Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast alert CWSinstaller, freezes, only safe mode works


  • Please log in to reply

#1
UnderSiege

UnderSiege

    Member

  • Member
  • PipPipPip
  • 104 posts
Hi Geeks,
I'm in need of your help again.

I've been referred here by G2G Technician phillpower2 from this thread http://www.geekstogo...allerexe-alert/ as I need to get a clean bill of health from malware.

The symptoms are:

  • Within the last week, my desktop has become increasingly unstable and prone to freezing, and needs a power-down to recover.
  • Now, I can only boot into Safe Mode. I have attempted a system restore to a point in time (before windows update) where it appeared to be working ok, but no success. Some possibly related incidents:
  • During latest virus scan, Avast alerted to CWSInstaller.exe in 2 locations, and this was sucessfully quarrantined.
  • I have run sfc / scannow. - no issues
  • Sometimes, during a normal boot sequence, I get the desktop, but this is followed by this dialogues box: "Logon process has failed to create the security options dialogue" I mostly get a black screen now.
  • In safe mode, I have scanned with Malware Bytes with no alerts
  • I cannot run any version of OTL
I'd be very grateful for any assistance again.

UnderSiege
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
See if you can get DDS to run:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)




1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.





Assuming you have the latest version of Avast, next time you sleep let it run a boot-time scan:


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.

Ron
  • 0

#3
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hello Ron,

Many thanks for picking up this thread.

Before I post all the data you requested, you should know that after my first post before your post I had run a full scan with MBAM and it detected an object in explorer.exe I took no action on this pending your advice
.
Here is the report:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.06

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Dad :: DAD-PC [administrator]

26/08/2013 06:44:28
mbam-log-2013-08-26 (08-04-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 477991
Time elapsed: 58 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Dad\Downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)


Here are the DDS reports

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16496
Run by Dad at 8:11:18 on 2013-08-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2034 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_x2416
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-23 37664]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-23 49376]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-23 175176]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-7-25 97008]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-9 770344]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-9 369584]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-8-15 330960]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-7-25 148688]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-7-25 222192]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-9 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-9 66336]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-9 46808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-7-14 27056]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-7-25 1435928]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-1-24 103424]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-26 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 ETService;Empowering Technology Service;c:\program files\packardbell\packard bell recovery management\service\ETService.exe [2008-10-30 24576]
S4 gupdate1c9c12cff370f10;Google Update Service (gupdate1c9c12cff370f10);c:\program files\google\update\GoogleUpdate.exe [2009-2-1 133104]
S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-7-14 497320]
S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
S4 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-18 1643184]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
.
=============== Created Last 30 ================
.
2013-08-26 07:04:55 54016 ----a-w- c:\windows\system32\drivers\hibiepbo.sys
2013-08-26 05:43:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-25 17:24:26 -------- d-----w- c:\program files\CPUID
2013-08-14 10:11:04 4774272 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-04 08:51:07 -------- d-----w- c:\users\dad\appdata\roaming\.oit
2013-08-04 08:51:06 -------- d-----w- c:\users\dad\appdata\roaming\NewSoft
2013-08-04 08:50:39 -------- d-----w- c:\users\dad\appdata\local\NewSoft
.
==================== Find3M ====================
.
2013-08-18 08:12:17 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-25 08:46:24 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-07-21 09:17:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-21 09:17:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-28 17:19:20 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 17:19:20 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 8:13:05.84 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09/04/2009 19:21:03
System Uptime: 26/08/2013 06:41:26 (2 hours ago)
.
Motherboard: Packard Bell BV | | MCP73PVT-PM
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 400.832 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&130421A5&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&130421A5&0
Service: i8042prt
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_9360\2004888
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_9360\2004888
Service: USBSTOR
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.5
AP3456
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASCE v4.0
avast! Free Antivirus
AVG Security Toolbar
BBC iPlayer Desktop
Belarc Advisor 8.3
Bonjour
BT Broadband Desktop Help
BT Broadband Support Tools
BTHomeHub
CCleaner
Classic FTP
Compatibility Pack for the 2007 Office system
CPUID HWMonitor 1.23
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
Disketch CD Label Software
Epson Easy Photo Print 2
Epson Event Manager
Epson Print CD
EPSON Printer Software
Epson Printer Software Downloader
EPSON PX710W Series Printer Uninstall
EPSON Scan
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
EpsonNet Print
EpsonNet Setup
ERUNT 1.1j
FileHippo.com Update Checker
GOM Player
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist Corporate
HDReg
Home Accounts 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC Rome USB Driver
HTC Sync for BrewMP
iCloud
Image Writer
iTunes
Java Auto Updater
LCD test
Lexmark Scan Center
Lexmark Software Uninstall
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Nero 8 Essentials
neroxml
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Packard Bell Recovery Management
PDF-XChange 3
Presto! PageManager 7.12.31
Rapport
Realtek High Definition Audio Driver
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup My PC
Sibelius Scorch (ActiveX Only)
SiSoftware Sandra Lite XI.SP1a (Win64/32/CE)
Skype Click to Call
Skype™ 6.0
Speccy
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Spotify
Stellarium 0.10.6.1
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Trusteer Endpoint Protection
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Updator
USB2.0 PC Camera (SN9C201&202)
Where is M13? version 2.3
WinPatrol
WMI Tools
YouTube Downloader Toolbar v4.7
YTD Video Downloader 3.9.4
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== End Of File ===========================



I have attached the sfc /scannow report.

Here is the eventviewer report for the system

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/08/2013 08:49:08

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2013 07:35:35
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 26/08/2013 07:35:16
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm i8042prt RapportKELL spldr Wanarpv6

Log: 'System' Date/Time: 26/08/2013 07:35:16
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 26/08/2013 07:35:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 26/08/2013 07:35:08
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Log: 'System' Date/Time: 26/08/2013 07:35:07
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 26/08/2013 07:35:00
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2013 07:34:35
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.



And here is the same for application

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/08/2013 09:01:49

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2013 07:35:16
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance

ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this

filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2013 07:35:07
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was

8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please

contact Microsoft Product Support Services to report this error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2013 07:34:58
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2013 07:33:18
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2013 07:33:17
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.


I wasn't able to execute a boot-time scan with Avast as the system continues to freeze during normal boots. So I ran a full scan in safe mode. Report here:

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: 26 August 2013 11:51:24
* VPS: 130825-0, 25/08/2013
*

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Boot\BCD [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\security [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\RegBack\SECURITY [E] The process cannot access the file because it is being used by another process (32)
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\Windows\Temp\ZLT05a77.TMP [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\RegBack\DEFAULT [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\RegBack\SAM [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\COMPONENTS.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Users\Dad\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Boot\BCD.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\sam [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\SYSTEM.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\software [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\DEFAULT.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Users\Dad\ntuser.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\catroot2\edb.log [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\SAM.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\SECURITY.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\SOFTWARE.LOG1 [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\ServiceProfiles\LocalService\ntuser.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Users\Dad\ntuser.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\default [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\RegBack\SYSTEM [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\system [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\RegBack\SOFTWARE [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\RegBack\COMPONENTS [E] The process cannot access the file because it is being used by another process (32)
C:\Windows\System32\config\components [E] The process cannot access the file because it is being used by another process (32)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\Users\Dad\AppData\Local\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
\\?\Volume{86706a6e-2532-11de-a095-806e6f6e6963}\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
Infected files: 0
Total files: 318483
Total folders: 32435
Total size: 132.2 GB

*
* Scan stopped: 26 August 2013 13:03:18
* Run-time was 1 hour(s), 11 minute(s), 54 second(s)
*





Thanks again

UnderSiege








Attached Files


Edited by UnderSiege, 26 August 2013 - 10:09 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Go ahead and let MBAM remove the thing it found:
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

We need to uninstall these but doubt you can do that in Safe Mode.

Uninstall:

YouTube Downloader Toolbar v4.7
YTD Video Downloader 3.9.4
ZoneAlarm Firewall
ZoneAlarm Free Firewall (If you must have a 3rd party firewall then try the free Online Armor. http://www.online-ar...-software.html.)

ZoneAlarm LTD Toolbar
ZoneAlarm Security (This one is also an anti-virus and will fight with Avast)

Instead, type: msconfig in the search box and wait for it to find it. Right click on msconfig and Run As Admin. Then under Startup uncheck everything. Under Services, first Check Hide Microsoft Services then uncheck everything that remains and Apply. OK Reboot. Hopefully you will be able to go into regular mode now. (Minimize msconfig when it comes up) If so, uninstall the programs in the above list. Then bring up msconfig, click on General then on Normal Startup. OK and reboot.
  • 0

#5
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
You are a genius :thumbsup: I have finally booted the computer normally. Here are the programs I uninstalled using the Control Panel > Programs and Features:

YouTube Downloader Toolbar v4.7 Yes
YTD Video Downloader 3.9.4 Yes
ZoneAlarm Firewall
ZoneAlarm Free Firewall Yes
ZoneAlarm LTD Toolbar
ZoneAlarm Security

I could not specifically find the others.

Here is a screenshot of MBAM quarantine chest

MBAM.jpg

Windows Update is prompting me to download and install the following updates:

update.jpg

I now need to reboot to complete the uninstallation
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Go ahead and reboot and let Windows updates install. You can let MBAM remove both files.

Can you now run OTL? If so:


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
MBAM infected objects deleted. Windows updates installed

I cannot run any version of OTL, however this has occurred before in a previous thread of mine: http://www.geekstogo..._1#entry2218373 and it may be just a peculiar quirk of this computer...
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
It was probably just the Zone Alarm "virus" but let's make sure:

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs including your browser and pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

I need to see the log so if you don't catch it then look at => C:\Combofix\Combofix.txt.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#9
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
OK - lots of report files... here we go

AdwCleaner

# AdwCleaner v3.001 - Report created 26/08/2013 at 21:04:04
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Dad\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Dad\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Dad\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v

[ File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fx6uefk1.default\prefs.js ]


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [3157 octets] - [26/08/2013 21:02:59]
AdwCleaner[S0].txt - [2924 octets] - [26/08/2013 21:04:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2984 octets] ##########


Junkware-Removal-Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Dad on 26/08/2013 at 21:11:33.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/08/2013 at 21:15:02.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


aswMBR.exe would not download. Not unless I was prepared to wait over 2 hours, which for a 4.5Mb file is not right. So I skipped that one for the time being.

ComboFix

ComboFix 13-08-25.01 - Dad 26/08/2013 21:30:52.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2093 [GMT 1:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-26 20:41 . 2013-08-26 20:41 -------- d-----w- c:\users\Dad\AppData\Local\temp
2013-08-26 20:41 . 2013-08-26 20:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-26 20:41 . 2013-08-26 20:41 -------- d-----w- c:\users\UpdatusUser.Dad-PC\AppData\Local\temp
2013-08-26 20:41 . 2013-08-26 20:41 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-08-26 20:11 . 2013-08-26 20:11 -------- d-----w- c:\windows\ERUNT
2013-08-26 20:02 . 2013-08-26 20:06 -------- d-----w- C:\AdwCleaner
2013-08-26 19:12 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-26 19:12 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-26 19:12 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-26 19:12 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-26 19:11 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-26 19:11 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-26 19:10 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-26 19:10 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-26 19:10 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-26 19:10 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-26 19:10 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-26 19:10 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-26 19:10 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-25 17:24 . 2013-08-25 17:24 -------- d-----w- c:\program files\CPUID
2013-08-14 10:11 . 2013-08-14 10:11 4774272 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-04 08:51 . 2013-08-04 08:51 -------- d-----w- c:\users\Dad\AppData\Roaming\.oit
2013-08-04 08:51 . 2013-08-04 08:51 -------- d-----w- c:\users\Dad\AppData\Roaming\NewSoft
2013-08-04 08:50 . 2013-08-04 08:50 -------- d-----w- c:\users\Dad\AppData\Local\NewSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 08:46 . 2013-07-25 08:46 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-07-21 09:17 . 2012-07-09 16:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-21 09:17 . 2012-07-09 16:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-28 17:19 . 2013-03-23 07:03 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-28 17:19 . 2012-07-09 16:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-28 17:19 . 2012-07-09 16:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-04 01:50 . 2013-07-11 13:35 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-11 13:35 505344 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-09 20:48 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-11-28 16:37 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2013-05-09 08:58 4858968 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 00:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPSSDMON]
2010-03-26 19:33 753664 ----a-w- c:\program files\Lexmark\Monitor\ACB\LMabMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-07-14 09:04 1104384 ----a-w- c:\users\Dad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2012-09-20 04:02 363752 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2007-07-18 16:15 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-03 05:13 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 09:17]
.
2013-08-24 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 11:43]
.
2011-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 12:39]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6ffe48569470.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 12:42]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc6ffe48a88500.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 12:42]
.
2013-08-26 c:\windows\Tasks\Recovery DVD Creator-Dad.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_x2416
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jaureg.exe
AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\progra~2\INSTAL~2\{A62F9~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 21:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-08-26 21:43:32
ComboFix-quarantined-files.txt 2013-08-26 20:43
.
Pre-Run: 427,548,127,232 bytes free
Post-Run: 427,301,507,072 bytes free
.
- - End Of File - - 79B1AFC1D701914CB75A1A59EA147092
5C616939100B85E558DA92B899A0FC36



TDSS Killer

21:47:33.0338 2588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:47:33.0674 2588 ============================================================
21:47:33.0674 2588 Current date / time: 2013/08/26 21:47:33.0674
21:47:33.0674 2588 SystemInfo:
21:47:33.0674 2588
21:47:33.0674 2588 OS Version: 6.0.6002 ServicePack: 2.0
21:47:33.0674 2588 Product type: Workstation
21:47:33.0675 2588 ComputerName: DAD-PC
21:47:33.0675 2588 UserName: Dad
21:47:33.0675 2588 Windows directory: C:\Windows
21:47:33.0675 2588 System windows directory: C:\Windows
21:47:33.0675 2588 Processor architecture: Intel x86
21:47:33.0675 2588 Number of processors: 4
21:47:33.0675 2588 Page size: 0x1000
21:47:33.0675 2588 Boot type: Normal boot
21:47:33.0675 2588 ============================================================
21:47:34.0080 2588 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:47:34.0083 2588 ============================================================
21:47:34.0083 2588 \Device\Harddisk0\DR0:
21:47:34.0083 2588 MBR partitions:
21:47:34.0084 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x494572B0
21:47:34.0084 2588 ============================================================
21:47:34.0109 2588 C: <-> \Device\Harddisk0\DR0\Partition1
21:47:34.0110 2588 ============================================================
21:47:34.0110 2588 Initialize success
21:47:34.0110 2588 ============================================================
21:47:43.0337 3852 ============================================================
21:47:43.0337 3852 Scan started
21:47:43.0337 3852 Mode: Manual;
21:47:43.0337 3852 ============================================================
21:47:43.0646 3852 ================ Scan system memory ========================
21:47:43.0646 3852 System memory - ok
21:47:43.0646 3852 ================ Scan services =============================
21:47:43.0802 3852 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:47:43.0806 3852 ACPI - ok
21:47:43.0881 3852 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
21:47:43.0883 3852 AdobeActiveFileMonitor6.0 - ok
21:47:43.0959 3852 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:47:43.0960 3852 AdobeARMservice - ok
21:47:44.0069 3852 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:47:44.0071 3852 AdobeFlashPlayerUpdateSvc - ok
21:47:44.0122 3852 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:47:44.0128 3852 adp94xx - ok
21:47:44.0145 3852 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:47:44.0150 3852 adpahci - ok
21:47:44.0164 3852 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:47:44.0166 3852 adpu160m - ok
21:47:44.0186 3852 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:47:44.0190 3852 adpu320 - ok
21:47:44.0239 3852 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:47:44.0240 3852 AeLookupSvc - ok
21:47:44.0292 3852 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:47:44.0297 3852 AFD - ok
21:47:44.0337 3852 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:47:44.0338 3852 agp440 - ok
21:47:44.0349 3852 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:47:44.0351 3852 aic78xx - ok
21:47:44.0366 3852 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:47:44.0368 3852 ALG - ok
21:47:44.0376 3852 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:47:44.0381 3852 aliide - ok
21:47:44.0425 3852 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:47:44.0426 3852 amdagp - ok
21:47:44.0439 3852 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:47:44.0441 3852 amdide - ok
21:47:44.0452 3852 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:47:44.0454 3852 AmdK7 - ok
21:47:44.0471 3852 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:47:44.0472 3852 AmdK8 - ok
21:47:44.0514 3852 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:47:44.0515 3852 Appinfo - ok
21:47:44.0595 3852 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:47:44.0597 3852 Apple Mobile Device - ok
21:47:44.0636 3852 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:47:44.0638 3852 arc - ok
21:47:44.0678 3852 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:47:44.0680 3852 arcsas - ok
21:47:44.0725 3852 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:47:44.0727 3852 aswFsBlk - ok
21:47:44.0772 3852 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:47:44.0774 3852 aswMonFlt - ok
21:47:44.0793 3852 [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
21:47:44.0795 3852 AswRdr - ok
21:47:44.0836 3852 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
21:47:44.0837 3852 aswRvrt - ok
21:47:44.0875 3852 [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:47:44.0892 3852 aswSnx - ok
21:47:44.0932 3852 [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:47:44.0937 3852 aswSP - ok
21:47:44.0966 3852 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:47:44.0968 3852 aswTdi - ok
21:47:45.0000 3852 [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
21:47:45.0004 3852 aswVmm - ok
21:47:45.0037 3852 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:45.0038 3852 AsyncMac - ok
21:47:45.0077 3852 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:47:45.0077 3852 atapi - ok
21:47:45.0141 3852 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:47:45.0146 3852 AudioEndpointBuilder - ok
21:47:45.0157 3852 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:47:45.0160 3852 Audiosrv - ok
21:47:45.0225 3852 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:47:45.0226 3852 avast! Antivirus - ok
21:47:45.0275 3852 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:47:45.0276 3852 Beep - ok
21:47:45.0332 3852 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:47:45.0337 3852 BFE - ok
21:47:45.0406 3852 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
21:47:45.0423 3852 BITS - ok
21:47:45.0439 3852 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:47:45.0440 3852 blbdrive - ok
21:47:45.0513 3852 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:47:45.0518 3852 Bonjour Service - ok
21:47:45.0561 3852 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:47:45.0563 3852 bowser - ok
21:47:45.0600 3852 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:47:45.0602 3852 BrFiltLo - ok
21:47:45.0614 3852 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:47:45.0615 3852 BrFiltUp - ok
21:47:45.0646 3852 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:47:45.0649 3852 Browser - ok
21:47:45.0665 3852 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:47:45.0668 3852 Brserid - ok
21:47:45.0686 3852 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:47:45.0688 3852 BrSerWdm - ok
21:47:45.0705 3852 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:47:45.0706 3852 BrUsbMdm - ok
21:47:45.0723 3852 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:47:45.0725 3852 BrUsbSer - ok
21:47:45.0744 3852 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:47:45.0747 3852 BTHMODEM - ok
21:47:45.0827 3852 catchme - ok
21:47:45.0870 3852 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:47:45.0872 3852 cdfs - ok
21:47:45.0901 3852 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:47:45.0903 3852 cdrom - ok
21:47:45.0957 3852 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:47:45.0959 3852 CertPropSvc - ok
21:47:45.0975 3852 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:47:45.0976 3852 circlass - ok
21:47:46.0016 3852 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:47:46.0020 3852 CLFS - ok
21:47:46.0094 3852 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:46.0097 3852 clr_optimization_v2.0.50727_32 - ok
21:47:46.0205 3852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:47:46.0207 3852 clr_optimization_v4.0.30319_32 - ok
21:47:46.0221 3852 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:47:46.0222 3852 cmdide - ok
21:47:46.0235 3852 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:47:46.0237 3852 Compbatt - ok
21:47:46.0242 3852 COMSysApp - ok
21:47:46.0270 3852 cpuz135 - ok
21:47:46.0279 3852 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:47:46.0281 3852 crcdisk - ok
21:47:46.0318 3852 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:47:46.0319 3852 Crusoe - ok
21:47:46.0363 3852 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:47:46.0365 3852 CryptSvc - ok
21:47:46.0548 3852 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:47:46.0556 3852 DcomLaunch - ok
21:47:46.0597 3852 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:47:46.0600 3852 DfsC - ok
21:47:46.0665 3852 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:47:46.0708 3852 DFSR - ok
21:47:46.0760 3852 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:47:46.0765 3852 Dhcp - ok
21:47:46.0808 3852 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:47:46.0810 3852 disk - ok
21:47:46.0868 3852 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:47:46.0871 3852 Dnscache - ok
21:47:46.0909 3852 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:47:46.0913 3852 dot3svc - ok
21:47:46.0965 3852 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:47:46.0968 3852 DPS - ok
21:47:47.0016 3852 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:47:47.0017 3852 drmkaud - ok
21:47:47.0060 3852 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:47:47.0077 3852 DXGKrnl - ok
21:47:47.0118 3852 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:47:47.0121 3852 E1G60 - ok
21:47:47.0163 3852 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:47:47.0166 3852 EapHost - ok
21:47:47.0219 3852 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:47:47.0222 3852 Ecache - ok
21:47:47.0244 3852 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:47:47.0249 3852 ehRecvr - ok
21:47:47.0254 3852 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:47:47.0257 3852 ehSched - ok
21:47:47.0271 3852 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:47:47.0272 3852 ehstart - ok
21:47:47.0313 3852 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:47:47.0319 3852 elxstor - ok
21:47:47.0369 3852 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:47:47.0386 3852 EMDMgmt - ok
21:47:47.0481 3852 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
21:47:47.0484 3852 EPSON_EB_RPCV4_01 - ok
21:47:47.0497 3852 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:47:47.0499 3852 EPSON_PM_RPCV4_01 - ok
21:47:47.0542 3852 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:47:47.0544 3852 ErrDev - ok
21:47:47.0611 3852 [ 23112102BC2A8FE44B8AC44A05BDF4C3 ] ETService C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
21:47:47.0613 3852 ETService - ok
21:47:47.0662 3852 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:47:47.0665 3852 EventSystem - ok
21:47:47.0716 3852 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:47:47.0718 3852 exfat - ok
21:47:47.0755 3852 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:47:47.0759 3852 fastfat - ok
21:47:47.0774 3852 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:47:47.0776 3852 fdc - ok
21:47:47.0812 3852 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:47:47.0815 3852 fdPHost - ok
21:47:47.0826 3852 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:47:47.0828 3852 FDResPub - ok
21:47:47.0864 3852 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:47:47.0865 3852 FileInfo - ok
21:47:47.0879 3852 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:47:47.0880 3852 Filetrace - ok
21:47:47.0938 3852 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:47:47.0955 3852 FLEXnet Licensing Service - ok
21:47:47.0975 3852 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:47.0977 3852 flpydisk - ok
21:47:48.0016 3852 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:47:48.0019 3852 FltMgr - ok
21:47:48.0111 3852 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll
21:47:48.0128 3852 FontCache - ok
21:47:48.0196 3852 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:47:48.0197 3852 FontCache3.0.0.0 - ok
21:47:48.0213 3852 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:47:48.0215 3852 Fs_Rec - ok
21:47:48.0228 3852 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:47:48.0230 3852 gagp30kx - ok
21:47:48.0267 3852 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:48.0268 3852 GEARAspiWDM - ok
21:47:48.0313 3852 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
21:47:48.0315 3852 giveio - ok
21:47:48.0394 3852 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
21:47:48.0395 3852 GoToAssist - ok
21:47:48.0438 3852 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:47:48.0454 3852 gpsvc - ok
21:47:48.0512 3852 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9c12cff370f10 C:\Program Files\Google\Update\GoogleUpdate.exe
21:47:48.0514 3852 gupdate1c9c12cff370f10 - ok
21:47:48.0535 3852 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:47:48.0537 3852 gupdatem - ok
21:47:48.0570 3852 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:47:48.0573 3852 gusvc - ok
21:47:48.0600 3852 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:47:48.0604 3852 HdAudAddService - ok
21:47:48.0649 3852 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:48.0666 3852 HDAudBus - ok
21:47:48.0692 3852 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:47:48.0694 3852 HidBth - ok
21:47:48.0706 3852 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:47:48.0708 3852 HidIr - ok
21:47:48.0743 3852 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
21:47:48.0746 3852 hidserv - ok
21:47:48.0784 3852 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:47:48.0785 3852 HidUsb - ok
21:47:48.0797 3852 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:47:48.0801 3852 hkmsvc - ok
21:47:48.0820 3852 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:47:48.0822 3852 HpCISSs - ok
21:47:48.0885 3852 [ 86DBE249D4A1B3BAB6049C7CE6EF6272 ] HtcVCom32 C:\Windows\system32\DRIVERS\HtcVComV32.sys
21:47:48.0888 3852 HtcVCom32 - ok
21:47:48.0937 3852 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:47:48.0943 3852 HTTP - ok
21:47:48.0964 3852 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:47:48.0965 3852 i2omp - ok
21:47:49.0015 3852 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:47:49.0017 3852 i8042prt - ok
21:47:49.0032 3852 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:47:49.0036 3852 iaStorV - ok
21:47:49.0090 3852 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:47:49.0107 3852 idsvc - ok
21:47:49.0135 3852 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:47:49.0137 3852 iirsp - ok
21:47:49.0181 3852 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:47:49.0198 3852 IKEEXT - ok
21:47:49.0247 3852 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
21:47:49.0248 3852 int15 - ok
21:47:49.0273 3852 IntcAzAudAddService - ok
21:47:49.0310 3852 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:47:49.0312 3852 intelide - ok
21:47:49.0326 3852 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:47:49.0328 3852 intelppm - ok
21:47:49.0350 3852 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:47:49.0353 3852 IPBusEnum - ok
21:47:49.0375 3852 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:49.0377 3852 IpFilterDriver - ok
21:47:49.0413 3852 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:47:49.0418 3852 iphlpsvc - ok
21:47:49.0422 3852 IpInIp - ok
21:47:49.0458 3852 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:47:49.0460 3852 IPMIDRV - ok
21:47:49.0470 3852 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:47:49.0472 3852 IPNAT - ok
21:47:49.0537 3852 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:47:49.0554 3852 iPod Service - ok
21:47:49.0594 3852 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:47:49.0596 3852 IRENUM - ok
21:47:49.0606 3852 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:47:49.0608 3852 isapnp - ok
21:47:49.0640 3852 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:47:49.0643 3852 iScsiPrt - ok
21:47:49.0652 3852 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:47:49.0654 3852 iteatapi - ok
21:47:49.0690 3852 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:47:49.0692 3852 iteraid - ok
21:47:49.0703 3852 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:49.0704 3852 kbdclass - ok
21:47:49.0723 3852 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:47:49.0724 3852 kbdhid - ok
21:47:49.0763 3852 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:47:49.0766 3852 KeyIso - ok
21:47:49.0818 3852 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:47:49.0838 3852 KSecDD - ok
21:47:49.0936 3852 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:47:49.0953 3852 KtmRm - ok
21:47:49.0986 3852 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
21:47:49.0993 3852 LanmanServer - ok
21:47:50.0047 3852 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:47:50.0052 3852 LanmanWorkstation - ok
21:47:50.0079 3852 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:47:50.0081 3852 lltdio - ok
21:47:50.0099 3852 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:47:50.0104 3852 lltdsvc - ok
21:47:50.0132 3852 lmab_device - ok
21:47:50.0161 3852 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:47:50.0164 3852 lmhosts - ok
21:47:50.0221 3852 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:47:50.0223 3852 LSI_FC - ok
21:47:50.0239 3852 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:47:50.0241 3852 LSI_SAS - ok
21:47:50.0250 3852 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:47:50.0252 3852 LSI_SCSI - ok
21:47:50.0262 3852 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:47:50.0265 3852 luafv - ok
21:47:50.0324 3852 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
21:47:50.0325 3852 LUsbFilt - ok
21:47:50.0400 3852 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:47:50.0401 3852 LVPr2Mon - ok
21:47:50.0440 3852 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:47:50.0443 3852 LVPrcSrv - ok
21:47:50.0495 3852 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
21:47:50.0500 3852 LVRS - ok
21:47:50.0522 3852 [ 5F987FC1AAD215EC2C60CF07719B1CCE ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
21:47:50.0524 3852 LVUSBSta - ok
21:47:50.0600 3852 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
21:47:50.0605 3852 McciCMService - ok
21:47:50.0636 3852 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:47:50.0640 3852 Mcx2Svc - ok
21:47:50.0672 3852 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:47:50.0674 3852 megasas - ok
21:47:50.0689 3852 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:47:50.0697 3852 MegaSR - ok
21:47:50.0760 3852 Microsoft SharePoint Workspace Audit Service - ok
21:47:50.0781 3852 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:47:50.0784 3852 MMCSS - ok
21:47:50.0795 3852 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:47:50.0797 3852 Modem - ok
21:47:50.0813 3852 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:47:50.0814 3852 monitor - ok
21:47:50.0824 3852 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:47:50.0825 3852 mouclass - ok
21:47:50.0835 3852 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:47:50.0837 3852 mouhid - ok
21:47:50.0846 3852 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:47:50.0848 3852 MountMgr - ok
21:47:50.0891 3852 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:47:50.0894 3852 mpio - ok
21:47:50.0908 3852 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:47:50.0910 3852 mpsdrv - ok
21:47:50.0945 3852 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:47:50.0963 3852 MpsSvc - ok
21:47:50.0977 3852 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:47:50.0979 3852 Mraid35x - ok
21:47:50.0997 3852 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:47:50.0999 3852 MREMP50 - ok
21:47:51.0004 3852 MREMPR5 - ok
21:47:51.0010 3852 MRENDIS5 - ok
21:47:51.0020 3852 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:47:51.0022 3852 MRESP50 - ok
21:47:51.0041 3852 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:47:51.0044 3852 MRxDAV - ok
21:47:51.0082 3852 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:51.0084 3852 mrxsmb - ok
21:47:51.0107 3852 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:51.0112 3852 mrxsmb10 - ok
21:47:51.0124 3852 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:51.0126 3852 mrxsmb20 - ok
21:47:51.0159 3852 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:47:51.0160 3852 msahci - ok
21:47:51.0176 3852 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:47:51.0179 3852 msdsm - ok
21:47:51.0191 3852 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:47:51.0195 3852 MSDTC - ok
21:47:51.0211 3852 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:47:51.0212 3852 Msfs - ok
21:47:51.0252 3852 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:47:51.0254 3852 msisadrv - ok
21:47:51.0274 3852 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:47:51.0278 3852 MSiSCSI - ok
21:47:51.0283 3852 msiserver - ok
21:47:51.0324 3852 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:47:51.0331 3852 MSKSSRV - ok
21:47:51.0370 3852 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:51.0371 3852 MSPCLOCK - ok
21:47:51.0415 3852 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:47:51.0417 3852 MSPQM - ok
21:47:51.0454 3852 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:47:51.0457 3852 MsRPC - ok
21:47:51.0476 3852 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:47:51.0477 3852 mssmbios - ok
21:47:51.0489 3852 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:47:51.0490 3852 MSTEE - ok
21:47:51.0511 3852 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:47:51.0513 3852 Mup - ok
21:47:51.0538 3852 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:47:51.0555 3852 napagent - ok
21:47:51.0599 3852 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:47:51.0602 3852 NativeWifiP - ok
21:47:51.0648 3852 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:47:51.0652 3852 NDIS - ok
21:47:51.0692 3852 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:51.0694 3852 NdisTapi - ok
21:47:51.0704 3852 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:51.0706 3852 Ndisuio - ok
21:47:51.0745 3852 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:51.0748 3852 NdisWan - ok
21:47:51.0763 3852 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:47:51.0765 3852 NDProxy - ok
21:47:51.0820 3852 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:47:51.0838 3852 Nero BackItUp Scheduler 3 - ok
21:47:51.0851 3852 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:47:51.0853 3852 NetBIOS - ok
21:47:51.0894 3852 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:47:51.0898 3852 netbt - ok
21:47:51.0903 3852 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:47:51.0907 3852 Netlogon - ok
21:47:51.0932 3852 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:47:51.0941 3852 Netman - ok
21:47:51.0952 3852 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:47:51.0960 3852 netprofm - ok
21:47:51.0970 3852 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:47:51.0972 3852 NetTcpPortSharing - ok
21:47:51.0984 3852 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:47:51.0986 3852 nfrd960 - ok
21:47:52.0003 3852 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:47:52.0009 3852 NlaSvc - ok
21:47:52.0063 3852 [ CD4326BC339F98DE21AA07B208A305AE ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:47:52.0080 3852 NMIndexingService - ok
21:47:52.0105 3852 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:47:52.0107 3852 Npfs - ok
21:47:52.0128 3852 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:47:52.0132 3852 nsi - ok
21:47:52.0143 3852 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:47:52.0144 3852 nsiproxy - ok
21:47:52.0194 3852 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:47:52.0220 3852 Ntfs - ok
21:47:52.0235 3852 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:47:52.0237 3852 ntrigdigi - ok
21:47:52.0250 3852 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:47:52.0251 3852 Null - ok
21:47:52.0296 3852 [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:47:52.0298 3852 NVHDA - ok
21:47:52.0567 3852 [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:47:52.0746 3852 nvlddmkm - ok
21:47:52.0771 3852 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:47:52.0774 3852 nvraid - ok
21:47:52.0784 3852 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:47:52.0786 3852 nvstor - ok
21:47:52.0806 3852 [ D05F6E26AC960474494356FE703D61BE ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
21:47:52.0807 3852 nvstor32 - ok
21:47:52.0869 3852 [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:47:52.0887 3852 nvsvc - ok
21:47:52.0976 3852 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:47:53.0003 3852 nvUpdatusService - ok
21:47:53.0033 3852 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:47:53.0036 3852 nv_agp - ok
21:47:53.0044 3852 NwlnkFlt - ok
21:47:53.0055 3852 NwlnkFwd - ok
21:47:53.0076 3852 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:47:53.0079 3852 ohci1394 - ok
21:47:53.0128 3852 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:47:53.0131 3852 ose - ok
21:47:53.0305 3852 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:47:53.0385 3852 osppsvc - ok
21:47:53.0586 3852 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:47:53.0636 3852 p2pimsvc - ok
21:47:53.0649 3852 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:47:53.0657 3852 p2psvc - ok
21:47:53.0670 3852 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:47:53.0672 3852 Parport - ok
21:47:53.0712 3852 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:47:53.0714 3852 partmgr - ok
21:47:53.0728 3852 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:47:53.0730 3852 Parvdm - ok
21:47:53.0745 3852 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:47:53.0750 3852 PcaSvc - ok
21:47:53.0783 3852 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:47:53.0786 3852 pci - ok
21:47:53.0829 3852 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
21:47:53.0830 3852 pciide - ok
21:47:53.0849 3852 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:47:53.0852 3852 pcmcia - ok
21:47:53.0875 3852 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:47:53.0893 3852 PEAUTH - ok
21:47:53.0912 3852 [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
21:47:53.0913 3852 pepifilter - ok
21:47:54.0131 3852 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
21:47:54.0182 3852 PID_PEPI - ok
21:47:54.0235 3852 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:47:54.0276 3852 pla - ok
21:47:54.0286 3852 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:47:54.0289 3852 PLFlash DeviceIoControl Service - ok
21:47:54.0332 3852 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:47:54.0349 3852 PlugPlay - ok
21:47:54.0377 3852 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:47:54.0385 3852 PNRPAutoReg - ok
21:47:54.0403 3852 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:47:54.0411 3852 PNRPsvc - ok
21:47:54.0447 3852 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:47:54.0451 3852 PolicyAgent - ok
21:47:54.0486 3852 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:47:54.0488 3852 PptpMiniport - ok
21:47:54.0504 3852 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:47:54.0506 3852 Processor - ok
21:47:54.0554 3852 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:47:54.0560 3852 ProfSvc - ok
21:47:54.0572 3852 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:47:54.0575 3852 ProtectedStorage - ok
21:47:54.0612 3852 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:47:54.0614 3852 PSched - ok
21:47:54.0620 3852 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:47:54.0622 3852 PxHelp20 - ok
21:47:54.0672 3852 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:47:54.0698 3852 ql2300 - ok
21:47:54.0706 3852 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:47:54.0709 3852 ql40xx - ok
21:47:54.0729 3852 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:47:54.0746 3852 QWAVE - ok
21:47:54.0772 3852 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:47:54.0774 3852 QWAVEdrv - ok
21:47:54.0981 3852 [ B5909D985716A9CD8B75C12D6581426D ] RapportCerberus_56758 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
21:47:54.0986 3852 RapportCerberus_56758 - ok
21:47:55.0078 3852 [ F5404F3F7D4144B0AC189ECDA3897903 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
21:47:55.0081 3852 RapportEI - ok
21:47:55.0130 3852 [ 0F6F23F706BE4351E55A7D2BF0EE649A ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
21:47:55.0132 3852 RapportKELL - ok
21:47:55.0210 3852 [ 0126DCDB97D7843659738A00BD5668D0 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
21:47:55.0234 3852 RapportMgmtService - ok
21:47:55.0275 3852 [ B1EAB64AD062DF0871A354647EB4B7C5 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
21:47:55.0277 3852 RapportPG - ok
21:47:55.0295 3852 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:47:55.0297 3852 RasAcd - ok
21:47:55.0310 3852 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:47:55.0315 3852 RasAuto - ok
21:47:55.0344 3852 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:55.0346 3852 Rasl2tp - ok
21:47:55.0391 3852 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:47:55.0408 3852 RasMan - ok
21:47:55.0431 3852 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:55.0433 3852 RasPppoe - ok
21:47:55.0454 3852 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:47:55.0457 3852 RasSstp - ok
21:47:55.0476 3852 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:47:55.0480 3852 rdbss - ok
21:47:55.0500 3852 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:55.0502 3852 RDPCDD - ok
21:47:55.0522 3852 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:47:55.0526 3852 rdpdr - ok
21:47:55.0532 3852 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:47:55.0533 3852 RDPENCDD - ok
21:47:55.0599 3852 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:47:55.0602 3852 RDPWD - ok
21:47:55.0650 3852 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:47:55.0654 3852 RemoteAccess - ok
21:47:55.0718 3852 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:47:55.0723 3852 RemoteRegistry - ok
21:47:55.0754 3852 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:47:55.0758 3852 RpcLocator - ok
21:47:55.0823 3852 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:47:55.0831 3852 RpcSs - ok
21:47:55.0841 3852 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:47:55.0843 3852 rspndr - ok
21:47:55.0884 3852 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
21:47:55.0886 3852 RTL8169 - ok
21:47:55.0891 3852 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:47:55.0894 3852 SamSs - ok
21:47:55.0906 3852 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:47:55.0909 3852 sbp2port - ok
21:47:55.0956 3852 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:47:55.0961 3852 SCardSvr - ok
21:47:56.0003 3852 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:47:56.0028 3852 Schedule - ok
21:47:56.0040 3852 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:47:56.0042 3852 SCPolicySvc - ok
21:47:56.0057 3852 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:47:56.0063 3852 SDRSVC - ok
21:47:56.0078 3852 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:47:56.0080 3852 secdrv - ok
21:47:56.0090 3852 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:47:56.0095 3852 seclogon - ok
21:47:56.0110 3852 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:47:56.0115 3852 SENS - ok
21:47:56.0123 3852 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:47:56.0125 3852 Serenum - ok
21:47:56.0138 3852 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:47:56.0141 3852 Serial - ok
21:47:56.0154 3852 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:47:56.0156 3852 sermouse - ok
21:47:56.0176 3852 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:47:56.0181 3852 SessionEnv - ok
21:47:56.0186 3852 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:47:56.0188 3852 sffdisk - ok
21:47:56.0201 3852 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:47:56.0202 3852 sffp_mmc - ok
21:47:56.0218 3852 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:47:56.0220 3852 sffp_sd - ok
21:47:56.0227 3852 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:47:56.0229 3852 sfloppy - ok
21:47:56.0248 3852 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:47:56.0254 3852 SharedAccess - ok
21:47:56.0284 3852 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:47:56.0290 3852 ShellHWDetection - ok
21:47:56.0295 3852 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:47:56.0298 3852 sisagp - ok
21:47:56.0310 3852 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:47:56.0312 3852 SiSRaid2 - ok
21:47:56.0326 3852 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:47:56.0328 3852 SiSRaid4 - ok
21:47:56.0488 3852 [ D0776778A9FC5E37F2E9EB21FC8A9709 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:47:56.0568 3852 Skype C2C Service - ok
21:47:56.0646 3852 [ DA38A963015B4217527AFB9E7DDD72F4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:47:56.0648 3852 SkypeUpdate - ok
21:47:56.0778 3852 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:47:56.0835 3852 slsvc - ok
21:47:56.0876 3852 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:47:56.0881 3852 SLUINotify - ok
21:47:56.0918 3852 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:47:56.0921 3852 Smb - ok
21:47:56.0948 3852 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:47:56.0953 3852 SNMPTRAP - ok
21:47:56.0991 3852 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\Windows\system32\speedfan.sys
21:47:56.0996 3852 speedfan - ok
21:47:57.0006 3852 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:47:57.0008 3852 spldr - ok
21:47:57.0024 3852 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:47:57.0030 3852 Spooler - ok
21:47:57.0060 3852 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:47:57.0065 3852 srv - ok
21:47:57.0104 3852 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:47:57.0108 3852 srv2 - ok
21:47:57.0150 3852 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:47:57.0153 3852 srvnet - ok
21:47:57.0162 3852 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:47:57.0168 3852 SSDPSRV - ok
21:47:57.0204 3852 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:47:57.0210 3852 SstpSvc - ok
21:47:57.0254 3852 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:47:57.0271 3852 stisvc - ok
21:47:57.0280 3852 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:47:57.0282 3852 swenum - ok
21:47:57.0323 3852 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:47:57.0340 3852 swprv - ok
21:47:57.0361 3852 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:47:57.0363 3852 Symc8xx - ok
21:47:57.0373 3852 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:47:57.0375 3852 Sym_hi - ok
21:47:57.0391 3852 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:47:57.0393 3852 Sym_u3 - ok
21:47:57.0439 3852 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:47:57.0456 3852 SysMain - ok
21:47:57.0475 3852 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:47:57.0481 3852 TabletInputService - ok
21:47:57.0521 3852 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:47:57.0527 3852 TapiSrv - ok
21:47:57.0541 3852 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:47:57.0546 3852 TBS - ok
21:47:57.0631 3852 [ 6D0D344F643E28B31262AC2682109A3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:47:57.0646 3852 Tcpip - ok
21:47:57.0673 3852 [ 6D0D344F643E28B31262AC2682109A3C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:47:57.0681 3852 Tcpip6 - ok
21:47:57.0719 3852 [ 5877A786EF27E42C4E84D1356F922302 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:47:57.0721 3852 tcpipreg - ok
21:47:57.0731 3852 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:47:57.0732 3852 TDPIPE - ok
21:47:57.0740 3852 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:47:57.0742 3852 TDTCP - ok
21:47:57.0776 3852 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:47:57.0778 3852 tdx - ok
21:47:57.0796 3852 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:47:57.0799 3852 TermDD - ok
21:47:57.0816 3852 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:47:57.0832 3852 TermService - ok
21:47:57.0851 3852 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:47:57.0856 3852 Themes - ok
21:47:57.0873 3852 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:47:57.0876 3852 THREADORDER - ok
21:47:57.0944 3852 [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:47:57.0947 3852 TomTomHOMEService - ok
21:47:57.0973 3852 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:47:57.0978 3852 TrkWks - ok
21:47:58.0028 3852 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:47:58.0029 3852 TrustedInstaller - ok
21:47:58.0089 3852 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:58.0091 3852 tssecsrv - ok
21:47:58.0108 3852 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:47:58.0109 3852 tunmp - ok
21:47:58.0148 3852 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:47:58.0150 3852 tunnel - ok
21:47:58.0166 3852 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:47:58.0168 3852 uagp35 - ok
21:47:58.0202 3852 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:47:58.0206 3852 udfs - ok
21:47:58.0249 3852 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:47:58.0255 3852 UI0Detect - ok
21:47:58.0268 3852 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:47:58.0270 3852 uliagpkx - ok
21:47:58.0286 3852 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:47:58.0290 3852 uliahci - ok
21:47:58.0301 3852 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:47:58.0303 3852 UlSata - ok
21:47:58.0315 3852 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:47:58.0322 3852 ulsata2 - ok
21:47:58.0338 3852 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:47:58.0340 3852 umbus - ok
21:47:58.0362 3852 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:47:58.0368 3852 upnphost - ok
21:47:58.0426 3852 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:47:58.0428 3852 USBAAPL - ok
21:47:58.0489 3852 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:47:58.0491 3852 usbaudio - ok
21:47:58.0533 3852 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:58.0535 3852 usbccgp - ok
21:47:58.0580 3852 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:47:58.0583 3852 usbcir - ok
21:47:58.0615 3852 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:47:58.0617 3852 usbehci - ok
21:47:58.0635 3852 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:47:58.0639 3852 usbhub - ok
21:47:58.0650 3852 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:47:58.0652 3852 usbohci - ok
21:47:58.0675 3852 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:47:58.0676 3852 usbprint - ok
21:47:58.0723 3852 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:47:58.0725 3852 usbscan - ok
21:47:58.0741 3852 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:58.0743 3852 USBSTOR - ok
21:47:58.0755 3852 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:47:58.0757 3852 usbuhci - ok
21:47:58.0799 3852 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:47:58.0804 3852 UxSms - ok
21:47:58.0841 3852 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:47:58.0851 3852 vds - ok
21:47:58.0886 3852 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:58.0888 3852 vga - ok
21:47:58.0901 3852 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:47:58.0903 3852 VgaSave - ok
21:47:58.0920 3852 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:47:58.0922 3852 viaagp - ok
21:47:58.0937 3852 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:47:58.0939 3852 ViaC7 - ok
21:47:58.0953 3852 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:47:58.0955 3852 viaide - ok
21:47:58.0969 3852 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:47:58.0972 3852 volmgr - ok
21:47:59.0009 3852 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:47:59.0014 3852 volmgrx - ok
21:47:59.0067 3852 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:47:59.0072 3852 volsnap - ok
21:47:59.0088 3852 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:47:59.0091 3852 vsmraid - ok
21:47:59.0120 3852 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:47:59.0132 3852 VSS - ok
21:47:59.0170 3852 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:47:59.0187 3852 W32Time - ok
21:47:59.0199 3852 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:47:59.0201 3852 WacomPen - ok
21:47:59.0211 3852 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:47:59.0214 3852 Wanarp - ok
21:47:59.0218 3852 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:47:59.0221 3852 Wanarpv6 - ok
21:47:59.0238 3852 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:47:59.0255 3852 wcncsvc - ok
21:47:59.0281 3852 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:47:59.0287 3852 WcsPlugInService - ok
21:47:59.0296 3852 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:47:59.0298 3852 Wd - ok
21:47:59.0344 3852 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:47:59.0361 3852 Wdf01000 - ok
21:47:59.0401 3852 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:47:59.0407 3852 WdiServiceHost - ok
21:47:59.0411 3852 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:47:59.0416 3852 WdiSystemHost - ok
21:47:59.0458 3852 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:47:59.0466 3852 WebClient - ok
21:47:59.0488 3852 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:47:59.0497 3852 Wecsvc - ok
21:47:59.0512 3852 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:47:59.0517 3852 wercplsupport - ok
21:47:59.0557 3852 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:47:59.0563 3852 WerSvc - ok
21:47:59.0584 3852 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:47:59.0589 3852 WinDefend - ok
21:47:59.0595 3852 WinHttpAutoProxySvc - ok
21:47:59.0643 3852 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:47:59.0646 3852 Winmgmt - ok
21:47:59.0692 3852 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:47:59.0718 3852 WinRM - ok
21:47:59.0889 3852 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:47:59.0901 3852 Wlansvc - ok
21:47:59.0927 3852 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:47:59.0929 3852 WmiAcpi - ok
21:47:59.0967 3852 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:47:59.0971 3852 wmiApSrv - ok
21:48:00.0002 3852 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:48:00.0019 3852 WMPNetworkSvc - ok
21:48:00.0037 3852 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:48:00.0054 3852 WPCSvc - ok
21:48:00.0089 3852 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:48:00.0095 3852 WPDBusEnum - ok
21:48:00.0115 3852 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:48:00.0117 3852 WpdUsb - ok
21:48:00.0252 3852 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:48:00.0258 3852 WPFFontCache_v0400 - ok
21:48:00.0273 3852 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:48:00.0275 3852 ws2ifsl - ok
21:48:00.0300 3852 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
21:48:00.0305 3852 wscsvc - ok
21:48:00.0310 3852 WSearch - ok
21:48:00.0465 3852 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:48:00.0507 3852 wuauserv - ok
21:48:00.0554 3852 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:48:00.0557 3852 WudfPf - ok
21:48:00.0604 3852 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:00.0608 3852 WUDFRd - ok
21:48:00.0624 3852 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:48:00.0631 3852 wudfsvc - ok
21:48:00.0641 3852 ================ Scan global ===============================
21:48:00.0689 3852 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:48:00.0782 3852 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
21:48:00.0800 3852 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
21:48:00.0899 3852 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:48:00.0906 3852 [Global] - ok
21:48:00.0907 3852 ================ Scan MBR ==================================
21:48:00.0922 3852 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:48:01.0315 3852 \Device\Harddisk0\DR0 - ok
21:48:01.0315 3852 ================ Scan VBR ==================================
21:48:01.0319 3852 [ 1564506FC0713D153B896AD06C0F6C1F ] \Device\Harddisk0\DR0\Partition1
21:48:01.0320 3852 \Device\Harddisk0\DR0\Partition1 - ok
21:48:01.0321 3852 ============================================================
21:48:01.0322 3852 Scan finished
21:48:01.0322 3852 ============================================================
21:48:01.0335 2708 Detected object count: 0
21:48:01.0335 2708 Actual detected object count: 0



sfc /scannow


File attached


Event viewer - System

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/08/2013 22:09:31

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Event viewer - Application

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/08/2013 22:10:40

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2013 20:52:44
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


A good night's work I think.


Attached Files


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I see you are in the UK but are still logged in. Did you fall asleep at the keyboard?

Looking pretty good. The only error is nothing to worry about.

Wondering if OTL won't run because of your file associations:

FileExt: .vbe: VBEFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]

Is there a reason you are using Cscript instead of Wscript? Apparently this is a legitimate choice tho I can't say I've seen it before.

IF you didn't change it for a reason then try changing it back:

copy the next line:

cscript //H:WScript


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window.

(
To change it back you can use:

cscript //H:CScript

but wait until you have tried OTL)

Now try OTL again. If it doesn't work what error do you get? Does it run but not do a scan or does it not run at all. If it won't run at all try one of the alternative forms:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

You will still need to right click and Run As Admin.
  • 0

Advertisements


#11
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

I see you are in the UK but are still logged in. Did you fall asleep at the keyboard?

No :lol: - it's probably because my smart phone was logged in and that stays on 24/7


Is there a reason you are using Cscript instead of Wscript?

No - I have never consciously made this decsion, so I followed your instructions and changed it to Wscript

Now try OTL again. If it doesn't work what error do you get?

OTL still doesn't run and I get this error dialogue box:
otlexe.jpg

If it won't run at all try one of the alternative forms:

Same error message occurs with otl.scr but slightly different with otl.com. Note that when I right click both otl.scr and otl.com I do not get the option to "Run as administrator"
otlcom.jpg


In Event viewer there is nothing in the system log but here is the application log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/08/2013 07:18:15

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/08/2013 06:17:46
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xc0000005, fault offset 0x000bff8d, process id 0x8a4, application start time 0x01cea2ed25a513d1.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



On another matter, I cannot get Avast to run automatically. When I check the Avast boxes in msconfig.exe (both in start and services tabs) the box unchecks when I press apply :confused:

On yet another matter, while working on this thread, the following dialogue box just opened -should I be worried?
hostprocess.jpg

with this in the Event viewer System log
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/08/2013 07:27:08

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/08/2013 06:22:09
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I am getting the hang of using Event viewer.....
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
The "exception code 0xc0000005" that you got with OTL is usually a permissions issue. Can you create a new user with admin rights, then log in as the new user and try running OTL?

In Windows 7 or Vista, from the Start menu, select Control Panel (or Settings then Control Panel).

Double-click User Accounts, and then click Manage User Accounts. (If you can't find User Accounts, click on Classic View)

Click Create new account. Enter a name for the account, and then click Next.

Click Computer administrator, and then click Create Account.

Log off and Log on as the new user. You may not see any of the OTLs you downloaded if they were on the other desktop. Easiest to download a new one. http://www.geekstogo...timers-list-it/

Since we know the KeyScrambler interferes with things, make sure it is off.



Not sure what happened with the Windows Font Cache Service. Sometimes the cache will get corrupt. We can try clearing it.

Right click on Computer and select Manage, (Continue), Services and Applications, Services. Find Windows Font Cache Service and Stop the service.


Now copy the next line:

del /a %windir%\ServiceProfiles\LocalService\AppData\Local\Fontcache3.0.0.0.dat

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window.

Now go back to the services window and Start the Windows Font Cache Service. Does it start without error?
  • 0

#13
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
I'm logged on as a new user with admin rights. All 3 versions of OTL downloaded: same error message on all 3



Problem signature:
Problem Event Name: APPCRASH
Application Name: OTL.exe
Application Version: 3.2.69.0
Application Timestamp: 2a425e19
Fault Module Name: kernel32.dll
Fault Module Version: 6.0.6002.18704
Fault Module Timestamp: 5065ccb6
Exception Code: c0000005
Exception Offset: 000bff8d
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057
Additional Information 1: b37c
Additional Information 2: 2a7328d8bb40c81c93b4b5f46adb8e10
Additional Information 3: b37c
Additional Information 4: 2a7328d8bb40c81c93b4b5f46adb8e10


BUT

Since we know the KeyScrambler interferes with things, make sure it is off.


What is this program and how do I turn it off?

Not sure what happened with the Windows Font Cache Service.
Command line returned "Could not find C:\ServiceProfiles\LocalService\AppData\Local\Fontcache3.0.0.0.dat"

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Sorry about the KeyScrambler. That was an error on my part.

Sounds like the font cache has another location on your PC. See if you can search for and find Fontcache3.0.0.0.dat
Could also be that you have an updated version so that the 3.0.0.0 is no longer valid so search for just Fontcache

Get windows-repair-all-in-one

From http://www.tweaking....all_in_one.html



Skip straight to the step that gives you the window that is shown on the website.

We need to make sure that these three items are selected:

Reset Registry Permissions
Reset File Permissions
Register System Files

Then Start. (It won't hurt to have other items checked - it just takes longer.)

Then try OTL again.
  • 0

#15
UnderSiege

UnderSiege

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
You sir, are more than a genius :thumbsup:

Here are the OTL logs.

OTL logfile created on: 27/08/2013 19:00:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.41% Memory free
6.19 Gb Paging File | 5.57 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 398.89 Gb Free Space | 68.05% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/26 20:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/07/21 10:17:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/11/09 12:45:06 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/07/09 21:48:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/26 20:33:00 | 000,593,920 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/21 22:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/17 14:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/15 10:19:03 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/07/25 09:46:26 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/07/25 09:46:24 | 000,222,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/07/25 09:46:24 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/06/28 18:19:20 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/28 18:19:20 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/28 18:19:20 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/01/24 01:37:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2008/12/17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/08/05 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/06/06 12:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/02/29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...&m=imedia_x2416
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{02C30499-C78D-4910-84DA-DBCDBB203A28}: "URL" = http://uk.search.yah...&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ACPW_en___GB322
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/25 20:08:36 | 000,000,000 | ---D | M]

[2009/06/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2009/06/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/06/26 17:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fx6uefk1.default\extensions
[2012/11/06 08:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/24 18:45:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2009/07/05 06:19:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/10/15 20:12:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motors.co.uk ([sellyourcar] http in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ApplePhotoStreams - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: avast - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LMPSSDMON - hkey= - key= - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Dad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig - StartUpReg: WinPatrol - hkey= - key= - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: WrtMon.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 1

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 18:29:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/27 18:27:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/27 18:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/27 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/08/26 21:43:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/26 21:43:34 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\temp
[2013/08/26 21:42:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/26 21:27:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/26 21:27:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/26 21:27:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/26 21:27:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/26 21:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/26 21:02:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/26 21:01:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dad\Desktop\tdsskiller.exe
[2013/08/26 21:00:46 | 005,113,393 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe
[2013/08/26 20:59:32 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Dad\Desktop\JRT.exe
[2013/08/26 20:35:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.com
[2013/08/26 20:35:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.scr
[2013/08/26 20:34:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2013/08/26 20:13:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/26 20:13:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/26 20:13:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/26 20:13:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/26 20:13:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/26 20:13:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/26 20:13:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/26 20:13:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/26 20:11:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/26 20:10:42 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/26 20:10:41 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/26 08:11:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\dds.com
[2013/08/25 18:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/08/25 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/08/15 10:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/08/04 09:51:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\.oit
[2013/08/04 09:51:06 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\NewSoft
[2013/08/04 09:50:39 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\NewSoft
[2013/08/04 08:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2013/08/27 19:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Dad.job
[2013/08/27 18:59:31 | 000,612,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/27 18:59:31 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/27 18:57:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc6ffe48569470.job
[2013/08/27 18:55:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 18:55:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 18:55:01 | 000,488,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/27 18:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/27 18:54:44 | 3220,389,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 18:53:16 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/27 18:44:00 | 000,000,236 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2013/08/27 18:33:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 18:28:24 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DAD-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/27 18:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc6ffe48a88500.job
[2013/08/27 07:25:51 | 000,031,947 | ---- | M] () -- C:\Users\Dad\Desktop\hostprocess.jpg
[2013/08/27 07:08:52 | 000,057,991 | ---- | M] () -- C:\Users\Dad\Desktop\otlcom.jpg
[2013/08/27 07:08:35 | 000,030,356 | ---- | M] () -- C:\Users\Dad\Desktop\otlexe.jpg
[2013/08/26 21:01:41 | 005,113,393 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe
[2013/08/26 21:01:34 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dad\Desktop\tdsskiller.exe
[2013/08/26 20:59:34 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Dad\Desktop\JRT.exe
[2013/08/26 20:58:04 | 000,994,642 | ---- | M] () -- C:\Users\Dad\Desktop\AdwCleaner.exe
[2013/08/26 20:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.com
[2013/08/26 20:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.scr
[2013/08/26 20:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2013/08/26 19:16:44 | 000,122,054 | ---- | M] () -- C:\Users\Dad\Desktop\update.jpg
[2013/08/26 18:53:25 | 000,069,069 | ---- | M] () -- C:\Users\Dad\Desktop\MBAM.jpg
[2013/08/26 08:47:35 | 000,061,440 | ---- | M] ( ) -- C:\Users\Dad\Desktop\VEW.exe
[2013/08/26 08:07:29 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\dds.com
[2013/08/25 18:24:26 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/08/25 17:01:51 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/08/25 15:05:29 | 000,001,356 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2013/08/25 13:00:30 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/25 06:53:51 | 000,001,927 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/25 06:53:51 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/24 18:47:25 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/24 18:47:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/15 23:08:25 | 000,005,085 | ---- | M] () -- C:\Users\Dad\Documents\En Suite Bathroom.odt
[2013/08/07 04:22:04 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/08/04 08:21:34 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/08/03 06:17:16 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/08/27 18:28:24 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DAD-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/27 07:24:53 | 000,031,947 | ---- | C] () -- C:\Users\Dad\Desktop\hostprocess.jpg
[2013/08/27 06:44:01 | 000,057,991 | ---- | C] () -- C:\Users\Dad\Desktop\otlcom.jpg
[2013/08/27 06:41:57 | 000,030,356 | ---- | C] () -- C:\Users\Dad\Desktop\otlexe.jpg
[2013/08/26 21:27:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/26 21:27:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/26 21:27:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/26 21:27:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/26 21:27:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/26 20:58:03 | 000,994,642 | ---- | C] () -- C:\Users\Dad\Desktop\AdwCleaner.exe
[2013/08/26 19:16:44 | 000,122,054 | ---- | C] () -- C:\Users\Dad\Desktop\update.jpg
[2013/08/26 18:57:30 | 3220,389,888 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/26 18:53:25 | 000,069,069 | ---- | C] () -- C:\Users\Dad\Desktop\MBAM.jpg
[2013/08/26 08:48:02 | 000,061,440 | ---- | C] ( ) -- C:\Users\Dad\Desktop\VEW.exe
[2013/08/26 06:41:45 | 000,488,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/25 18:24:26 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/08/25 16:52:20 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/08/25 06:53:51 | 000,001,927 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/25 06:53:51 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/24 18:47:25 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/08 11:15:16 | 000,005,085 | ---- | C] () -- C:\Users\Dad\Documents\En Suite Bathroom.odt
[2013/08/04 08:21:34 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/28 18:19:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 18:19:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 18:19:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/03/23 08:03:58 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/23 08:03:58 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/12/07 10:31:47 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2012/12/07 10:30:40 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2012/12/07 10:30:37 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2012/12/07 10:28:26 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012/12/07 10:24:20 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2012/12/07 10:24:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2012/12/07 10:24:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2012/12/07 10:24:19 | 001,044,480 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2012/12/07 10:24:19 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2012/12/07 10:24:19 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2012/12/07 10:24:18 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2012/12/07 10:24:18 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2012/12/07 10:24:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2012/12/07 10:24:17 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2012/12/07 10:24:17 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2012/12/07 10:24:17 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2012/12/07 10:24:17 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2012/11/02 19:04:23 | 000,004,378 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\Comma Separated Values (Windows).NOT
[2011/11/02 14:31:14 | 012,067,328 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2011/11/02 14:31:14 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2011/11/02 14:31:14 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/11/02 14:31:13 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2011/11/02 14:31:13 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2011/09/13 16:27:23 | 000,004,096 | -H-- | C] () -- C:\Users\Dad\AppData\Local\keyfile3.drm
[2011/01/26 20:05:23 | 000,021,886 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/11/10 20:46:30 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2009/11/21 17:47:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/10 13:25:49 | 000,115,712 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/25 20:30:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/12/31 12:26:11 | 000,000,667 | ---- | C] () -- C:\Users\Dad\Sample Pictures.lnk

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD64 00AAKS-22A7B SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 586.00GB
Starting Offset: 10738466816
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/08/04 09:51:16 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.oit
[2011/03/02 10:10:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Adelard
[2011/02/17 12:02:48 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Adobe
[2013/05/25 22:58:19 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Apple Computer
[2012/03/28 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/26 21:06:10 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2011/05/02 11:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CyberLink
[2010/11/22 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Epson
[2009/04/10 07:16:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Google
[2011/11/08 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GRETECH
[2011/03/28 22:30:10 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\HTC
[2009/04/09 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Identities
[2010/01/14 19:38:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\InstallShield
[2011/11/04 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2009/04/11 07:27:15 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Macromedia
[2009/10/23 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Media Center Programs
[2012/07/15 19:47:20 | 000,000,000 | --SD | M] -- C:\Users\Dad\AppData\Roaming\Microsoft
[2010/07/09 21:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Motive
[2012/06/26 17:14:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla
[2010/09/03 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\NCH Software
[2013/08/04 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\NewSoft
[2011/08/09 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Outlook
[2011/11/21 13:58:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Packard Bell
[2013/03/03 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Skype
[2011/07/07 11:29:08 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\skypePM
[2013/08/24 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Spotify
[2011/12/19 17:14:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stellarium
[2009/04/09 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Symantec
[2012/06/26 17:14:36 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Talkback
[2009/06/07 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TomTom
[2010/03/21 13:59:36 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Trusteer
[2013/08/24 18:40:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WinPatrol

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 20:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 20:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 50B4-FA92
Directory of C:\
02/11/2006 14:02 <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> Desktop [..]
02/11/2006 14:02 <JUNCTION> Documents [..]
02/11/2006 14:02 <JUNCTION> Favorites [..]
02/11/2006 14:02 <JUNCTION> Start Menu [..]
02/11/2006 14:02 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 14:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> Desktop [..]
02/11/2006 14:02 <JUNCTION> Documents [..]
02/11/2006 14:02 <JUNCTION> Favorites [..]
02/11/2006 14:02 <JUNCTION> Start Menu [..]
02/11/2006 14:02 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Dad
09/04/2009 19:32 <JUNCTION> Application Data [C:\Users\Dad\AppData\Roaming]
09/04/2009 19:32 <JUNCTION> Cookies [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies]
09/04/2009 19:32 <JUNCTION> Local Settings [C:\Users\Dad\AppData\Local]
09/04/2009 19:32 <JUNCTION> My Documents [C:\Users\Dad\Documents]
09/04/2009 19:32 <JUNCTION> NetHood [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/04/2009 19:32 <JUNCTION> PrintHood [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/04/2009 19:32 <JUNCTION> Recent [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Recent]
09/04/2009 19:32 <JUNCTION> SendTo [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\SendTo]
09/04/2009 19:32 <JUNCTION> Start Menu [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu]
09/04/2009 19:32 <JUNCTION> Templates [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dad\AppData\Local
09/04/2009 19:32 <JUNCTION> Application Data [C:\Users\Dad\AppData\Local]
09/04/2009 19:32 <JUNCTION> History [C:\Users\Dad\AppData\Local\Microsoft\Windows\History]
09/04/2009 19:32 <JUNCTION> Temporary Internet Files [C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dad\AppData\LocalLow
13/02/2013 20:45 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Dad\Documents
09/04/2009 19:32 <JUNCTION> My Music [C:\Users\Dad\Music]
09/04/2009 19:32 <JUNCTION> My Pictures [C:\Users\Dad\Pictures]
09/04/2009 19:32 <JUNCTION> My Videos [C:\Users\Dad\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> Local Settings [..]
02/11/2006 14:02 <JUNCTION> My Documents [..]
02/11/2006 14:02 <JUNCTION> NetHood [..]
02/11/2006 14:02 <JUNCTION> PrintHood [..]
02/11/2006 14:02 <JUNCTION> Recent [..]
02/11/2006 14:02 <JUNCTION> SendTo [..]
02/11/2006 14:02 <JUNCTION> Start Menu [..]
02/11/2006 14:02 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> History [..]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 14:02 <JUNCTION> My Music [..]
02/11/2006 14:02 <JUNCTION> My Pictures [..]
02/11/2006 14:02 <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\G2G
27/08/2013 17:30 <JUNCTION> Application Data [C:\Users\G2G\AppData\Roaming]
27/08/2013 17:30 <JUNCTION> Cookies [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Cookies]
27/08/2013 17:30 <JUNCTION> Local Settings [C:\Users\G2G\AppData\Local]
27/08/2013 17:30 <JUNCTION> My Documents [C:\Users\G2G\Documents]
27/08/2013 17:30 <JUNCTION> NetHood [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/08/2013 17:30 <JUNCTION> PrintHood [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/08/2013 17:30 <JUNCTION> Recent [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Recent]
27/08/2013 17:30 <JUNCTION> SendTo [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\SendTo]
27/08/2013 17:30 <JUNCTION> Start Menu [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu]
27/08/2013 17:30 <JUNCTION> Templates [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\G2G\AppData\Local
27/08/2013 17:30 <JUNCTION> Application Data [C:\Users\G2G\AppData\Local]
27/08/2013 17:30 <JUNCTION> History [C:\Users\G2G\AppData\Local\Microsoft\Windows\History]
27/08/2013 17:30 <JUNCTION> Temporary Internet Files [C:\Users\G2G\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\G2G\Documents
27/08/2013 17:30 <JUNCTION> My Music [C:\Users\G2G\Music]
27/08/2013 17:30 <JUNCTION> My Pictures [C:\Users\G2G\Pictures]
27/08/2013 17:30 <JUNCTION> My Videos [C:\Users\G2G\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
11/04/2009 18:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
11/04/2009 18:07 <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
11/04/2009 18:07 <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
11/04/2009 18:07 <JUNCTION> My Documents [C:\Users\Guest\Documents]
11/04/2009 18:07 <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/04/2009 18:07 <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/04/2009 18:07 <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
11/04/2009 18:07 <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
11/04/2009 18:07 <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
11/04/2009 18:07 <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
11/04/2009 18:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
11/04/2009 18:07 <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
11/04/2009 18:07 <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
11/04/2009 18:07 <JUNCTION> My Music [C:\Users\Guest\Music]
11/04/2009 18:07 <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
11/04/2009 18:07 <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 14:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 426,507,661,312 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/28 15:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 13:41:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/11 07:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 12:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 19:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 19:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 19:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 19:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 19:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 12:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/11 07:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


and here is the extras

OTL Extras logfile created on: 27/08/2013 19:00:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.41% Memory free
6.19 Gb Paging File | 5.57 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 398.89 Gb Free Space | 68.05% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B72A2D-8D38-471F-88B0-F86F18D774B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{14D082DF-4DDF-4EA3-B588-BE559A8A29C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F640BC3-140E-4CA5-9C75-82557409E594}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49F727DD-7388-4606-A0F4-5836E050C19E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D25B4B4-7C26-499E-9DA9-2B6FE2EF1B7F}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FA8AE6A-A60C-47E1-A748-1AED97ACD43F}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FD2E2E9-92C1-4F39-B628-D113FAA8B6E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7089D862-3CBB-4474-B06C-CC820D5B9685}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{70EF8120-7E62-4A99-A03E-57D07AED7F89}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{744C5C2D-FBF2-4DF2-94C6-38DC0D2E6260}" = rport=138 | protocol=17 | dir=out | app=system |
"{752D0DE4-7101-4D89-ACAB-CB38E89DB4E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D533AA6-5331-43B4-A0D0-96DC777E154D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86CEC332-84E5-4C49-A571-F13824AB979B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{935E7005-2EEA-4E99-BF58-E715B4C27F19}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{959F9107-85CD-4988-A790-5464B5070C8D}" = lport=137 | protocol=17 | dir=in | app=system |
"{B12692F1-F40F-4F70-805E-7B9BE321CA48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2BCDCCF-A4D4-4062-B6E9-8EFA45B5C887}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAEE8306-636A-4590-8583-9D582DFFD02B}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE2235B9-CE04-4139-B711-A8D5D0567A68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F66D0290-6FAD-4F7E-B961-2B277016E26B}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1494ED65-8C16-4D35-9D7F-23816A411A42}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{20FCF9B3-740B-412E-A4C5-105BA704F485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24C1E3A3-4307-4072-BFED-2BD582995737}" = protocol=58 | dir=in | [email protected],-28545 |
"{2D331032-BDD6-4B22-AA65-8D87AB43E879}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31145009-BED0-4DBE-92E3-27A62432DB2E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{324171CB-AC10-4710-8152-6E7513ECCBA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4644FEC2-6747-4B51-9DDE-9E8590E57DA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BEE751D-F82C-4474-A564-AE5806245A76}" = protocol=1 | dir=out | [email protected],-28544 |
"{694815AF-148F-41FB-8058-E1FF1B95FEFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DB4FBD7-79A3-400F-9C65-576E9E7CB3C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A837A68-3652-463C-9721-9C0A762EB3DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CF892A4-C010-4AFD-B255-BA069032EF23}" = protocol=1 | dir=in | [email protected],-28543 |
"{9AA0739C-5794-4ECE-9D85-B1BE60A371A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9DDA21C2-8B24-4CC5-89B3-1077D59BAC4D}" = dir=in | app=c:\windows\system32\lmabcoms.exe |
"{A1B4EB49-9946-4001-9096-F1996061D545}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE04710C-33AC-4CD6-A45F-02350CAD726A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1885E62-0348-4F05-A2DD-E3444AF5FD91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDBC6709-7F1F-4C1F-8251-71791CE28AE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2271B24-03BC-40AB-B4C3-10BA66C7E788}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5171606-01FD-4B80-9C37-0CC0F9DA618F}" = protocol=58 | dir=out | [email protected],-28546 |
"{C868DC15-6BB4-4620-9765-B4740EE04D86}" = protocol=6 | dir=out | app=system |
"{D2936B79-089D-40EC-9111-34D5AB63DAF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3FD4682-1533-4883-8421-AC77E20E7919}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D90DB576-C259-4E06-B452-58D6AE3CE635}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D997F838-FB5D-4D0D-A7D2-E9B6AFFFD896}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E7FE2891-8F8B-4EDC-A328-65E27D72AC03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F540165C-2E21-4D2A-B284-AFBD9FA80E50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3B43435F-C747-41D1-8CD1-F27D202F9711}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{44477D04-1624-4289-B67B-735F6E69D3E7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{6307922E-5C40-4F0F-9BDF-D18EB6C3D102}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{73AAC03D-4B5A-4FB8-BBFB-9C98E90AFB94}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{95A76AB2-2B44-4945-B686-D42C17F189F9}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{9C315914-440E-4D8B-AE6E-C1545F1C1A14}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{AB3841E9-4552-4A37-9758-9B55296DD628}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B1407936-5EFA-442C-A95E-E11052002BB4}C:\users\dad\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dad\appdata\roaming\spotify\spotify.exe |
"TCP Query User{BB0E4DED-9E61-4AE4-A2D5-92504EAA7F82}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"TCP Query User{C6E34500-4D90-4554-A6EB-B06F2845B5D8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{0D6E61A5-543C-4719-B351-69B1A86C6474}C:\users\dad\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dad\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1FDBF953-3749-48CE-B8BC-8B979BE16431}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{2167450C-56E7-438C-A5A3-8E3163490941}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{437F7595-AFC1-4773-934A-39C453432A55}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{50179869-60FE-48FD-BC79-1EBACDDEC14F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6B0467B1-21ED-4224-B3B7-37C3788CC925}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{74F94320-247C-4EC5-B88B-9CC6A234E731}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{8EC58FBA-10F4-4CF9-BD48-7233A80BE835}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"UDP Query User{C942098A-34AC-48B6-A679-894D7711F7E8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DB20FFA3-0229-4411-A5B4-8FA9A3BDE178}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{070BC58F-C9D9-4EC6-8ACA-FF433378BFC2}" = HTC Rome USB Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{25EEBF98-0807-4DA9-8998-992C8FA388DC}" = HTC Sync for BrewMP
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2BD94085-2E05-4EBD-8F2D-AF7499C50D92}" = LCD test
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3350E9B0-DCE6-4AE1-B3AC-D0C11FBEEDA1}_is1" = SeaTools for Windows
"{3559CDE0-11FC-4D7B-A65C-D646035B1033}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.31
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{972DF094-DFC0-42B7-A7C8-B2FCC66E2FAA}" = Home Accounts 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Updator
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E13A3B1E-53C6-4697-AB0E-AE9AC6184499}" = Lexmark Scan Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Image Writer
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AP3456" = AP3456
"ASCE v4.0" = ASCE v4.0
"avast" = avast! Free Antivirus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Belarc Advisor" = Belarc Advisor 8.3
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"ClassicFTP" = Classic FTP
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.23
"Disketch" = Disketch CD Label Software
"EPSON Printer and Utilities" = EPSON Printer Software
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist Corporate
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"Rapport_msi" = Trusteer Endpoint Protection
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"Stellarium_is1" = Stellarium 0.10.6.1
"ToolBox" = NCH Toolbox
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Where is M13?_is1" = Where is M13? version 2.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/08/2013 02:17:46 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0x8a4, application start time
0x01cea2ed25a513d1.

Error - 27/08/2013 02:22:06 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module fntcache.dll, version 7.0.6002.23097, time stamp 0x516e7515,
exception code 0x40000015, fault offset 0x00025eda, process id 0xf98, application
start time 0x01cea2e91227bf01.

Error - 27/08/2013 02:42:33 | Computer Name = Dad-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 27/08/2013 12:40:01 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xf80, application start time
0x01cea34412a3bd71.

Error - 27/08/2013 12:43:37 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0x9e8, application start time
0x01cea34493b482f1.

Error - 27/08/2013 12:43:55 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL (1).com, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xb00, application start time
0x01cea3449eacbd31.

Error - 27/08/2013 12:44:30 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.scr, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xb74, application start time
0x01cea344b37ec961.

Error - 27/08/2013 12:44:59 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xba0, application start time
0x01cea344c49ddfb1.

Error - 27/08/2013 13:56:24 | Computer Name = Dad-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 27/08/2013 02:22:09 | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27/08/2013 13:56:24 | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >


I notice that I did not check the Scan all users box - should I have done?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP