 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:12:52.0596 6232 RasAuto - ok
09:12:52.0696 6232 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:12:53.0346 6232 Rasl2tp - ok
09:12:53.0461 6232 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
09:12:55.0041 6232 RasMan - ok
09:12:55.0174 6232 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:12:55.0274 6232 RasPppoe - ok
09:12:55.0739 6232 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:12:57.0379 6232 RasSstp - ok
09:12:57.0664 6232 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:12:58.0209 6232 rdbss - ok
09:12:58.0254 6232 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:12:58.0554 6232 rdpbus - ok
09:12:58.0624 6232 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:12:58.0759 6232 RDPCDD - ok
09:12:58.0824 6232 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:12:59.0419 6232 RDPENCDD - ok
09:12:59.0549 6232 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:12:59.0594 6232 RDPREFMP - ok
09:12:59.0649 6232 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:12:59.0704 6232 RDPWD - ok
09:13:00.0187 6232 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:13:00.0202 6232 rdyboost - ok
09:13:00.0557 6232 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:13:00.0592 6232 RemoteAccess - ok
09:13:02.0037 6232 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:13:02.0432 6232 RemoteRegistry - ok
09:13:02.0482 6232 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:13:02.0547 6232 RpcEptMapper - ok
09:13:02.0602 6232 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:13:02.0657 6232 RpcLocator - ok
09:13:02.0712 6232 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
09:13:02.0752 6232 RpcSs - ok
09:13:03.0007 6232 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:13:03.0082 6232 rspndr - ok
09:13:03.0107 6232 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
09:13:03.0132 6232 SamSs - ok
09:13:03.0197 6232 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
09:13:03.0217 6232 sbp2port - ok
09:13:03.0372 6232 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:13:03.0437 6232 SCardSvr - ok
09:13:03.0507 6232 [ 3AC948640421E3891A49AA83C6B77B7A ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
09:13:03.0527 6232 SCDEmu - ok
09:13:03.0567 6232 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:13:03.0762 6232 scfilter - ok
09:13:03.0862 6232 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
09:13:03.0952 6232 Schedule - ok
09:13:03.0992 6232 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:13:04.0027 6232 SCPolicySvc - ok
09:13:04.0042 6232 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:13:04.0157 6232 SDRSVC - ok
09:13:04.0177 6232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:13:04.0317 6232 secdrv - ok
09:13:04.0342 6232 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
09:13:04.0397 6232 seclogon - ok
09:13:04.0412 6232 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:13:04.0482 6232 SENS - ok
09:13:04.0492 6232 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:13:04.0537 6232 SensrSvc - ok
09:13:04.0597 6232 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:13:04.0747 6232 Serenum - ok
09:13:04.0777 6232 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:13:04.0807 6232 Serial - ok
09:13:04.0837 6232 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:13:05.0163 6232 sermouse - ok
09:13:05.0203 6232 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
09:13:05.0498 6232 SessionEnv - ok
09:13:05.0553 6232 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:13:05.0593 6232 sffdisk - ok
09:13:05.0623 6232 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:13:05.0678 6232 sffp_mmc - ok
09:13:05.0698 6232 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:13:05.0748 6232 sffp_sd - ok
09:13:05.0783 6232 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:13:05.0803 6232 sfloppy - ok
09:13:05.0858 6232 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:13:05.0953 6232 SharedAccess - ok
09:13:05.0973 6232 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:13:05.0998 6232 ShellHWDetection - ok
09:13:06.0203 6232 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:13:06.0228 6232 SiSRaid2 - ok
09:13:06.0243 6232 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:13:06.0258 6232 SiSRaid4 - ok
09:13:06.0298 6232 sj - ok
09:13:07.0248 6232 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:13:07.0433 6232 Skype C2C Service - ok
09:13:08.0013 6232 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:13:08.0028 6232 SkypeUpdate - ok
09:13:08.0253 6232 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:13:09.0008 6232 Smb - ok
09:13:09.0313 6232 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
09:13:09.0333 6232 SMR311 - ok
09:13:09.0423 6232 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:13:09.0438 6232 SNMPTRAP - ok
09:13:09.0463 6232 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:13:09.0478 6232 spldr - ok
09:13:09.0728 6232 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
09:13:10.0557 6232 Spooler - ok
09:13:11.0117 6232 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
09:13:11.0307 6232 sppsvc - ok
09:13:11.0392 6232 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:13:12.0282 6232 sppuinotify - ok
09:13:12.0977 6232 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:13:13.0002 6232 SQLBrowser - ok
09:13:14.0557 6232 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:13:14.0817 6232 SQLWriter - ok
09:13:16.0169 6232 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\NISx64\1402010.016\SRTSP64.SYS
09:13:16.0464 6232 SRTSP - ok
09:13:16.0634 6232 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS
09:13:16.0649 6232 SRTSPX - ok
09:13:16.0859 6232 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:13:17.0099 6232 srv - ok
09:13:17.0629 6232 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:13:17.0934 6232 srv2 - ok
09:13:17.0994 6232 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:13:18.0234 6232 srvnet - ok
09:13:18.0414 6232 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:13:19.0994 6232 SSDPSRV - ok
09:13:20.0615 6232 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
09:13:20.0630 6232 SSPORT - ok
09:13:20.0725 6232 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:13:20.0760 6232 SstpSvc - ok
09:13:21.0285 6232 Steam Client Service - ok
09:13:21.0800 6232 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:13:21.0815 6232 stexstor - ok
09:13:22.0595 6232 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
09:13:22.0970 6232 stisvc - ok
09:13:23.0730 6232 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:13:23.0755 6232 swenum - ok
09:13:25.0125 6232 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:13:25.0205 6232 swprv - ok
09:13:25.0533 6232 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS
09:13:25.0578 6232 SymDS - ok
09:13:26.0158 6232 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS
09:13:26.0298 6232 SymEFA - ok
09:13:26.0443 6232 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:13:26.0453 6232 SymEvent - ok
09:13:26.0458 6232 SYMFW - ok
09:13:26.0543 6232 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS
09:13:26.0553 6232 SymIRON - ok
09:13:26.0578 6232 SYMNDISV - ok
09:13:26.0658 6232 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS
09:13:26.0703 6232 SymNetS - ok
09:13:27.0448 6232 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
09:13:28.0188 6232 SysMain - ok
09:13:28.0453 6232 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:13:29.0683 6232 TabletInputService - ok
09:13:29.0928 6232 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
09:13:31.0505 6232 TapiSrv - ok
09:13:31.0900 6232 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:13:31.0970 6232 TBS - ok
09:13:32.0735 6232 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:13:33.0025 6232 Tcpip - ok
09:13:34.0600 6232 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:13:34.0675 6232 TCPIP6 - ok
09:13:34.0695 6232 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:13:34.0930 6232 tcpipreg - ok
09:13:35.0165 6232 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:13:41.0026 6232 TDPIPE - ok
09:13:41.0186 6232 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:13:41.0236 6232 TDTCP - ok
09:13:41.0291 6232 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:13:41.0391 6232 tdx - ok
09:13:41.0421 6232 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:13:41.0506 6232 TermDD - ok
09:13:41.0756 6232 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
09:13:42.0826 6232 TermService - ok
09:13:43.0006 6232 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:13:44.0291 6232 Themes - ok
09:13:44.0341 6232 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:13:44.0371 6232 THREADORDER - ok
09:13:44.0416 6232 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:13:44.0456 6232 TrkWks - ok
09:13:44.0541 6232 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:13:44.0601 6232 TrustedInstaller - ok
09:13:44.0626 6232 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:13:44.0721 6232 tssecsrv - ok
09:13:44.0761 6232 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:13:44.0921 6232 tunnel - ok
09:13:44.0941 6232 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:13:44.0956 6232 uagp35 - ok
09:13:45.0021 6232 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:13:45.0081 6232 udfs - ok
09:13:45.0126 6232 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:13:45.0261 6232 UI0Detect - ok
09:13:45.0291 6232 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
09:13:45.0311 6232 uliagpkx - ok
09:13:45.0326 6232 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:13:45.0366 6232 umbus - ok
09:13:45.0391 6232 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:13:45.0466 6232 UmPass - ok
09:13:45.0528 6232 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:13:45.0563 6232 upnphost - ok
09:13:45.0633 6232 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:13:45.0808 6232 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
09:13:45.0808 6232 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
09:13:45.0858 6232 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:13:45.0903 6232 usbaudio - ok
09:13:45.0948 6232 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:13:46.0073 6232 usbccgp - ok
09:13:46.0128 6232 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
09:13:46.0313 6232 usbcir - ok
09:13:46.0328 6232 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:13:46.0353 6232 usbehci - ok
09:13:46.0423 6232 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:13:46.0508 6232 usbhub - ok
09:13:46.0548 6232 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:13:46.0593 6232 usbohci - ok
09:13:46.0653 6232 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:13:46.0678 6232 usbprint - ok
09:13:46.0698 6232 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:13:46.0713 6232 USBSTOR - ok
09:13:46.0743 6232 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:13:46.0758 6232 usbuhci - ok
09:13:46.0803 6232 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:13:46.0928 6232 UxSms - ok
09:13:46.0943 6232 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
09:13:46.0958 6232 VaultSvc - ok
09:13:46.0978 6232 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
09:13:46.0993 6232 vdrvroot - ok
09:13:47.0063 6232 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
09:13:47.0088 6232 vds - ok
09:13:47.0113 6232 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:13:47.0173 6232 vga - ok
09:13:47.0208 6232 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:13:47.0258 6232 VgaSave - ok
09:13:47.0273 6232 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
09:13:47.0288 6232 vhdmp - ok
09:13:47.0303 6232 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
09:13:47.0313 6232 viaide - ok
09:13:47.0333 6232 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
09:13:47.0343 6232 volmgr - ok
09:13:47.0363 6232 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:13:47.0378 6232 volmgrx - ok
09:13:47.0388 6232 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
09:13:47.0403 6232 volsnap - ok
09:13:47.0548 6232 [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
09:13:47.0593 6232 vpnagent - ok
09:13:47.0613 6232 [ 0E4DF91E83DA5739FFB18535D4DB10AA ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
09:13:47.0623 6232 vpnva - ok
09:13:47.0653 6232 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:13:47.0668 6232 vsmraid - ok
09:13:47.0818 6232 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
09:13:47.0948 6232 VSS - ok
09:13:47.0993 6232 vtany - ok
09:13:47.0998 6232 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:13:48.0018 6232 vwifibus - ok
09:13:48.0043 6232 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:13:48.0138 6232 vwififlt - ok
09:13:48.0183 6232 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:13:48.0213 6232 vwifimp - ok
09:13:48.0263 6232 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:13:48.0298 6232 W32Time - ok
09:13:48.0313 6232 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:13:48.0328 6232 WacomPen - ok
09:13:48.0383 6232 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:13:48.0438 6232 WANARP - ok
09:13:48.0438 6232 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:13:48.0468 6232 Wanarpv6 - ok
09:13:48.0783 6232 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:13:48.0853 6232 WatAdminSvc - ok
09:13:49.0028 6232 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
09:13:49.0078 6232 wbengine - ok
09:13:49.0093 6232 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:13:49.0113 6232 WbioSrvc - ok
09:13:49.0133 6232 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:13:49.0158 6232 wcncsvc - ok
09:13:49.0173 6232 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:13:49.0223 6232 WcsPlugInService - ok
09:13:49.0263 6232 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:13:49.0278 6232 Wd - ok
09:13:49.0313 6232 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:13:49.0358 6232 Wdf01000 - ok
09:13:49.0378 6232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:13:49.0428 6232 WdiServiceHost - ok
09:13:49.0428 6232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:13:49.0458 6232 WdiSystemHost - ok
09:13:49.0498 6232 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
09:13:49.0543 6232 WebClient - ok
09:13:49.0583 6232 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:13:49.0673 6232 Wecsvc - ok
09:13:49.0688 6232 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:13:49.0723 6232 wercplsupport - ok
09:13:49.0748 6232 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:13:49.0828 6232 WerSvc - ok
09:13:49.0853 6232 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:13:49.0888 6232 WfpLwf - ok
09:13:49.0903 6232 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:13:49.0918 6232 WIMMount - ok
09:13:49.0958 6232 WinDefend - ok
09:13:49.0958 6232 WinHttpAutoProxySvc - ok
09:13:50.0038 6232 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:13:50.0088 6232 Winmgmt - ok
09:13:50.0158 6232 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
09:13:50.0338 6232 WinRM - ok
09:13:50.0413 6232 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:13:50.0443 6232 WinUsb - ok
09:13:50.0488 6232 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:13:50.0529 6232 Wlansvc - ok
09:13:50.0804 6232 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:13:50.0869 6232 wlidsvc - ok
09:13:50.0884 6232 [ CDA299EC031613957C97F758D9B732CB ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
09:13:51.0054 6232 WmFilter - ok
09:13:51.0099 6232 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:13:51.0119 6232 WmiAcpi - ok
09:13:51.0199 6232 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:13:51.0239 6232 wmiApSrv - ok
09:13:51.0309 6232 WMPNetworkSvc - ok
09:13:51.0369 6232 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:13:51.0384 6232 WPCSvc - ok
09:13:51.0394 6232 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:13:51.0474 6232 WPDBusEnum - ok
09:13:51.0504 6232 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:13:51.0569 6232 ws2ifsl - ok
09:13:51.0604 6232 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:13:51.0644 6232 wscsvc - ok
09:13:51.0649 6232 WSearch - ok
09:13:51.0764 6232 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
09:13:51.0894 6232 wuauserv - ok
09:13:51.0919 6232 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:13:51.0989 6232 WudfPf - ok
09:13:52.0024 6232 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:13:52.0084 6232 WUDFRd - ok
09:13:52.0109 6232 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:13:52.0144 6232 wudfsvc - ok
09:13:52.0204 6232 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:13:52.0279 6232 WwanSvc - ok
09:13:52.0534 6232 X6va001 - ok
09:13:52.0744 6232 X6va003 - ok
09:13:52.0749 6232 X6va005 - ok
09:13:52.0774 6232 X6va006 - ok
09:13:52.0859 6232 X6va007 - ok
09:13:53.0619 6232 X6va008 - ok
09:13:53.0709 6232 X6va009 - ok
09:13:53.0769 6232 X6va011 - ok
09:13:54.0024 6232 xsherlock - ok
09:13:54.0279 6232 [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
09:13:54.0294 6232 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
09:13:54.0344 6232 ================ Scan global ===============================
09:13:54.0409 6232 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:13:54.0469 6232 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
09:13:54.0479 6232 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
09:13:54.0524 6232 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:13:54.0574 6232 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:13:54.0579 6232 [Global] - ok
09:13:54.0579 6232 ================ Scan MBR ==================================
09:13:54.0589 6232 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
09:13:56.0651 6232 \Device\Harddisk0\DR0 - ok
09:13:57.0176 6232 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
09:13:57.0251 6232 \Device\Harddisk1\DR1 - ok
09:13:57.0251 6232 ================ Scan VBR ==================================
09:13:57.0351 6232 [ 5C7616575677510DB8F9341977AFDF54 ] \Device\Harddisk0\DR0\Partition1
09:13:57.0361 6232 \Device\Harddisk0\DR0\Partition1 - ok
09:13:58.0891 6232 [ 061A8D9556A92A02115E594BCB8E6C0E ] \Device\Harddisk0\DR0\Partition2
09:13:59.0041 6232 \Device\Harddisk0\DR0\Partition2 - ok
09:13:59.0076 6232 [ F5F48CF97BF3B7F52D4F41B098DE0F35 ] \Device\Harddisk1\DR1\Partition1
09:13:59.0076 6232 \Device\Harddisk1\DR1\Partition1 - ok
09:13:59.0076 6232 ============================================================
09:13:59.0076 6232 Scan finished
09:13:59.0076 6232 ============================================================
09:13:59.0106 4960 Detected object count: 7
09:13:59.0106 4960 Actual detected object count: 7
09:14:08.0613 4960 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0613 4960 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:08.0613 4960 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0613 4960 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:08.0613 4960 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0613 4960 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:08.0613 4960 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0613 4960 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:08.0618 4960 JMP License Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0618 4960 JMP License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:08.0618 4960 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0618 4960 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:08.0618 4960 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:08.0618 4960 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:11.0429 4416 Deinitialize success
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The TDSSKiller log is clean. Let's get rid of the duplicate AV programs and get a look at the master boot record.

Step-1.

Program Uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

AVG 2012
AVG 2013


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\AVG
C:\Users\Jennifer\AppData\Roaming\AVG2013


2. Close Windows Explorer.

It is possible that uninstalling the AVG antivirus programs will break the Norton Internet Security program and cause it not to work properly. If that happens let me know.

I also need to know if you have the Norton firewall turned on.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


I want to get a fresh OTL scan to see if all residual AVG entries are gone and check some other things.

Step-3.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. Answer my question about the Norton firewall
3. The aswMBR log
4. The new OTL.txt log
  • 0

#5
Kuripi

Kuripi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, sorry for the late response! The AVG uninstalls went smoothly, though AVG2013 stayed in my installed programs list after, so I tried to uninstall it and it said that it was already uninstalled and if I wanted remove it from the the list. I clicked yes (is that ok?). So far Norton seems fine, if anything comes up I'll notify you. Also yes Norton's firewall is up though it's called a smart firewall (don't think that makes much of a difference).




Here is the asmMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-30 03:34:53
-----------------------------
03:34:53.069 OS Version: Windows x64 6.1.7600
03:34:53.069 Number of processors: 8 586 0x1A05
03:34:53.069 ComputerName: ANDREW-PC UserName: Jennifer
03:34:55.035 Initialize success
03:36:04.347 AVAST engine defs: 13013000
03:36:18.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
03:36:18.373 Disk 0 Vendor: ST310005 HP22 Size: 953869MB BusType: 8
03:36:18.373 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
03:36:18.373 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
03:36:18.388 Disk 0 MBR read successfully
03:36:18.404 Disk 0 MBR scan
03:36:18.404 Disk 0 unknown MBR code
03:36:18.404 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939457 MB offset 63
03:36:18.435 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14409 MB offset 1924008660
03:36:18.451 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 1953520065
03:36:18.466 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
03:36:18.466 Disk 0 MBR [SST] **ROOTKIT**
03:36:18.466 Disk 0 trace - called modules:
03:36:18.482 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:36:18.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008745060]
03:36:18.482 3 CLASSPNP.SYS[fffff88001d0743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8008428050]
03:36:21.104 AVAST engine scan C:\Windows
03:36:24.130 AVAST engine scan C:\Windows\system32
03:39:21.974 AVAST engine scan C:\Windows\system32\drivers
03:39:38.137 AVAST engine scan C:\Users\Jennifer
03:58:29.059 AVAST engine scan C:\ProgramData
04:03:08.098 Scan finished successfully
11:46:22.849 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
11:46:22.849 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"



Edit 1:I seemed to have screwed up the OTL Scan so I'm going to rescan. Sorry. Edit 2: Heres the log again, I missed a line of text for the custom scan the first time.



OTL logfile created on: 30/01/2013 12:23:24 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.99 Gb Total Physical Memory | 5.78 Gb Available Physical Memory | 64.34% Memory free
17.98 Gb Paging File | 14.83 Gb Available in Paging File | 82.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.44 Gb Total Space | 484.46 Gb Free Space | 52.81% Space Free | Partition Type: NTFS
Drive D: | 14.07 Gb Total Space | 1.98 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2013/01/20 11:29:18 | 028,539,272 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/04 17:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe
PRC - [2011/11/14 19:50:22 | 000,312,376 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/12/21 00:07:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/29 21:09:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/17 14:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/10 07:14:00 | 000,275,816 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/30 16:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/08/07 21:03:41 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\wincfi39.dll
MOD - [2010/07/25 01:37:37 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\81ca3fe3628418a3e9e6cd792a828cdd\IAStorUtil.ni.dll
MOD - [2010/07/04 07:36:13 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ffc1f675cecc8a8bc253aa87ec94662f\WindowsBase.ni.dll
MOD - [2009/08/28 12:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 20:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/13 20:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 20:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 20:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 20:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/13 20:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 20:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2008/08/07 21:03:41 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 08:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013/01/18 18:57:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/17 20:47:32 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/08 23:05:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/04 17:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012/09/15 14:49:36 | 000,674,912 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2010/12/21 00:07:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/19 11:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/12/29 21:09:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 14:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/11/11 20:34:59 | 000,069,632 | ---- | M] (SAS Institute Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe -- (JMP License Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/30 16:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/22 21:05:25 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/08 17:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 17:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 17:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/06 18:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 17:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/20 11:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/24 21:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/11/14 19:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/18 17:10:39 | 000,015,768 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSUKD25.SYS -- (JRSUKD25)
DRV:64bit: - [2011/06/18 17:10:39 | 000,012,824 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSKD24.SYS -- (JRSKD24)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/17 14:18:51 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/08/12 18:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2005/04/12 04:21:52 | 000,029,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV - [2013/01/23 21:46:50 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130130.004\ex64.sys -- (NAVEX15)
DRV - [2013/01/23 21:46:50 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130130.004\eng64.sys -- (NAVENG)
DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130129.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/20 13:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/23 10:23:24] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/29 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FBF137DA-1049-4253-B6FD-D2CD1F865BCD}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{C8C3B06C-EDA5-407D-9AE0-82A6B2C08ADE}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{FBF137DA-1049-4253-B6FD-D2CD1F865BCD}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKLM\..\SearchScopes\{C8C3B06C-EDA5-407D-9AE0-82A6B2C08ADE}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{FBF137DA-1049-4253-B6FD-D2CD1F865BCD}: "URL" = http://search.live.c...ms}&FORM=HPDTDF


IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\SearchScopes,DefaultScope = {FBF137DA-1049-4253-B6FD-D2CD1F865BCD}
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\SearchScopes\{C8C3B06C-EDA5-407D-9AE0-82A6B2C08ADE}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\SearchScopes\{FBF137DA-1049-4253-B6FD-D2CD1F865BCD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox"
FF - prefs.js..extensions.enabledAddons: hypem%40downloader.com:2.4
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/01/30 03:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/01/22 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 18:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 18:57:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 18:57:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 18:57:04 | 000,000,000 | ---D | M]

[2009/12/31 18:53:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
[2013/01/26 12:20:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions
[2010/07/09 17:11:17 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 15:18:56 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/15 04:17:41 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/04/13 16:10:09 | 000,000,000 | -H-D | M] (Gradient iCool) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/03/15 04:17:41 | 000,000,000 | -H-D | M] (Personas) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\[email protected]
[2012/10/03 15:23:19 | 000,033,474 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\[email protected]
[2012/12/05 18:49:29 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013/01/05 00:07:18 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/23 20:51:59 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/07 15:57:42 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/13 01:03:26 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/01/26 12:20:24 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/03/28 16:02:46 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/10/17 14:45:17 | 000,000,929 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\g1vgjwie.default\searchplugins\conduit.xml
[2013/01/18 18:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/18 18:57:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/18 18:57:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/02/21 02:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/08/30 00:04:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 23:15:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Java™ Platform SE 6 U31 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WEBZEN Browser Extension (Disabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: Google Drive = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/06/05 16:58:28 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001..\Run: [Akamai NetSession Interface] C:\Users\Jennifer\AppData\Local\Akamai\netsession_win.exe ()
O4 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPS2OneNote.lnk = C:\Users\Jennifer\AppData\Roaming\Microsoft\Installer\{647CF927-A933-49E5-BE23-7493806DE280}\_2B61F327AF75D68B1BB476.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_28077654.lnk = C:\Users\Jennifer\AppData\Local\Temp\_uninst_28077654.bat ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67340612.lnk = C:\Users\Jennifer\AppData\Local\Temp\_uninst_67340612.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Evernote - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..Trusted Domains: fishbattle.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1874282680-375854982-2821927908-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} https://members.hang...KKeyProInst.cab (CKKeyPro Crypto support Class (CKNhnInst))
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://c9.hangame.co...anSetup1040.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10AB1D31-B99B-4BCD-ACB7-C8B37914396C}: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D470F0A6-D9E2-41F2-A5C4-7F1663BD168E}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d5c91309-37a9-11e0-b9e4-0026183e20c4}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c91309-37a9-11e0-b9e4-0026183e20c4}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{d5c91309-37a9-11e0-b9e4-0026183e20c4}\Shell\setup\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 03:34:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswmbr.exe
[2013/01/30 03:20:43 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Avg2013
[2013/01/29 08:24:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2013/01/29 07:28:35 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\FixTDSS.exe
[2013/01/29 07:05:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\rkill
[2013/01/29 07:05:20 | 000,958,368 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill64.exe
[2013/01/29 07:03:46 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill.exe
[2013/01/29 03:09:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/29 03:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/29 03:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/29 03:08:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/29 03:07:21 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jennifer\Desktop\TDSSKiller.exe
[2013/01/29 02:52:56 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\NPE.exe
[2013/01/28 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\pctsGui
[2013/01/28 19:46:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\PC Tools
[2013/01/28 19:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013/01/28 19:33:25 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013/01/28 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/01/28 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/01/28 19:32:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\TestApp
[2013/01/28 11:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/28 10:30:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\NPE
[2013/01/28 10:23:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Programs
[2013/01/22 22:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/22 22:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/22 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Symantec
[2013/01/18 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/06 19:33:27 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jennifer\*.tmp files -> C:\Users\Jennifer\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 12:07:00 | 000,000,912 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1000UA.job
[2013/01/30 12:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 12:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1001UA.job
[2013/01/30 03:34:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswmbr.exe
[2013/01/30 03:31:14 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 03:31:14 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 03:23:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/30 03:22:59 | 2945,785,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 22:33:07 | 000,002,184 | ---- | M] () -- C:\{707BEAE0-4C10-4928-B5CD-BC01511FFE21}
[2013/01/29 22:07:00 | 000,000,860 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1000Core.job
[2013/01/29 21:49:30 | 000,002,728 | ---- | M] () -- C:\{A10EB832-C1BA-4FBC-98D3-7A20FF5AEC1A}
[2013/01/29 21:33:36 | 000,002,248 | ---- | M] () -- C:\{3ECBC60E-1DEC-41AF-A8A0-D6C8078DE915}
[2013/01/29 21:32:08 | 000,002,776 | ---- | M] () -- C:\{FF233906-2ED8-448D-B051-46A467AC86F2}
[2013/01/29 21:29:16 | 000,003,072 | ---- | M] () -- C:\{126E6962-CFC2-47C7-AAA8-CC85A53B1E9B}
[2013/01/29 21:15:30 | 000,002,184 | ---- | M] () -- C:\{3FD3AA21-04E8-4E58-8CB3-DA62E3047100}
[2013/01/29 21:07:17 | 000,002,232 | ---- | M] () -- C:\{BB3C5C5D-E1F3-4783-BE93-D999D3012363}
[2013/01/29 21:04:48 | 000,002,232 | ---- | M] () -- C:\{B32FB8BA-3B1A-439E-B807-B57468B77CB8}
[2013/01/29 20:57:31 | 000,002,152 | ---- | M] () -- C:\{DCB80CD5-53F2-4FC4-957D-CD0CF38CAEF0}
[2013/01/29 20:24:10 | 000,002,624 | ---- | M] () -- C:\{B7D01DC5-4F0D-4BC6-A199-3925C00EA341}
[2013/01/29 20:21:37 | 000,002,640 | ---- | M] () -- C:\{D226AF0D-2A46-4193-B850-11B79722DACC}
[2013/01/29 17:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1874282680-375854982-2821927908-1001Core.job
[2013/01/29 09:51:49 | 000,026,900 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\dt.dat
[2013/01/29 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2013/01/29 07:43:03 | 000,000,920 | ---- | M] () -- C:\{3F531351-F57D-4BC3-9B34-4DAD9CBA2314}
[2013/01/29 07:28:35 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\FixTDSS.exe
[2013/01/29 07:05:20 | 000,958,368 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill64.exe
[2013/01/29 07:03:49 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jennifer\Desktop\rkill.exe
[2013/01/29 03:31:03 | 000,001,014 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67340612.lnk
[2013/01/29 03:25:59 | 000,000,920 | ---- | M] () -- C:\{D316859A-F1A3-4461-820A-A4F2A757FD5B}
[2013/01/29 03:09:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 03:07:09 | 002,195,061 | ---- | M] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2013/01/29 02:52:57 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\Jennifer\Desktop\NPE.exe
[2013/01/28 19:45:22 | 001,298,981 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/01/28 19:45:22 | 001,143,965 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB
[2013/01/28 11:10:45 | 000,001,014 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_28077654.lnk
[2013/01/28 11:09:15 | 159,056,520 | ---- | M] () -- C:\Users\Jennifer\Desktop\setup_11.0.0.1245.x01_2013_01_28_22_08.exe
[2013/01/24 21:04:15 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021
[2013/01/23 21:35:22 | 000,001,057 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/23 21:35:16 | 000,001,031 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk
[2013/01/23 21:03:10 | 000,002,384 | ---- | M] () -- C:\Users\Jennifer\Desktop\Google Chrome.lnk
[2013/01/22 21:05:25 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/22 21:05:25 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/22 21:05:25 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/20 02:19:10 | 000,355,761 | ---- | M] () -- C:\Users\Jennifer\Desktop\so troll.jpg
[2013/01/18 21:10:07 | 000,001,833 | -H-- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/14 20:58:35 | 000,001,568 | ---- | M] () -- C:\Users\Jennifer\Desktop\Windows Media Player.lnk
[2013/01/09 23:44:09 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\isolate.ini
[2013/01/09 03:03:58 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/01/08 23:05:13 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 23:05:13 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/06 19:32:45 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/01/06 19:32:45 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jennifer\*.tmp files -> C:\Users\Jennifer\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/29 22:33:06 | 000,002,184 | ---- | C] () -- C:\{707BEAE0-4C10-4928-B5CD-BC01511FFE21}
[2013/01/29 21:49:29 | 000,002,728 | ---- | C] () -- C:\{A10EB832-C1BA-4FBC-98D3-7A20FF5AEC1A}
[2013/01/29 21:33:35 | 000,002,248 | ---- | C] () -- C:\{3ECBC60E-1DEC-41AF-A8A0-D6C8078DE915}
[2013/01/29 21:32:07 | 000,002,776 | ---- | C] () -- C:\{FF233906-2ED8-448D-B051-46A467AC86F2}
[2013/01/29 21:29:15 | 000,003,072 | ---- | C] () -- C:\{126E6962-CFC2-47C7-AAA8-CC85A53B1E9B}
[2013/01/29 21:15:28 | 000,002,184 | ---- | C] () -- C:\{3FD3AA21-04E8-4E58-8CB3-DA62E3047100}
[2013/01/29 21:07:16 | 000,002,232 | ---- | C] () -- C:\{BB3C5C5D-E1F3-4783-BE93-D999D3012363}
[2013/01/29 21:04:47 | 000,002,232 | ---- | C] () -- C:\{B32FB8BA-3B1A-439E-B807-B57468B77CB8}
[2013/01/29 20:57:31 | 000,002,152 | ---- | C] () -- C:\{DCB80CD5-53F2-4FC4-957D-CD0CF38CAEF0}
[2013/01/29 20:24:09 | 000,002,624 | ---- | C] () -- C:\{B7D01DC5-4F0D-4BC6-A199-3925C00EA341}
[2013/01/29 20:21:36 | 000,002,640 | ---- | C] () -- C:\{D226AF0D-2A46-4193-B850-11B79722DACC}
[2013/01/29 09:51:49 | 000,026,900 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\dt.dat
[2013/01/29 07:43:03 | 000,000,920 | ---- | C] () -- C:\{3F531351-F57D-4BC3-9B34-4DAD9CBA2314}
[2013/01/29 03:31:03 | 000,001,014 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67340612.lnk
[2013/01/29 03:25:59 | 000,000,920 | ---- | C] () -- C:\{D316859A-F1A3-4461-820A-A4F2A757FD5B}
[2013/01/29 03:09:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 03:07:12 | 002,195,061 | ---- | C] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2013/01/28 19:33:35 | 001,298,981 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/01/28 11:10:45 | 000,001,014 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_28077654.lnk
[2013/01/28 11:07:38 | 159,056,520 | ---- | C] () -- C:\Users\Jennifer\Desktop\setup_11.0.0.1245.x01_2013_01_28_22_08.exe
[2013/01/20 02:18:58 | 000,355,761 | ---- | C] () -- C:\Users\Jennifer\Desktop\so troll.jpg
[2013/01/14 20:58:35 | 000,001,568 | ---- | C] () -- C:\Users\Jennifer\Desktop\Windows Media Player.lnk
[2012/12/07 14:11:22 | 000,000,210 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/06 21:46:00 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\5E97.exe
[2012/06/08 18:21:21 | 000,000,048 | ---- | C] () -- C:\Users\Jennifer\jagex_cl_runescape_LIVE2.dat
[2012/06/08 18:10:26 | 000,000,048 | ---- | C] () -- C:\Users\Jennifer\jagex_cl_runescape_LIVE1.dat
[2012/06/08 18:06:35 | 000,000,047 | ---- | C] () -- C:\Users\Jennifer\jagex_cl_runescape_LIVE.dat
[2011/12/30 14:47:47 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~FCo2LaVombtttg
[2011/12/30 14:47:47 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~FCo2LaVombtttgr
[2011/12/09 16:01:01 | 000,000,653 | -H-- | C] () -- C:\Users\Jennifer\Libraries - Shortcut.lnk
[2011/10/13 12:30:24 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/09 22:08:50 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/06/09 22:08:50 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/05/30 22:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/30 22:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/05/12 00:23:14 | 000,579,440 | ---- | C] () -- C:\Windows\SysWow64\NJUninst.exe
[2011/04/20 15:52:57 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/30 23:57:55 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011/03/18 06:39:08 | 000,000,111 | -H-- | C] () -- C:\Users\Jennifer\webct_upload_applet.properties
[2010/12/09 01:35:26 | 000,690,045 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmpIMAGEFROMCAMSCANNER.0
[2010/12/09 01:35:26 | 000,659,071 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmpIMAGEFROMCAMSCANNER.JPG
[2010/10/22 17:23:31 | 000,086,004 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.4
[2010/10/22 17:23:31 | 000,084,742 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.3
[2010/10/22 17:23:30 | 000,082,990 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.2
[2010/10/22 17:23:29 | 000,081,514 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.1
[2010/10/22 17:23:26 | 000,283,924 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.0
[2010/10/22 17:23:26 | 000,081,514 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\tmp07.JPG_780.JPG
[2010/07/09 04:07:18 | 000,000,096 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\fusioncache.dat
[2010/05/03 18:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/23 20:48:39 | 000,000,322 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/02/18 00:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/02/17 23:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/10 14:06:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/10 14:06:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/09/17 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.minecraft
[2010/02/07 02:15:08 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\acccore
[2012/10/17 14:34:28 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Azureus
[2010/11/27 13:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\BITS
[2011/06/09 22:28:08 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\BugTrap Console Test108
[2011/06/05 20:50:45 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ClientKeeper
[2011/02/14 01:14:51 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\DAEMON Tools Lite
[2013/01/30 03:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2010/11/27 13:26:03 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\FlashGet
[2010/11/27 13:26:01 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\FlashGetBHO
[2011/07/10 17:42:33 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\go
[2011/12/23 22:39:37 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\GrabPro
[2012/03/18 18:26:34 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ijjigame
[2011/11/26 01:38:47 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Leawo
[2010/10/04 18:05:13 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\LolClient
[2012/05/23 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LolClient2
[2013/01/29 03:20:13 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Orbit
[2013/01/28 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\pctsGui
[2011/12/22 16:38:22 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ProgSense
[2012/09/20 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\runic games
[2010/12/11 23:29:06 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Softland
[2010/03/13 02:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Spyware Terminator
[2010/12/13 15:51:59 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Subversion
[2012/02/11 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TeamViewer
[2009/12/31 18:53:26 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2013/01/28 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TestApp
[2011/11/28 22:34:26 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\TS3Client
[2011/06/08 00:01:58 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ts3overlay
[2012/12/13 14:14:46 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TuneUp Software
[2010/02/15 18:08:28 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2009/07/13 17:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\SysNative\qmgr.dll
[2009/07/13 17:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 13:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2009/06/10 13:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 18:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 18:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.MOF >
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 18:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 18:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2009/06/10 15:13:24 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor for Windows\Images\img16_16\services.png
[2009/06/10 15:13:38 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor for Windows\Images\img32_32\services.png
[2009/06/10 15:13:48 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor for Windows\Images\img64_64\services.png
[2009/06/10 15:13:42 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor for Windows\Images\img48_48\services.png
[2009/06/10 15:13:32 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor for Windows\Images\img24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 17:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 17:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 17:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 17:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST31000528AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD10EADS-65L5B1
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 917.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 14.00GB
Starting Offset: 985092433920
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00MB
Starting Offset: 1000202273280
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: ANDREW-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 F DVD-ROM 0 B No Media
Volume 2 C HP NTFS Partition 917 GB Healthy System
Volume 3 D FACTORY_IMA NTFS Partition 14 GB Healthy
Volume 4 K DATA NTFS Partition 931 GB Healthy
Volume 5 G Removable 0 B No Media
Volume 6 H Removable 0 B No Media
Volume 7 I Removable 0 B No Media
Volume 8 J Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BEB15613
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D06A4C76
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Edited by Kuripi, 30 January 2013 - 02:33 PM.

  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

The aswMbr scan shows you have a MBR rootkit.


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.

1.
Are any of your desktop icons missing?
2.
Is the Start menu missing programs of files?
3.
How about your Documents folder. Are the files in it visible?


Step-1.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Double click the RogueKiller.exe file to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again



Step-2.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • XP users, double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The RKeport.txt log
3. The AdwCleaner[R1].txt log
  • 0

#7
Kuripi

Kuripi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, thanks for all your help so far. I'd like to go with the clean-up option.

To answer your questions:
1) Not quite sure. I haven't noticed any go missing but my desktop isn't really organized.
2) Yes. Do you need to know which ones?
3) Yes. All my files are visible.

I tried to run RogueKiller. It stops around the 'Searching for Policy Hijacks' stage and the prompt to debug or close comes up. I've tried many times and it always stops around that part. Changing the name didn't affect it. So, I can't provide a log for that. Not sure what I can do next for that part of your request.

Edit: Finally got the RogueKiller to run. Here's the report.

RogueKiller Log

RogueKiller V8.4.3 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Jennifer [Admin rights]
Mode : Scan -- Date : 02/01/2013 03:59:47
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++
--- User ---
[MBR] 866e26c2c8bad09488cca9f6f0e2ff02
[BSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939457 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924008660 | Size: 14409 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953520065 | Size: 2 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-65L5B1 +++++
--- User ---
[MBR] 4eff27cfab8acfc7c580fd21d769cf11
[BSP] 9fb61f61819c83dae09b84fe613dc6b4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WD 2500BMV External USB Device +++++
--- User ---
[MBR] 9a29d9937d728b78118cd1d4e36b2787
[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_02012013_02d0359.txt >>
RKreport[1]_S_02012013_02d0359.txt


Edit: Re-ran the AdwCleaner with the new OS.

AdwCleaner Log

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 04:41:31
# Updated 26/01/2013 by Xplode
# Operating system : Windows 8 Pro (64 bits)
# User : Jennifer - JENNIFER-PC
# Boot Mode : Normal
# Running from : C:\Users\Jennifer\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\ri4t06mm.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [786 octets] - [01/02/2013 04:39:48]
AdwCleaner[R2].txt - [718 octets] - [01/02/2013 04:41:31]

########## EOF - C:\AdwCleaner[R2].txt - [777 octets] ##########

Edited by Kuripi, 01 February 2013 - 06:42 AM.

  • 0

#8
Kuripi

Kuripi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
After some thought and discussions with my family, I've decided that, reformatting and reinstalling the OS is the best route as of now. I don't plan on doing this anytime soon without your input as I would like to see what you have to say about this. And I would also like to know how to do this and ask for any information you have that could help/inform me of this process. Thank you very much for all the help so far! I hope to hear from you soon.

Edit#2: Sorry, nevermind it seems that one of my siblings became impatient with our computer and just decided to factory reset our computer and install Windows 8. I don't know if this will fix our problem, but thank you anyways for your help and support. If anything will come up, I hope I can still notify you in this forum. Thank you again for you help, and sorry for doing things without your input.

Edit#3: It seems like it survived the process as I'm still getting the Norton pop-ups. Ran aswMBR and the report is the same. I was reading up on similar cases and some of them stated that they were either a false positive on Norton's end because Norton doesn't understand that another program might of cleared the threat or deleting a partition in the harddrives seemed to clear it up. Would that be a possible route to go forward on? I checked my harddrives and found this and don't know if it's significant or not:

Unknown Volume - 2MB
Data (E:) - 931.51GB
Factory Image (D:) - 14.07GB
HP (C:) - 917.44GB

Thank you.

Edited by Kuripi, 01 February 2013 - 06:17 AM.

  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Unknown Volume - 2MB
Data (E:) - 931.51GB
Factory Image (D:) - 14.07GB
HP (C:) - 917.44GB

The problem is the Unknown Volume - 2MB. This particular rootkit creates a hidden partition on the hard drive. The only way to clean it is to remove the hidden partition.
Resetting to factory specifications won't clear it because that does not remove the hidden partition.
You are correct in that reformatting and reinstalling Windows is the only way to be sure that the computer is completely clean.
I don't know what, if any, problems might have been caused by your sibling's resetting the computer with Windows 7 on it back to factory specs and then installing Windows 8. I don't know if he/she did a clean install of Windows 8 or an upgrade from Windows 7 to Windows 8.

I would recommend now that you go to the Windows 8 O/S forum here and start a new topic explaining that the Malware Removal forum found zero access rootkit that creates a hidden partition on the hard drive and you have decided to reformat and reinstall windows. Put a link back to this topic so that they can see what we have already done and discussed.

Be sure to back up any personal files, pictures, documents etc; before the reformat and reinstall. They will tell you how if you don't know how.

If you wish, after the system has been reformatted and the new Windows installed, you can come back to this forum and open a new topic and we can check the new installation for any malware. You can put ATTN: godawgs in the topic header and then send me a PM and I will have a look, or you can just start the new topic and one of us will take a look for you.

But I would give you this further advice. Once you have started working with us here at G2G it is very important that no fixes are done or programs downloaded and run unless you are instructed to do so. Things like that make resolving your issue much harder.

Good luck.
  • 0

#10
Kuripi

Kuripi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi. Thank you for your reply. I will do as you have recommended and will see where to go from there. Thank you for all your help. :)

Edited by Kuripi, 01 February 2013 - 01:55 PM.

  • 0

#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP