Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde.dll infection


  • Please log in to reply

#1
saleenboy87146

saleenboy87146

    Member

  • Member
  • PipPip
  • 66 posts
This is my step daughters computer. She has been using my laptop lately because she says hers doesn't work anymore.

I intially tried running Spybot search and destroy,it ran for about 40 minutes and got stuck. Tried Malwarebytes, did the same thing, but I noticed that it was stuck on a file called Virtumonde.dll. Tried running S&D and Malwarebytes in safe mode, same result. I then found a program called Superantispyware, this program made it through and found about 100 infections. Removed those infections and re-ran it, came back clean. I then tried S&D in safe mode and it found approx. 450 infections. Removed a little over 300 of them and had to restart to clean the rest. During the S&D scan upon start up, S&D got stuck on the Virtumonde.dll file again.

Now I also have a bunch of pink squares all my screen. I also have 4 little black squares to the right of my mouse pointer?

Anyways, my OTL file is attached.
OTL logfile created on: 10/9/2013 8:56:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 52.97% Memory free
6.00 Gb Paging File | 4.25 Gb Available in Paging File | 70.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 88.64 Gb Free Space | 59.51% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.44 Mb Free Space | 71.44% Space Free | Partition Type: NTFS
Drive F: | 29.65 Gb Total Space | 26.80 Gb Free Space | 90.38% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/09 20:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/06/05 20:02:22 | 007,519,512 | ---- | M] (Pokki) -- C:\Users\User\AppData\Local\Pokki\Engine\pokki.exe
PRC - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/12 07:36:26 | 000,342,608 | ---- | M] (PCRx.com, LLC) -- C:\Program Files\24x7Help\App24x7Svc.exe
PRC - [2013/01/29 14:29:00 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/05 12:29:13 | 000,107,520 | ---- | M] () -- C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2012/05/16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/10/20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/08 12:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/09 16:15:16 | 000,192,512 | ---- | M] (Vimicro) -- C:\Windows\VM331_STI.EXE
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/03 01:03:05 | 000,415,184 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
MOD - [2013/10/03 01:03:04 | 013,611,984 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 01:03:03 | 004,055,504 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 01:02:09 | 001,604,560 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/06/05 20:02:24 | 001,517,848 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\ocdeskband_0.dll
MOD - [2013/01/25 21:53:28 | 000,716,288 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\Engine\libglesv2.dll
MOD - [2013/01/25 21:53:28 | 000,569,856 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/25 21:53:28 | 000,130,048 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\Engine\libegl.dll
MOD - [2013/01/25 17:07:56 | 001,400,846 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\Engine\avcodec-54.dll
MOD - [2013/01/25 17:07:54 | 000,222,734 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\Engine\avformat-54.dll
MOD - [2013/01/25 17:07:54 | 000,151,054 | ---- | M] () -- C:\Users\User\AppData\Local\Pokki\Engine\avutil-51.dll
MOD - [2012/05/16 06:32:00 | 000,083,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 17:09:52 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 07:36:26 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2013/01/29 14:29:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/05 12:29:13 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/08 12:22:46 | 000,935,008 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/05/16 06:32:00 | 000,280,640 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/10/05 05:53:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E35A9009-4F95-414B-AE20-3DF4E242C33A}\MpKslf603a5a7.sys -- (MpKslf603a5a7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013/10/09 05:14:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/30 23:10:50 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/05/16 06:32:00 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2012/05/16 06:32:00 | 000,017,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2012/03/07 10:56:22 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2012/02/22 05:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 01:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/12/28 06:40:02 | 000,129,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/12/28 06:40:02 | 000,022,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011/12/26 20:10:35 | 000,033,080 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/29 10:26:08 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/10/05 05:17:15] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/05/26 14:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/17 23:18:30 | 000,991,872 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008/12/01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/19 03:15:10 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/11/27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 7C E1 95 59 96 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A951C6A-A572-47B3-AF7E-1EA5D57CF523}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-08 12:22:51&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C8650C7B-0E4D-47DA-B3B2-B3CDD2FA08A2}: "URL" = http://search.condui...&ctid=CT3078318
IE - HKCU\..\SearchScopes\{DF71CF13-731A-4CB7-9F19-95CD3576B32D}: "URL" = http://search.yahoo....36,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011/10/05 04:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/08/13 20:46:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/03/20 20:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/03/20 20:23:26 | 000,000,000 | ---D | M]
 
[2012/07/08 12:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/08 12:16:25 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Empower3000 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcjkjmonopjbmipkgbibcplajafnggd\0.7_0\
CHR - Extension: 3DTin = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: nGenx nFinity Browser\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbljgmognlmekcmkmlbgnmmkpklflojd\0.0.1.0_0\
CHR - Extension: MindMeister = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\2.0_0\
CHR - Extension: Audiotool = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: GeoGebra = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0\
CHR - Extension: EasyBib = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IB Updater = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.574_0\
CHR - Extension: Sumo Paint = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\~
CHR - Extension: GoAnimate for Schools = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpaebfogajhndljeplcmjicfjcdddf\1.0.2_0\
CHR - Extension: StudyBlue, Inc. = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh\1.7_0\
CHR - Extension: Pixlr Editor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Diigo Web = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\5.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\6.0_0\
CHR - Extension: Pixton Comic Maker for Google Chromebooks\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odepbnabionemkpekcfilpihkkfngnop\1.3_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.1.0_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.1_0\
CHR - Extension: Khan Academy = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko\0.0.0.1_0\
CHR - Extension: Glogster EDU = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoigcdmeplpebbdfjcofinjnlghmefh\6_0\
CHR - Extension: Pearson OpenClass = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\phllacioehenkhbnlpihgnhghgckpplm\1.0.1.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Empower3000 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcjkjmonopjbmipkgbibcplajafnggd\0.7_0\
CHR - Extension: 3DTin = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: nGenx nFinity Browser\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbljgmognlmekcmkmlbgnmmkpklflojd\0.0.1.0_0\
CHR - Extension: MindMeister = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\2.0_0\
CHR - Extension: Audiotool = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: GeoGebra = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0\
CHR - Extension: EasyBib = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IB Updater = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.574_0\
CHR - Extension: Sumo Paint = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\~
CHR - Extension: GoAnimate for Schools = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpaebfogajhndljeplcmjicfjcdddf\1.0.2_0\
CHR - Extension: StudyBlue, Inc. = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh\1.7_0\
CHR - Extension: Pixlr Editor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Diigo Web = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\5.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\6.0_0\
CHR - Extension: Pixton Comic Maker for Google Chromebooks\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odepbnabionemkpekcfilpihkkfngnop\1.3_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.1.0_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.1_0\
CHR - Extension: Khan Academy = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko\0.0.0.1_0\
CHR - Extension: Glogster EDU = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoigcdmeplpebbdfjcofinjnlghmefh\6_0\
CHR - Extension: Pearson OpenClass = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\phllacioehenkhbnlpihgnhghgckpplm\1.0.1.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ytbyclick Toolbar) - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [331BigDog] C:\Windows\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband File not found
O4 - HKCU..\RunOnce: [Application Restart #4] C:\Users\User\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.co...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1DEADE7-4B11-4DBD-A702-5920000E1502}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/09 20:51:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/10/06 20:25:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/06 20:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/06 20:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/06 20:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/06 18:58:55 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2013/10/06 17:26:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/10/06 17:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/06 17:15:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/06 17:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/06 15:51:43 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\User\Desktop\iExplore.exe
[2013/10/05 23:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/10/05 23:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/10/05 23:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/10/05 22:00:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[4 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/09 20:52:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/09 20:52:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/09 20:50:36 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 20:50:36 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 20:48:47 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA.job
[2013/10/09 20:48:47 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
[2013/10/09 20:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/09 20:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/10/09 19:06:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/10/09 19:06:32 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/10/09 19:05:58 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 16:41:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core.job
[2013/10/09 16:00:40 | 003,765,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/09 05:24:32 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/09 05:14:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/10/07 15:47:28 | 000,009,457 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/06 20:28:21 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
[2013/10/06 20:25:50 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 17:26:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/06 15:47:40 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\User\Desktop\iExplore.exe
[2013/10/05 23:43:48 | 000,001,244 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/05 23:43:48 | 000,001,220 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2013/10/05 22:07:00 | 000,002,362 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[4 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/09 05:24:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/09 05:24:32 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/07 15:44:37 | 000,009,457 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/06 20:26:07 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
[2013/10/06 20:26:07 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
[2013/10/06 20:25:50 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 17:15:42 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/05 23:43:48 | 000,001,244 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/05 23:43:48 | 000,001,220 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2012/07/20 11:58:56 | 000,000,071 | ---- | C] () -- C:\Windows\ENX330.ini
[2012/02/29 19:16:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012/01/21 21:00:12 | 000,187,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/01 23:14:39 | 000,131,072 | ---- | C] ( ) -- C:\Windows\vm331Rmv.exe
[2012/01/01 23:14:38 | 000,001,598 | ---- | C] () -- C:\Windows\vm331Rmv.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/05/15 18:30:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/05/29 21:43:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\24x7 Help
[2011/10/05 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ashampoo
[2012/02/05 14:52:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/09/05 12:29:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DefaultTab
[2012/07/23 14:21:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Epson
[2012/11/15 18:35:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFileViewer
[2011/10/05 11:55:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2012/07/20 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012/04/27 15:04:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012/09/24 21:01:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PwrMgr
[2012/04/27 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WeatherBug
[2011/10/05 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:100CB1DD




< End of report >
Thanks,

Scott

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E35A9009-4F95-414B-AE20-3DF4E242C33A}\MpKslf603a5a7.sys -- (MpKslf603a5a7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
IE - HKLM\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{6A951C6A-A572-47B3-AF7E-1EA5D57CF523}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-08 12:22:51&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C8650C7B-0E4D-47DA-B3B2-B3CDD2FA08A2}: "URL" = http://search.condui...&ctid=CT3078318
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/03/20 20:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/03/20 20:23:26 | 000,000,000 | ---D | M]
[2012/07/08 12:16:25 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll File not found
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ytbyclick Toolbar) - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband File not found
O4 - HKCU..\RunOnce: [Application Restart #4] C:\Users\User\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) -  File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
[2013/10/09 19:06:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/10/09 19:06:32 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10092013-some number.log so look there if you don't see it.


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

(If you do not already have OTL then: Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.)

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.




Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', Make sure it updates first. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0

#3
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
did the custom scan/ run fix.

Below is the log:

========== OTL ==========
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Service MpKslf603a5a7 stopped successfully!
Service MpKslf603a5a7 deleted successfully!
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E35A9009-4F95-414B-AE20-3DF4E242C33A}\MpKslf603a5a7.sys not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d4f1c433-f9c3-49f2-8645-37dbeca19e90} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4f1c433-f9c3-49f2-8645-37dbeca19e90}\ deleted successfully.
C:\Program Files\ytbyclick\prxtbytby.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d4f1c433-f9c3-49f2-8645-37dbeca19e90} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4f1c433-f9c3-49f2-8645-37dbeca19e90}\ not found.
File C:\Program Files\ytbyclick\prxtbytby.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A951C6A-A572-47B3-AF7E-1EA5D57CF523}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A951C6A-A572-47B3-AF7E-1EA5D57CF523}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8650C7B-0E4D-47DA-B3B2-B3CDD2FA08A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8650C7B-0E4D-47DA-B3B2-B3CDD2FA08A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
C:\Program Files\IB Updater\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\IB Updater\Firefox\defaults folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome\skin folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome\locale folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome\content folder moved successfully.
C:\Program Files\IB Updater\Firefox\chrome folder moved successfully.
C:\Program Files\IB Updater\Firefox folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}\ not found.
File C:\Program Files\IB Updater\Firefox not found.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4f1c433-f9c3-49f2-8645-37dbeca19e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4f1c433-f9c3-49f2-8645-37dbeca19e90}\ not found.
File C:\Program Files\ytbyclick\prxtbytby.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d4f1c433-f9c3-49f2-8645-37dbeca19e90} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4f1c433-f9c3-49f2-8645-37dbeca19e90}\ not found.
File C:\Program Files\ytbyclick\prxtbytby.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4F1C433-F9C3-49F2-8645-37DBECA19E90} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4F1C433-F9C3-49F2-8645-37DBECA19E90}\ not found.
File C:\Program Files\ytbyclick\prxtbytby.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #4 deleted successfully.
C:\Users\User\AppData\Local\Pokki\Engine\pokki.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Wincert\WIN32C~1.DLL deleted successfully.
C:\ProgramData\Wincert\win32cert.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Setup.exe not found.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job moved successfully.
C:\Windows\Tasks\GlaryInitialize.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 4656 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: User
->Java cache emptied: 1 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10102013_203901





I will run the Adware scan next.
  • 0

#4
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
adwcleaner log:


# AdwCleaner v3.007 - Report created 10/10/2013 at 21:17:57
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 24x7HelpSvc
Service Deleted : DefaultTabUpdate
Service Deleted : IB Updater
[#] Service Deleted : vToolbarUpdater11.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\ytbyclick
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\User\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\User\AppData\Local\torch
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\User\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\User\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\User\AppData\LocalLow\ytbyclick
Folder Deleted : C:\Users\User\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\User\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE31B12-3954-4766-A895-344B1A325588}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AE31B12-3954-4766-A895-344B1A325588}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3078318
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5098CD3-C3A8-4CF9-A9A1-78E6B9D0ED7C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4F1C433-F9C3-49F2-8645-37DBECA19E90}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4F1C433-F9C3-49F2-8645-37DBECA19E90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5098CD3-C3A8-4CF9-A9A1-78E6B9D0ED7C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A8C0E9-2A9A-4453-AF34-52E540152E70}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EF57EDE-8CFB-4775-90B7-448BA9694349}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\24x7help
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\ytbyclick
Key Deleted : HKLM\Software\24x7help
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\ytbyclick
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ytbyclick Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19951 octets] - [10/10/2013 21:16:16]
AdwCleaner[S0].txt - [20408 octets] - [10/10/2013 21:17:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20469 octets] ##########





I will run the junkware removal tool next.
  • 0

#5
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Junkware removl log below:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by User on Thu 10/10/2013 at 21:32:20.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2033630711-3411533705-1815766804-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files\24x7help"
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{0037821C-44EA-4169-8E52-1BA4E80A90FF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{02A10ECF-12EF-45C6-8E90-8DBCB78275DB}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{04AB2FB6-63A7-4F26-99C8-5CDDD4BFBDC3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1102D135-BAFE-4F30-B882-AF0A78327949}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{17860773-4091-4C34-A27F-CB9E920251DD}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{18A499B4-2D6B-41BC-95F5-DF60ABC11C23}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1A3CCEAB-33F1-499D-84A4-6C32BD3DF192}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{2ADFFBEA-6AF6-4845-AB6B-B1CC9E34334C}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{2C92596B-FF9C-4BAC-B3AD-B574A77C7599}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{30B243AD-FA7B-4FDD-BA92-7F96C531F6F8}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{3482FC76-0478-4BA0-8C20-4E6534981874}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{40E53A0B-4202-4155-9610-40B346F23C2D}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{4549831F-F7E0-4ABA-A2AA-7769DD5E410A}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{471EFF0C-5AB3-4344-8DDB-9E8B2E8EF7C6}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{4A363322-EB98-4028-ADC6-8AA7157B7B31}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{520FA57B-7F93-4D07-9F95-B3A458B6CAC1}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{570BA6F1-056E-4B7F-9AF5-F7B501BB2760}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{57654A28-0897-4569-AF89-BDF2DF3CE0A4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5CD4796C-593F-4F3E-9923-5470F7917808}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5D337FD0-5A5D-4BFA-9DB6-1081C7038F20}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5F864B8A-7005-4090-A134-60BAAA844BB3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{6BF2A5D1-E589-4445-93C1-8E320C9D37A2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{715B51F0-6428-4641-AD1D-4580C9621B83}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{7D2CF722-3B9A-4F6C-A759-FB53B06C88C9}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{80370466-F727-4ABF-AE59-C2CD5E9D37EA}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{8B5081B7-B8F0-47D9-B0C3-91258E583D1C}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{8E630106-310D-4B19-89A7-0ADE0686748A}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{92839E47-6690-4D2E-AA2F-B82EC689A36F}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{9684C0A8-3D30-4F85-93AE-D34855DF7E77}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A2C16D7B-BEC9-4247-A7B3-7558E98F5897}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A38B2AE5-35B7-4072-BA5F-DD7CF7A5CE44}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A922DC25-FD6F-464B-B763-08172583CABA}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{AC5AD887-4BB9-450B-9C6B-76D9AA47166E}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{AE5A910A-9061-4BDE-84CC-7EB02505E1A8}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B28D6896-076F-4741-BDB4-D622BC0E0E06}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{C0728C99-E68C-4CFC-854C-52FBD83978F3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{CD6FBE75-F2CF-4D2B-A46C-0D6D9FF8221A}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D950BA37-8FF8-4914-B7FC-EBDBD32CBB68}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{DDA22543-F63E-455D-8797-E1BBD1DDF0FC}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F51A6D09-C70E-4B31-BB4F-5078BADBD0F5}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F60B6097-A939-41A0-9E0E-2440F8400D7D}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F6289D1C-5C57-427D-8533-EAE161301CC3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F6C854C5-44F2-405A-B28E-084F33B3ACC8}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{FFFB7A96-01DD-40B5-A074-D84D5ED0DCB2}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/10/2013 at 21:35:02.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





I will do the MBR scan next.
  • 0

#6
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
MBR Log:


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-10 21:39:15
-----------------------------
21:39:15.474 OS Version: Windows 6.1.7601 Service Pack 1
21:39:15.474 Number of processors: 2 586 0xE0C
21:39:15.475 ComputerName: USER-PC UserName: User
21:39:16.893 Initialize success
21:44:15.088 AVAST engine defs: 13101001
21:44:32.200 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:44:32.207 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
21:44:32.355 Disk 0 MBR read successfully
21:44:32.363 Disk 0 MBR scan
21:44:32.376 Disk 0 Windows 7 default MBR code
21:44:32.392 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:44:32.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
21:44:32.422 Disk 0 scanning sectors +312578048
21:44:32.504 Disk 0 scanning C:\Windows\system32\drivers
21:44:48.231 Service scanning
21:45:29.587 Modules scanning
21:45:47.329 AVAST engine scan C:\Windows
21:45:50.199 AVAST engine scan C:\Windows\system32
21:54:04.392 AVAST engine scan C:\Windows\system32\drivers
21:54:21.739 AVAST engine scan C:\Users\User
22:01:14.793 AVAST engine scan C:\ProgramData
22:04:07.402 Scan finished successfully
22:05:28.917 Disk 0 MBR has been saved successfully to "C:\Users\User\Documents\MBR.dat"
22:05:28.927 The log file has been saved successfully to "C:\Users\User\Documents\aswMBR 10-10-2013 10pm.txt"





Doing the Speccy next.
  • 0

#7
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Speccy Log.



Summary
Operating System
Windows 7 Home Premium 32-bit SP1
CPU
Intel Core Duo T2400 @ 1.83GHz 52 °C
Yonah 65nm Technology
RAM
3.00GB Dual-Channel DDR2 @ 332MHz (5-5-5-15)
Motherboard
LENOVO 2008Z78 (None) 52 °C
Graphics
Wide viewing angle & High density FlexView Display 1400x1050 (1400x1050@60Hz)
128MB ATI Mobility Radeon X1400 (Lenovo)
Hard Drives
149GB Hitachi HTS545016B9A300 (SATA) 37 °C
Optical Drives
MATSHITA DVD-RAM UJ-822S ATA Device
Audio
SoundMAX Integrated Digital HD Audio
Operating System
Windows 7 Home Premium 32-bit SP1
Computer type: Notebook
Installation Date: 10/5/2011 2:43:26 AM
Serial Number: Deleted
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every Sunday
Schedule Time 3:00 AM
Windows Defender
Windows Defender Disabled
Antivirus
Antivirus Disabled
Company Name Microsoft
Display Name Microsoft Security Essentials
Product Version 4.2.223.1
Virus Signature Database Up to date
.NET Frameworks installed
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 10.0.9200.16721
PowerShell
Version 2.0
Java
Java Runtime Environment
Path C:\Program Files\Java\jre6\bin\java.exe
Version 6.0
Update 37
Build 06
Environment Variables
USERPROFILE C:\Users\User
SystemRoot C:\Windows
User Variables
TEMP C:\Users\User\AppData\Local\Temp
TMP C:\Users\User\AppData\Local\Temp
Machine Variables
asl.log Destination=file
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
NUMBER_OF_PROCESSORS 2
OS Windows_NT
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
C:\Program Files\Windows Live\Shared
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE x86
PROCESSOR_IDENTIFIER x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 0e0c
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
TEMP C:\Windows\TEMP
TFS_DIR C:\Program Files\ThinkVantage Fingerprint Software\
TMP C:\Windows\TEMP
USERNAME SYSTEM
windir C:\Windows
TVT C:\Program Files\Lenovo
TSMPATH C:\Program Files\ThinkPad\UltraNav Utility
Battery
AC Line Online
Battery Charge % 100 %
Battery State High
Remaining Battery Time Unknown
Power Profile
Active power scheme Balanced
Hibernation Enabled
Turn Off Monitor after: (On AC Power) 10 min
Turn Off Monitor after: (On Battery Power) 10 min
Turn Off Hard Disk after: (On AC Power) 20 min
Turn Off Hard Disk after: (On Battery Power) 10 min
Suspend after: (On AC Power) 15 min
Suspend after: (On Battery Power) 15 min
Screen saver Disabled
Uptime
Current Session
Current Time 10/10/2013 10:16:56 PM
Current Uptime 3,382 sec (0 d, 00 h, 56 m, 22 s)
Last Boot Time 10/10/2013 9:20:34 PM
TimeZone
TimeZone GMT -6:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
ACDaemon.exe
Process ID 3960
User User
Domain User-PC
Path C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Memory Usage 7.64 MB
Peak Memory Usage 7.71 MB
ACService.exe
Process ID 2216
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Memory Usage 2.95 MB
Peak Memory Usage 3.42 MB
AEADISRV.EXE
Process ID 2256
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\AEADISRV.EXE
Memory Usage 2.34 MB
Peak Memory Usage 2.36 MB
AppleMobileDeviceService.exe
Process ID 2296
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Memory Usage 7.96 MB
Peak Memory Usage 7.97 MB
armsvc.exe
Process ID 2236
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
Memory Usage 2.88 MB
Peak Memory Usage 2.91 MB
Ati2evxx.exe
Process ID 1488
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\Ati2evxx.exe
Memory Usage 6.03 MB
Peak Memory Usage 6.11 MB
Ati2evxx.exe
Process ID 1088
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\Ati2evxx.exe
Memory Usage 3.63 MB
Peak Memory Usage 3.65 MB
audiodg.exe
Process ID 4304
User LOCAL SERVICE
Domain NT AUTHORITY
Memory Usage 13 MB
Peak Memory Usage 14 MB
chrome.exe
Process ID 4140
User User
Domain User-PC
Path C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 62 MB
Peak Memory Usage 108 MB
chrome.exe
Process ID 4784
User User
Domain User-PC
Path C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
chrome.exe
Process ID 3272
User User
Domain User-PC
Path C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 73 MB
Peak Memory Usage 99 MB
chrome.exe
Process ID 3460
User User
Domain User-PC
Path C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 40 MB
Peak Memory Usage 60 MB
csrss.exe
Process ID 540
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 3.28 MB
Peak Memory Usage 34 MB
csrss.exe
Process ID 620
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 12 MB
Peak Memory Usage 34 MB
dwm.exe
Process ID 2904
User User
Domain User-PC
Path C:\Windows\system32\Dwm.exe
Memory Usage 70 MB
Peak Memory Usage 80 MB
eEBSvc.exe
Process ID 600
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
Memory Usage 5.21 MB
Peak Memory Usage 5.23 MB
EPCP.exe
Process ID 2372
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
Memory Usage 6.41 MB
Peak Memory Usage 8.10 MB
explorer.exe
Process ID 4908
User User
Domain User-PC
Path C:\Windows\explorer.exe
Memory Usage 94 MB
Peak Memory Usage 105 MB
GoogleUpdate.exe
Process ID 2172
User User
Domain User-PC
Path C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Memory Usage 532 KB
Peak Memory Usage 5.58 MB
GrooveMonitor.exe
Process ID 3952
User User
Domain User-PC
Path C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Memory Usage 7.91 MB
Peak Memory Usage 7.91 MB
jusched.exe
Process ID 4080
User User
Domain User-PC
Path C:\Program Files\Common Files\Java\Java Update\jusched.exe
Memory Usage 3.36 MB
Peak Memory Usage 3.36 MB
lsass.exe
Process ID 724
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsass.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
lsm.exe
Process ID 732
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsm.exe
Memory Usage 2.98 MB
Peak Memory Usage 3.01 MB
lvvsst.exe
Process ID 2648
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
Memory Usage 4.55 MB
Peak Memory Usage 4.82 MB
mbamgui.exe
Process ID 2868
User User
Domain User-PC
Path C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Memory Usage 6.66 MB
Peak Memory Usage 6.66 MB
mbamscheduler.exe
Process ID 2676
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
Memory Usage 4.98 MB
Peak Memory Usage 5.03 MB
mbamservice.exe
Process ID 2716
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Memory Usage 3.48 MB
Peak Memory Usage 170 MB
MsMpEng.exe
Process ID 976
User SYSTEM
Domain NT AUTHORITY
Path c:\Program Files\Microsoft Security Client\MsMpEng.exe
Memory Usage 47 MB
Peak Memory Usage 153 MB
msseces.exe
Process ID 3944
User User
Domain User-PC
Path C:\Program Files\Microsoft Security Client\msseces.exe
Memory Usage 17 MB
Peak Memory Usage 20 MB
notepad.exe
Process ID 3576
User User
Domain User-PC
Path C:\Windows\system32\NOTEPAD.EXE
Memory Usage 5.32 MB
Peak Memory Usage 7.83 MB
notepad.exe
Process ID 4460
User User
Domain User-PC
Path C:\Windows\system32\NOTEPAD.EXE
Memory Usage 6.97 MB
Peak Memory Usage 7.67 MB
PresentationFontCache.exe
Process ID 2408
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Memory Usage 8.96 MB
Peak Memory Usage 9.04 MB
SASCore.exe
Process ID 2188
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
Memory Usage 2.69 MB
Peak Memory Usage 2.73 MB
SCHTASK.EXE
Process ID 996
User User
Domain User-PC
Path C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
Memory Usage 4.75 MB
Peak Memory Usage 4.77 MB
SeaPort.EXE
Process ID 2796
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Microsoft\BingBar\SeaPort.EXE
Memory Usage 7.41 MB
Peak Memory Usage 7.84 MB
SearchFilterHost.exe
Process ID 5872
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchFilterHost.exe
Memory Usage 5.39 MB
Peak Memory Usage 5.39 MB
SearchIndexer.exe
Process ID 3724
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchIndexer.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
SearchProtocolHost.exe
Process ID 1300
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchProtocolHost.exe
Memory Usage 8.12 MB
Peak Memory Usage 8.12 MB
services.exe
Process ID 708
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\services.exe
Memory Usage 7.50 MB
Peak Memory Usage 12 MB
smax4pnp.exe
Process ID 4016
User User
Domain User-PC
Path C:\Program Files\Analog Devices\Core\smax4pnp.exe
Memory Usage 5.80 MB
Peak Memory Usage 5.80 MB
smss.exe
Process ID 448
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 816 KB
Peak Memory Usage 832 KB
Speccy.exe
Process ID 1892
User User
Domain User-PC
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 23 MB
Peak Memory Usage 23 MB
spoolsv.exe
Process ID 2016
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\spoolsv.exe
Memory Usage 10 MB
Peak Memory Usage 10 MB
svchost.exe
Process ID 3504
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 4.57 MB
Peak Memory Usage 4.79 MB
svchost.exe
Process ID 1728
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
svchost.exe
Process ID 1240
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 30 MB
Peak Memory Usage 38 MB
svchost.exe
Process ID 1196
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
svchost.exe
Process ID 1156
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 81 MB
Peak Memory Usage 91 MB
svchost.exe
Process ID 1120
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
svchost.exe
Process ID 2780
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 11 MB
Peak Memory Usage 12 MB
svchost.exe
Process ID 4144
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 7.44 MB
Peak Memory Usage 7.93 MB
svchost.exe
Process ID 908
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 5.80 MB
Peak Memory Usage 5.95 MB
svchost.exe
Process ID 828
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 7.56 MB
Peak Memory Usage 7.91 MB
svchost.exe
Process ID 1924
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 15 MB
Peak Memory Usage 53 MB
svchost.exe
Process ID 2972
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 4.07 MB
Peak Memory Usage 4.10 MB
SynTPEnh.exe
Process ID 4024
User User
Domain User-PC
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 10 MB
Peak Memory Usage 11 MB
SynTPHelper.exe
Process ID 2316
User User
Domain User-PC
Path C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Memory Usage 2.45 MB
Peak Memory Usage 2.45 MB
SynTPLpr.exe
Process ID 2516
User User
Domain User-PC
Path C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Memory Usage 3.05 MB
Peak Memory Usage 3.05 MB
System
Process ID 4
Memory Usage 720 KB
Peak Memory Usage 6.57 MB
System Idle Process
Process ID 0
taskhost.exe
Process ID 524
User User
Domain User-PC
Path C:\Windows\system32\taskhost.exe
Memory Usage 9.93 MB
Peak Memory Usage 10 MB
TpShocks.exe
Process ID 4068
User User
Domain User-PC
Path C:\Windows\System32\TpShocks.exe
Memory Usage 3.25 MB
Peak Memory Usage 3.30 MB
upeksvr.exe
Process ID 1512
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
Memory Usage 8.18 MB
Peak Memory Usage 8.25 MB
virtscrl.exe
Process ID 2708
User SYSTEM
Domain NT AUTHORITY
Path C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
Memory Usage 5.37 MB
Peak Memory Usage 5.37 MB
VM331_STI.EXE
Process ID 3996
User User
Domain User-PC
Path C:\Windows\VM331_STI.EXE
Memory Usage 4.13 MB
Peak Memory Usage 4.13 MB
wininit.exe
Process ID 604
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wininit.exe
Memory Usage 3.24 MB
Peak Memory Usage 3.34 MB
winlogon.exe
Process ID 664
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\winlogon.exe
Memory Usage 6.21 MB
Peak Memory Usage 7.38 MB
WLIDSVC.EXE
Process ID 3032
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Memory Usage 11 MB
Peak Memory Usage 11 MB
WLIDSVCM.EXE
Process ID 3184
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Memory Usage 2.30 MB
Peak Memory Usage 2.33 MB
WmiPrvSE.exe
Process ID 3748
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
WmiPrvSE.exe
Process ID 5980
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 4.53 MB
Peak Memory Usage 4.53 MB
wmpnetwk.exe
Process ID 2852
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 11 MB
Peak Memory Usage 25 MB
WUDFHost.exe
Process ID 1412
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\WUDFHost.exe
Memory Usage 4.18 MB
Peak Memory Usage 4.23 MB
XAudio.exe
Process ID 3076
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\DRIVERS\xaudio.exe
Memory Usage 2.29 MB
Peak Memory Usage 2.30 MB
Scheduler
10/10/2013 10:41 PM; GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA
10/11/2013 2:00 AM; SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b
10/11/2013 4:26 AM; SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73
10/11/2013 12:30 PM; FreeFileViewerUpdateChecker
10/11/2013 12:40 PM; ProgramUpdateCheck
10/11/2013 4:41 PM; GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core
GlaryInitialize
PMTask
Hotfixes
10/10/2013 Security Update for Microsoft Office 2007 suites (KB2596825)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Security Update for Microsoft Office 2007 suites (KB2596825)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Security Update for Windows 7 (KB2864058)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Windows 7 (KB2862330)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Windows 7 (KB2862335)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Update for Windows 7 (KB2888049)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Security Update for Microsoft Office Word 2007 (KB2827330)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Security Update for Windows 7 (KB2884256)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Microsoft Office 2007 suites (KB2760585)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Security Update for Windows 7 (KB2876284)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Update for Windows 7 (KB2882822)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2861191)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Windows 7 (KB2847311)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Update for Windows 7 (KB2852386)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Windows Malicious Software Removal Tool - October 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/9/2013 Security Update for Microsoft Silverlight (KB2890788)
This security update to Silverlight includes fixes outlined in
KB 2890788. This update is backward compatible with web applications
built using previous versions of Silverlight.
10/9/2013 Security Update for Microsoft Office 2007 suites (KB2827326)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Security Update for Microsoft Office 2007 suites (KB2760591)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Security Update for Microsoft Office Excel 2007 (KB2827324)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2879017)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Windows 7 (KB2883150)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2863240)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Update for Windows 7 (KB2846960)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Update for Windows 7 (KB2868116)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Update for Windows 7 (KB2853952)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Security Update for Microsoft Office 2007 suites (KB2827329)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/9/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2861698)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Windows 7 (KB2868038)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Microsoft Office 2007 suites (KB2596825)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/9/2013 Security Update for Windows 7 (KB2864202)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Windows 7 (KB2872339)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2858302)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/9/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
10/7/2013 Security Update for Windows 7 (KB2872339)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/6/2013 Security Update for Microsoft Office 2007 suites (KB2760588)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/6/2013 Security Update for Microsoft Office 2007 suites (KB2760823)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
10/6/2013 Security Update for Microsoft Office Excel 2007 (KB2760583)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Security Update for Microsoft Office 2007 suites (KB2597973)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Security Update for Microsoft Office Word 2007 (KB2767773)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Security Update for Microsoft Office Outlook 2007 (KB2825999)
A security vulnerability exists in Microsoft Office Outlook 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2870699)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/6/2013 Update for Windows 7 (KB2868116)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/6/2013 Update for Windows 7 (KB2853952)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/6/2013 Security Update for Windows 7 (KB2876315)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/6/2013 Security Update for Microsoft Office 2007 suites (KB2596825)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Security Update for Windows 7 (KB2872339)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/6/2013 Security Update for Microsoft Office 2007 suites (KB2760411)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/6/2013 Windows Malicious Software Removal Tool - September 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/6/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.1542.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
8/22/2013 Security Update for Windows 7 (KB2849470)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/22/2013 Security Update for Windows 7 (KB2862966)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/22/2013 Windows Malicious Software Removal Tool - August 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
8/21/2013 Security Update for Windows 7 (KB2859537)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/21/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
8/21/2013 Update for Microsoft Office 2007 suites (KB2767849)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
8/21/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2840628)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/21/2013 Security Update for Windows 7 (KB2868623)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/21/2013 Update for Microsoft Office Outlook 2007 (KB2768023)
Microsoft has released an update for Microsoft Office Outlook
2007 . This update provides the latest fixes to Microsoft Office
Outlook 2007 . Additionally, this update contains stability and
performance improvements.
8/21/2013 Security Update for Windows 7 (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/21/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2844286)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/21/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2862772)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/21/2013 Update for Windows 7 (KB2863058)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
8/21/2013 Security Update for Windows 7 (KB2861855)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/5/2013 Update for Windows 7 (KB2834140)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
8/5/2013 Security Update for Windows 7 (KB2835361)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
8/5/2013 Update for Windows 7 (KB2836502)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
7/28/2013 Internet Explorer 10 for Windows 7
Internet Explorer 10 is fast and fluid, and lets your websites
shine and perform just like native apps on your PC.
Internet
Explorer 10. Fast and fluid for Windows 7.
• Fast. Internet
Explorer 10 harnesses the untapped power of your PC, delivering
pages full of vivid graphics, smoother video, and interactive
content.
• Easy. Experience the web the way you want to with
pinned sites, built-in Spellcheck, and seamless integration with
your PC running Windows 7.
• Safer. Improved features like SmartScreen
Filter and Tracking Protection let you be more aware of threats
to your PC and your privacy.
7/15/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2835393)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2844286)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2832414)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Windows 7 (KB2835361)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Windows 7 (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Windows 7 (KB2845187)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2846071)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
7/15/2013 Security Update for Windows 7 (KB2850851)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Windows Malicious Software Removal Tool - July 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
7/15/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2840631)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Windows 7 (KB2835364)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Microsoft Office 2007 suites (KB2687309)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
7/15/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2833946)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2840628)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Windows 7 (KB2847927)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
7/15/2013 Security Update for Microsoft Silverlight (KB2847559)
This security update to Silverlight includes fixes outlined in
KB 2847559. This update is backward compatible with web applications
built using previous versions of Silverlight.
7/15/2013 Security Update for Windows 7 (KB2834886)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
6/23/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
6/23/2013 Update for Windows 7 (KB2834140)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
6/23/2013 Update for Windows 7 (KB2808679)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
6/23/2013 Security Update for Windows 7 (KB2839894)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
6/23/2013 Security Update for Windows 7 (KB2813430)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
6/23/2013 Windows Malicious Software Removal Tool - June 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/23/2013 Security Update for Windows 7 (KB2839229)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
6/23/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2838727)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
6/23/2013 Security Update for Windows 7 (KB2845690)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
6/4/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.1613.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
5/27/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2804579)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
5/27/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
5/27/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2829530)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/27/2013 Update for Windows 7 (KB2813956)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/27/2013 Security Update for Windows 7 (KB2829361)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/27/2013 Update for Windows 7 (KB2820331)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
5/27/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2804576)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
5/27/2013 Security Update for Microsoft Office Publisher 2007 (KB2597971)
A security vulnerability exists in Microsoft Office Publisher
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
5/27/2013 Security Update for Windows 7 (KB2830290)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/27/2013 Security Update for Internet Explorer 9 for Windows 7 (KB2847204)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/27/2013 Windows Malicious Software Removal Tool - May 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
5/27/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/27/2013 Update for Windows 7 (KB2798162)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/20/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/20/2013 Update for Windows 7 (KB2798162)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/15/2013 Update for Windows 7 (KB2813956)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/15/2013 Security Update for Windows 7 (KB2840149)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/15/2013 Security Update for Windows 7 (KB2808735)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/15/2013 Update for Windows 7 (KB2799926)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/15/2013 Security Update for Windows 7 (KB2813170)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/15/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
5/15/2013 Security Update for Windows 7 (KB2813347)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/15/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2817183)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
5/15/2013 Windows Malicious Software Removal Tool - April 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
4/12/2013 Security Update for Windows 7 (KB2807986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/24/2013 Windows Malicious Software Removal Tool - March 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
3/24/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
3/24/2013 Update for Microsoft Office 2007 suites (KB2687493)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
3/24/2013 Security Update for Microsoft Silverlight (KB2814124)
This security update to Silverlight includes fixes outlined in
KB 2814124. This update is backward compatible with web applications
built using previous versions of Silverlight.
3/24/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2809289)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
3/24/2013 Update for Windows 7 (KB2791765)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
2/24/2013 Windows Malicious Software Removal Tool - February 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2/24/2013 Security Update for Windows 7 (KB2778344)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/24/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2789645)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/24/2013 Update for Microsoft Office 2007 suites (KB2596620)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2/24/2013 Update for Microsoft Office 2007 suites (KB2596802)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2/24/2013 Security Update for Windows 7 (KB2799494)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/24/2013 Security Update for Windows 7 (KB2790655)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2/24/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2792100)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2/24/2013 Security Update for Internet Explorer 9 for Windows 7 (KB2797052)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/24/2013 Update for Microsoft Security Essentials - KB2804527 (4.2.223.1)
This package will update Microsoft Security Essentials client
on the user's machine.
2/24/2013 Update for Microsoft Office 2007 suites (KB2767916)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2/24/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/24/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
2/24/2013 Security Update for Windows 7 (KB2790113)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/21/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.376.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/17/2013 Update for Windows 7 (KB2786400)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/17/2013 Security Update for Windows 7 (KB2778930)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/17/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
1/17/2013 Security Update for Windows 7 (KB2769369)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/17/2013 Security Update for Microsoft Office 2007 suites (KB2687499)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
1/17/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/17/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2756921)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/17/2013 Security Update for Windows 7 (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/17/2013 Update for Windows 7 (KB2726535)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/17/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/17/2013 Update for Windows 7 (KB2773072)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/17/2013 Security Update for Windows 7 (KB2785220)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
1/17/2013 Update for Windows 7 (KB2786081)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/17/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
1/8/2013 Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/23/2012 Security Update for Windows 7 (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/16/2012 Security Update for Windows 7 (KB2779030)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/16/2012 Security Update for Windows 7 (KB2758857)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/16/2012 Security Update for Windows 7 (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/16/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2761465)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/16/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
12/16/2012 Security Update for Microsoft Office 2007 suites (KB2760416)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
12/16/2012 Security Update for Windows 7 (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/16/2012 Update for Windows 7 (KB2779562)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
12/16/2012 Security Update for Microsoft Office Word 2007 (KB2760421)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
12/2/2012 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2729452)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/2/2012 Update for Windows 7 (KB2762895)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
12/2/2012 Windows Malicious Software Removal Tool - November 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
12/2/2012 Update for Windows 7 (KB2761217)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/2/2012 Update for Windows 7 (KB2750841)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/2/2012 Security Update for Windows 7 (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/2/2012 Security Update for Windows 7 (KB2761226)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/2/2012 Update for Windows 7 (KB2763523)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/26/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.414.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
11/25/2012 Update for Windows 7 (KB2647753)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2729452)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/25/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
11/25/2012 Update for Windows 7 (KB2749655)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/25/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/25/2012 Update for Windows 7 (KB2756822)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
11/25/2012 Update for Windows 7 (KB2731771)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Update for Windows 7 (KB2661254)
Install this update to keep your system up to date by increasing
the minimum level of encryption on Windows systems. After you
install this item, you may have to restart your system.
11/25/2012 Microsoft Security Essentials Client Update Package - KB2754296
This package will update Microsoft Security Essentials client
on the user's machine.
11/25/2012 Windows Malicious Software Removal Tool - November 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
11/25/2012 Update for Windows 7 (KB2732487)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Update for Windows 7 (KB2761217)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Microsoft Office 2007 suites (KB2687311)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
11/25/2012 Update for Windows 7 (KB2739159)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Update for Windows 7 (KB2729094)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Microsoft Office 2007 suites (KB2687439)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
11/25/2012 Update for Windows 7 (KB2750841)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Update for Microsoft Office 2007 suites (KB2596660)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
11/25/2012 Update for Windows 7 (KB2732500)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Windows 7 (KB2705219)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/25/2012 Security Update for Windows 7 (KB2743555)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
11/25/2012 Security Update for Windows 7 (KB2724197)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain access to information.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
11/25/2012 Update for Microsoft Office 2007 suites (KB2596848)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
11/25/2012 Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 (KB2685811)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Microsoft Office Excel 2007 (KB2687307)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
11/25/2012 Update for User-Mode Driver Framework version 1.11 for Windows 7 (KB2685813)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Security Update for Windows 7 (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/25/2012 Security Update for Microsoft Office Word 2007 (KB2687315)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
11/25/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2761451)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
11/25/2012 Security Update for Windows 7 (KB2761226)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/25/2012 Update for Windows 7 (KB2763523)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
11/25/2012 Update for Microsoft Office Outlook 2007 (KB2687404)
Microsoft has released an update for Microsoft Office Outlook
2007 . This update provides the latest fixes to Microsoft Office
Outlook 2007 . Additionally, this update contains stability and
performance improvements.
11/25/2012 Security Update for Microsoft Office InfoPath 2007 (KB2687440)
A security vulnerability exists in Microsoft Office InfoPath
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
11/25/2012 Security Update for Microsoft Office 2007 suites (KB2687314)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
11/16/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.139.2195.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
10/28/2012 Update for Windows 7 (KB2647753)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Update for Windows 7 (KB2749655)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
10/28/2012 Update for Windows 7 (KB2756822)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
10/28/2012 Update for Windows 7 (KB2731771)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Update for Windows 7 (KB2661254)
Install this update to keep your system up to date by increasing
the minimum level of encryption on Windows systems. After you
install this item, you may have to restart your system.
10/28/2012 Microsoft Security Essentials Client Update Package - KB2754296
This package will update Microsoft Security Essentials client
on the user's machine.
10/28/2012 Update for Windows 7 (KB2732487)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Update for Windows 7 (KB2739159)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Windows Malicious Software Removal Tool - October 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/28/2012 Update for Windows 7 (KB2729094)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Security Update for Microsoft Office 2007 suites (KB2687439)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/28/2012 Update for Windows 7 (KB2732500)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/28/2012 Security Update for Windows 7 (KB2705219)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/28/2012 Security Update for Windows 7 (KB2743555)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
10/28/2012 Security Update for Windows 7 (KB2724197)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain access to information.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
10/28/2012 Security Update for Microsoft Office Word 2007 (KB2687315)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/28/2012 Security Update for Windows 7 (KB2731847)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/28/2012 Security Update for Microsoft Office InfoPath 2007 (KB2687440)
A security vulnerability exists in Microsoft Office InfoPath
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
10/28/2012 Security Update for Microsoft Office 2007 suites (KB2687314)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/2/2012 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
10/2/2012 Update for Windows 7 (KB2732059)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
9/25/2012 Hotfix for Windows (KB2615763)
Fix for KB2615763
9/25/2012 Hotfix for Windows (KB2661796)
Fix for KB2661796
9/25/2012 Update for Windows 7 (KB2709981)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
9/25/2012 Synaptics - Input - ThinkPad UltraNav Pointing Device
Synaptics Input software update released in April, 2010
9/25/2012 Intel - Network, Other hardware - Intel® PRO/1000 PL Network Connection
Intel Network, Other hardware software update released in June,
2012
9/25/2012 CXT - Network - ThinkPad Modem
CXT Network software update released in January, 2007
9/25/2012 Lenovo - Display - Wide viewing angle & High density FlexView Display 1400x1050
Lenovo Display software update released in April, 2012
9/25/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.347.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
9/25/2012 AnalogDevices - Audio - SoundMAX Integrated Digital HD Audio
AnalogDevices Audio software update released in May, 2009
9/25/2012 Windows Malicious Software Removal Tool - September 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
9/25/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2744842)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
9/24/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.284.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
9/16/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
9/16/2012 Update for Windows 7 (KB2719857)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
9/16/2012 Update for Windows 7 (KB2735855)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
9/16/2012 Update for Windows 7 (KB2741355)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
9/16/2012 Skype 5.10 for Windows (KB2727727)
Skype 5.10 for Windows is now available. Updates include various
performance improvements and bugfixes.
9/16/2012 Update Rollup for ActiveX Killbits for Windows 7 (KB2736233)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
9/5/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.135.530.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
9/2/2012 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2686831)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/2/2012 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2604115)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/2/2012 Update for Windows 7 (KB2729094)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
System Folders
Path for burning CD C:\Users\User\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\User\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\User\Desktop
Physical Desktop C:\Users\User\Desktop
User Favorites C:\Users\User\Favorites
Fonts C:\Windows\Fonts
Internet History C:\Users\User\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\User\AppData\Local
Windows Directory C:\Windows
Windows/System C:\Windows\system32
Program Files C:\Program Files
Services
Running Adobe Acrobat Update Service
Running Andrea ADI Filters Service
Running Apple Mobile Device
Running Application Experience
Running Application Information
Running ArcSoft Connect Daemon
Running Ati External Event Utility
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Credential Manager
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Distributed Link Tracking Client
Running DNS Client
Running EpsonBidirectionalService
Running EpsonCustomerParticipation
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running Group Policy Client
Running HomeGroup Listener
Running HomeGroup Provider
Running Human Interface Device Access
Running Infrared monitor service
Running IP Helper
Running IPsec Policy Agent
Running Lenovo Auto Scroll
Running MBAMScheduler
Running MBAMService
Running Microsoft Antimalware Service
Running Multimedia Class Scheduler
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Peer Name Resolution Protocol
Running Peer Networking Grouping
Running Peer Networking Identity Manager
Running Plug and Play
Running Portable Device Enumerator Service
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running SAS Core Service
Running SeaPort
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Themes
Running UPnP Device Host
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Connect Now - Config Registrar
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Image Acquisition (WIA)
Running Windows Live ID Sign-in Assistant
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Presentation Foundation Font Cache 3.0.0.0
Running Windows Search
Running Windows Update
Running WinHTTP Web Proxy Auto-Discovery Service
Running WLAN AutoConfig
Running Workstation
Running XAudioService
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Adobe SwitchBoard
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped Bing Bar Update Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Bonjour Service
Stopped CamMonitor
Stopped Certificate Propagation
Stopped Cisco EnergyWise Enabler
Stopped COM+ System Application
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped Health Key and Certificate Management
Stopped IKE and AuthIP IPsec Keying Modules
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped iPod Service
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Lenovo Doze Mode Service
Stopped Lenovo Hotkey Client Loader
Stopped Lenovo Microphone Mute
Stopped Link-Layer Topology Discovery Mapper
Stopped LogMeIn Hamachi Tunneling Engine
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Network Inspection
Stopped Microsoft Office Diagnostics Service
Stopped Microsoft Office Groove Audit Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped On Screen Display
Stopped Parental Controls
Stopped Performance Logs & Alerts
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Power Manager DBC Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Access Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Secure Socket Tunneling Protocol Service
Stopped Skype C2C Service
Stopped Skype Updater
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped System Update
Stopped Tablet PC Input Service
Stopped Telephony
Stopped ThinkPad HDD APS Logging Service
Stopped ThinkPad PM Service
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Activation Technologies Service
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Defender
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Installer
Stopped Windows Live Family Safety Service
Stopped Windows Live Mesh remote connections service
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
Security Options
Accounts: Administrator account status Disabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Not Defined
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Enabled
Interactive logon: Display user information when the session is locked Not Defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 5 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Disabled
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Microsoft network server: Server SPN target name validation level Not Defined
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of passwords and credentials for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Network access: Restrict anonymous access to Named Pipes and Shares Enabled
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Network security: Allow Local System to use computer identity for NTLM Not Defined
Network security: Allow LocalSystem NULL session fallback Not Defined
Network Security: Allow PKU2U authentication requests to this computer to use online identities Not Defined
Network security: Configure encryption types allowed for Kerberos Not Defined
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined
Network security: Restrict NTLM: Add server exceptions in this domain Not Defined
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined
Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Incoming NTLM traffic Not Defined
Network security: Restrict NTLM: NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Force strong key protection for user keys stored on the computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
System settings: Optional subsystems Posix
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Device Tree
ACPI x86-based PC
Microsoft ACPI-Compliant System
Intel Core Duo CPU T2400 @ 1.83GHz
Intel Core Duo CPU T2400 @ 1.83GHz
System board
ACPI Lid
ACPI Sleep Button
ACPI Thermal Zone
ACPI Thermal Zone
ACPI Fixed Feature Button
PCI bus
Mobile Intel 945GM/GU/PM/GMS/940GML/943GML and Intel 945GT Express Processor to DRAM Controller - 27A0
Intel 82801G (ICH7 Family) PCI Express Root Port - 27D4
Intel 82801G (ICH7 Family) PCI Express Root Port - 27D6
Intel 82801G (ICH7 Family) SMBus Controller - 27DA
Mobile Intel® 945GM/GU/PM/GMS/940GML/943GML and Intel® 945GT Express PCI Express Root Port - 27A1
ATI Mobility Radeon X1400
Wide viewing angle & High density FlexView Display 1400x1050
High Definition Audio Controller
SoundMAX Integrated Digital HD Audio
ThinkPad Modem
Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D0
Intel PRO/1000 PL Network Connection
Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D2
Intel PRO/Wireless 3945ABG Network Connection
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C8
USB Root Hub
USB Composite Device
USB Input Device (Logitech Download Assistant)
HID Keyboard Device
USB Input Device
HID-compliant mouse
HID-compliant consumer control device
HID-compliant device
HID-compliant device
USB Input Device
HID-compliant device
HID-compliant device
HID-compliant device
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C9
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CA
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CB
USB Root Hub
TouchChip Fingerprint Coprocessor (WBF advanced mode)
Intel® 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
USB Root Hub
USB Mass Storage Device
Verbatim USB Device
Intel® 82801 PCI Bridge - 2448
Texas Instruments PCI-1510 CardBus Controller
Intel® 82801GBM (ICH7-M/U) LPC Interface Controller - 27B9
Motherboard resources
Programmable interrupt controller
System timer
High precision event timer
Direct memory access controller
System speaker
Numeric data processor
System CMOS/real time clock
Standard PS/2 Keyboard
ThinkPad UltraNav Pointing Device
IBM ThinkPad Fast Infrared Port
Microsoft ACPI-Compliant Embedded Controller
Microsoft ACPI-Compliant Control Method Battery
Microsoft AC Adapter
ThinkPad PM Device
Intel® 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF
ATA Channel 0
MATSHITA DVD-RAM UJ-822S ATA Device
Intel® ICH7M/MDH SATA AHCI Controller
Hitachi HTS545016B9A300
CPU
Intel Core Duo T2400
Cores 2
Threads 2
Name Intel Core Duo T2400
Code Name Yonah
Package Socket 479 mPGA
Technology 65nm
Specification Intel Core Duo CPU T2400 @ 1.83GHz
Family 6
Extended Family 6
Model E
Extended Model E
Stepping C
Revision D0
Instructions MMX, SSE, SSE2, SSE3, NX, VMX
Virtualization Supported, Disabled
Hyperthreading Not supported
Bus Speed 166.3 MHz
Rated Bus Speed 665.0 MHz
Stock Core Speed 1833 MHz
Stock Bus Speed 166 MHz
Average Temperature 52 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2048 KBytes
Core 0
Core Speed 997.6 MHz
Multiplier x 6.0
Bus Speed 166.3 MHz
Rated Bus Speed 665.0 MHz
Temperature 52 °C
Thread 1
APIC ID 0
Core 1
Core Speed 997.6 MHz
Multiplier x 6.0
Bus Speed 166.3 MHz
Rated Bus Speed 665.0 MHz
Temperature 51 °C
Thread 1
APIC ID 1
RAM
Memory
Type DDR2
Size 3072 MBytes
Channels # Dual
DRAM Frequency 332.5 MHz
CAS# Latency (CL) 5 clocks
RAS# to CAS# Delay (tRCD) 5 clocks
RAS# Precharge (tRP) 5 clocks
Cycle Time (tRAS) 15 clocks
Bank Cycle Time (tRC) 21 clocks
Physical Memory
Memory Usage 40 %
Total Physical 3.00 GB
Available Physical 1.77 GB
Total Virtual 6.00 GB
Available Virtual 4.64 GB
SPD
Number Of SPD Modules 0
Motherboard
Manufacturer LENOVO
Model 2008Z78 (None)
Version ThinkPad T60
Chipset Vendor Intel
Chipset Model i945PM
Chipset Revision 03
Southbridge Vendor Intel
Southbridge Model 82801GHM (ICH7-M/U)
Southbridge Revision B0
System Temperature 52 °C
BIOS
Brand LENOVO
Version 79ETC9WW (2.09 )
Date 12/22/2006
PCI Data
Slot PCI-E
Slot Type PCI-E
Slot Usage Available
Data lanes x1
Slot Designation ExpressCard Slot 1
Characteristics Hot Plug
Slot Number 0
Slot PCMCIA
Slot Type PCMCIA
Slot Usage Available
Bus Width 32 bit
Slot Designation CardBus Slot 1
Characteristics 5V, 3.3V, PC Card-16, CardBus, Zoom Video, Modem Ring Resume, PME, Hot Plug
Slot Number 1
Graphics
Monitor
Name Wide viewing angle & High density FlexView Display 1400x1050 on ATI Mobility Radeon X1400
Current Resolution 1400x1050 pixels
Work Resolution 1400x1002 pixels
State Enabled, Primary
Monitor Width 1400
Monitor Height 1050
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
ATI Mobility Radeon X1400
Manufacturer ATI
Model Mobility Radeon X1400
GPU M54
Device ID 1002-7145
Subvendor Lenovo (17AA)
Current Performance Level Level 0
Technology 90 nm
Die Size 100 mm²
Transistors 105 M
Release Date 2006
DirectX Support 9.0c
DirectX Shader Model 3.0
OpenGL Support 2.0
GPU Clock 0.0 MHz
Bios Core Clock 392.00
Bios Mem Clock 350.00
Driver version 8.561.0.0
BIOS Version BK-ATI VER009.012.001.025
ROPs 4
Shaders Vertex 4/Pixel 42
Memory Type DDR
Memory 128 MB
Count of performance levels : 1
Level 1
Hard Drives
Hitachi HTS545016B9A300
Manufacturer Hitachi
Product Family Travelstar
Series Prefix Standard
Model Capacity For This Specific Drive 160GB
Heads 16
Cylinders 16,383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number 090906PB5B01QCCB1MDG
LBA Size 48-bit LBA
Power On Count 2662 times
Power On Time 171.0 days
Speed 5400 RPM
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 149 GB
Real size 160,041,885,696 bytes
RAID Type None
S.M.A.R.T
Status Warning
Temperature 37 °C
Temperature Range OK (less than 50 °C)
01 Read Error Rate 100 (070) Data 0000000000
02 Throughput Performance 100 (100) Data 0000000000
03 Spin-Up Time 202 (100) Data 0000000001
04 Start/Stop Count 099 (099) Data 0000000ADC
05 Reallocated Sectors Count 100 (100) Data 0000100018
07 Seek Error Rate 100 (100) Data 0000000000
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 091 (091) Data 0000001007
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 099 (099) Data 0000000A66
B7 SATA Downshift Error Count 100 (100) Data 0000000000
B8 End-to-End error / IOEDC 100 (100) Data 0000000000
BB Reported Uncorrectable Errors 100 (100) Data 000175FFFF
BC Command Timeout 097 (001) Data 0000034AAC
BE Temperature Difference from 100 063 (049) Data 00261D0025
BF G-sense error rate 100 (100) Data 000000003E
C0 Power-off Retract Count 099 (099) Data 0000FA00FA
C1 Load/Unload Cycle Count 095 (095) Data 000000D124
C4 Reallocation Event Count 100 (100) Data 0000000011
C5 Current Pending Sector Count 100 (100) Data 000000006D
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 100 (100) Data 0000000000
DF Load/Unload Retry Count 100 (100) Data 0000000000
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter E:
File System NTFS
Volume Serial Number 464FCE0E
Size 99 MB
Used Space 28 MB (29%)
Free Space 71 MB (71%)
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number FC528A0A
Size 149 GB
Used Space 61 GB (41%)
Free Space 88 GB (59%)
Optical Drives
MATSHITA DVD-RAM UJ-822S ATA Device
Media Type DVD Writer
Name MATSHITA DVD-RAM UJ-822S ATA Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL
Write capabilities CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Cards
ManyCam Virtual Microphone
SoundMAX Integrated Digital HD Audio
Playback Devices
SPDIF Interface (SoundMAX Integrated Digital HD Audio)
Speakers (SoundMAX Integrated Digital HD Audio) (default)
Recording Devices
Microphone (ManyCam Virtual Microphone)
Microphone (SoundMAX Integrated Digital HD Audio) (default)
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Logitech
Location USB Input Device (Logitech Download Assistant)
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\kbdhid.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Logitech
Location USB Input Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\mouhid.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
ThinkPad UltraNav Pointing Device
Device Kind Mouse
Device Name ThinkPad UltraNav Pointing Device
Vendor Lenovo
Location plugged into PS/2 mouse port
Driver
Date 4-22-2010
Version 15.0.18.0
File C:\Windows\system32\DRIVERS\SynTP.sys
File C:\Windows\system32\SynTPAPI.dll
File C:\Windows\system32\SynCOM.dll
File C:\Windows\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynPinch.mpg
File C:\Program Files\Synaptics\SynTP\SynMomentum.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynPivotRotate_ChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingersDown.mpg
File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
File C:\Program Files\Synaptics\SynTP\TP4table.dat
File C:\Program Files\Synaptics\SynTP\TP4scrol.dat
File C:\Program Files\Synaptics\SynTP\TP4Sc_JP.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_GR.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_IT.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_SP.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_FR.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_FI.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_NL.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_NO.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_DK.htm
File C:\Program Files\Synaptics\SynTP\TP4Sc_SE.htm
File C:\Program Files\Synaptics\SynTP\TP4Scrol.htm
File C:\Program Files\Synaptics\SynTP\TP4-A123.GIF
File C:\Program Files\Synaptics\SynTP\TP4-ASR.GIF
File C:\Program Files\Synaptics\SynTP\TP4-HEAD.GIF
File C:\Program Files\Synaptics\SynTP\TP4-I.JPG
File C:\Program Files\Synaptics\SynTP\TP4-IMG.JPG
File C:\Program Files\Synaptics\SynTP\TP4-ISR.JPG
File C:\Program Files\Synaptics\SynTP\TP4-MG.GIF
File C:\Program Files\Synaptics\SynTP\TP4-NOTE.GIF
File C:\Program Files\Synaptics\SynTP\TP4-SC.GIF
File C:\Program Files\Synaptics\SynTP\TP4SCROL.CSS
File C:\Program Files\Synaptics\SynTP\SynPivotRotate.mpg
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
File C:\Windows\system32\SynTPCo4.dll
File C:\Windows\system32\WdfCoInstaller01009.dll
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor VERBATIM
Comment Verbatim USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Device Kind Portable Device
Device Name
Vendor VERBATIM
Location UMBus Enumerator
Driver
Date 6-21-2006
Version 6.1.7600.16385
Printers
Epson Stylus NX330(Network) (Default Printer)
Printer Port EP05999E:EPSON STYLUS NX330
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 360 * 360 dpi Color
Status Unknown
Driver
Driver Name EPSON NX330 Series (v5.10)
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FMAIHAA.DLL
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\FXSDRV.DLL
FoxTab PDF Converter
Printer Port FTPDFPort
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name FoxTab PDF Virtual Printer (v5.02)
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Send To OneNote 2007
Printer Port Send To Microsoft OneNote Port:
Print Processor OneNotePrint2007
Availability Always
Priority 1
Duplex None
Print Quality 300 * 300 dpi Color
Status Unknown
Driver
Driver Name Send To Microsoft OneNote Driver (v4.00)
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\msonpdrv.dll
Network
You are not connected to the internet
Computer Name
NetBIOS Name USER-PC
DNS Name User-PC
Membership Part of workgroup
Workgroup WORKGROUP
Remote Desktop
Disabled
Console
State Active
Domain User-PC
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 8
Wi-Fi (SDS)
SSID SDS
Name SDS
Signal Strength/Quality 41
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (Hatch05)
SSID Hatch05
Name Hatch05
Signal Strength/Quality 30
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (ATT648)
SSID ATT648
Name ATT648
Signal Strength/Quality 8
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (Easter)
SSID Easter
Name Easter
Signal Strength/Quality 55
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network WEP cipher algorithm with a cipher key of any length
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
Wi-Fi (NetworkL)
SSID NetworkL
Name NetworkL
Signal Strength/Quality 25
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (NETGEAR84-5G)
SSID NETGEAR84-5G
Name NETGEAR84-5G
Signal Strength/Quality 28
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (Mertnet)
SSID Mertnet
Name Mertnet
Signal Strength/Quality 28
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (linksys_WPS_E1AF)
SSID linksys_WPS_E1AF
Name linksys_WPS_E1AF
Signal Strength/Quality 8
Security Enabled
State The interface is not connected to any network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Adapters List
Intel® PRO/Wireless 3945ABG Network Connection
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 192.168.1.1
MAC Address 00-19-D2-C2-03-0C
Intel® PRO/1000 PL Network Connection
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
MAC Address 00-16-41-E6-DA-99
Hamachi Network Interface
IP Address 5.66.163.173
Subnet mask 255.0.0.0
Gateway server 5.0.0.1
MAC Address 7A-79-05-42-A3-AD
Network Shares
Users C:\Users
Generated with Speccy v1.23.569







Moving on to the OTL.
  • 0

#8
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
OTL Log: Only got one log.



OTL logfile created on: 10/10/2013 10:21:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.10% Memory free
6.00 Gb Paging File | 4.69 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 88.16 Gb Free Space | 59.19% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.44 Mb Free Space | 71.44% Space Free | Partition Type: NTFS
Drive F: | 29.65 Gb Total Space | 26.79 Gb Free Space | 90.34% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 20:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/05/16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/10/20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/08 12:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/09 16:15:16 | 000,192,512 | ---- | M] (Vimicro) -- C:\Windows\VM331_STI.EXE
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 01:03:05 | 000,415,184 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
MOD - [2013/10/03 01:03:03 | 004,055,504 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 01:02:09 | 001,604,560 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 17:09:52 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/05/16 06:32:00 | 000,280,640 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/10/05 05:53:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\User\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/10/09 05:14:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/30 23:10:50 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/05/16 06:32:00 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2012/05/16 06:32:00 | 000,017,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2012/03/07 10:56:22 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2012/02/22 05:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 01:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/12/28 06:40:02 | 000,129,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/12/28 06:40:02 | 000,022,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011/12/26 20:10:35 | 000,033,080 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/29 10:26:08 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/10/05 05:17:15] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/05/26 14:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/17 23:18:30 | 000,991,872 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008/12/01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/19 03:15:10 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/11/27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 7C E1 95 59 96 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DF71CF13-731A-4CB7-9F19-95CD3576B32D}: "URL" = http://search.yahoo....36,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011/10/05 04:23:23 | 000,000,000 | ---D | M]

[2013/10/10 20:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Empower3000 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcjkjmonopjbmipkgbibcplajafnggd\0.7_0\
CHR - Extension: 3DTin = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: nGenx nFinity Browser\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbljgmognlmekcmkmlbgnmmkpklflojd\0.0.1.0_0\
CHR - Extension: MindMeister = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\2.0_0\
CHR - Extension: Audiotool = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: GeoGebra = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0\
CHR - Extension: EasyBib = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Sumo Paint = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\~
CHR - Extension: GoAnimate for Schools = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpaebfogajhndljeplcmjicfjcdddf\1.0.2_0\
CHR - Extension: StudyBlue, Inc. = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh\1.7_0\
CHR - Extension: Pixlr Editor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Diigo Web = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\5.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\6.0_0\
CHR - Extension: Pixton Comic Maker for Google Chromebooks\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odepbnabionemkpekcfilpihkkfngnop\1.3_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.1.0_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.1_0\
CHR - Extension: Khan Academy = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko\0.0.0.1_0\
CHR - Extension: Glogster EDU = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoigcdmeplpebbdfjcofinjnlghmefh\6_0\
CHR - Extension: Pearson OpenClass = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\phllacioehenkhbnlpihgnhghgckpplm\1.0.1.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Empower3000 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcjkjmonopjbmipkgbibcplajafnggd\0.7_0\
CHR - Extension: 3DTin = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: nGenx nFinity Browser\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbljgmognlmekcmkmlbgnmmkpklflojd\0.0.1.0_0\
CHR - Extension: MindMeister = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\2.0_0\
CHR - Extension: Audiotool = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: GeoGebra = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0\
CHR - Extension: EasyBib = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Sumo Paint = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\
CHR - Extension: Lucidchart for Education = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0\~
CHR - Extension: GoAnimate for Schools = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpaebfogajhndljeplcmjicfjcdddf\1.0.2_0\
CHR - Extension: StudyBlue, Inc. = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh\1.7_0\
CHR - Extension: Pixlr Editor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Diigo Web = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\5.0_0\
CHR - Extension: TypingClub = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\6.0_0\
CHR - Extension: Pixton Comic Maker for Google Chromebooks\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odepbnabionemkpekcfilpihkkfngnop\1.3_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.1.0_0\
CHR - Extension: WeVideo - Video Editor & Maker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.1_0\
CHR - Extension: Khan Academy = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko\0.0.0.1_0\
CHR - Extension: Glogster EDU = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoigcdmeplpebbdfjcofinjnlghmefh\6_0\
CHR - Extension: Pearson OpenClass = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\phllacioehenkhbnlpihgnhghgckpplm\1.0.1.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [331BigDog] C:\Windows\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...AutoDetect2.cab (IASRunner Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.co...esPlayer_v4.cab (GoBit Games Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1DEADE7-4B11-4DBD-A702-5920000E1502}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 24x7HELP - hkey= - key= - File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: EEventManager - hkey= - key= - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg: Epson Stylus NX330(Network) - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Logitech Download Assistant - hkey= - key= - File not found
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: ManyCam - hkey= - key= - C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
MsConfig - StartUpReg: Pokki - hkey= - key= - File not found
MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: 19978944.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: 19978944.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/10 22:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/10/10 22:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/10/10 21:32:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/10 21:15:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/10 20:39:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/09 20:51:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/10/09 07:30:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/09 07:30:43 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/09 07:30:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/10/09 07:30:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/09 07:30:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/09 07:30:40 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/09 07:30:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/10/09 07:30:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/10/09 07:30:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/10/09 07:30:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/10/09 05:35:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/09 05:35:36 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/09 05:35:36 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/09 05:35:31 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/09 05:35:31 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/09 05:35:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/09 05:35:30 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/09 05:35:18 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/09 05:35:16 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/09 05:35:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/09 05:35:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/09 05:35:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/09 05:34:28 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/09 05:34:24 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/06 20:25:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/06 20:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/06 20:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/06 20:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/06 18:58:55 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2013/10/06 17:26:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/10/06 17:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/06 17:15:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/06 17:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/06 15:51:43 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\User\Desktop\iExplore.exe
[2013/10/05 23:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/10/05 23:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/10/05 23:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/10/05 22:00:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013/09/23 18:10:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/23 18:10:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/23 18:10:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/23 18:10:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/23 18:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/23 18:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/23 18:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/23 18:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/23 18:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/23 18:10:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/23 18:10:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/23 18:10:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/23 18:10:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/23 18:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/23 18:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/23 18:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/23 18:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/23 18:10:39 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[4 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/10 22:16:04 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/10/10 22:05:28 | 000,000,512 | ---- | M] () -- C:\Users\User\Documents\MBR.dat
[2013/10/10 21:41:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA.job
[2013/10/10 21:29:52 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 21:29:52 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 21:27:10 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/10 21:27:10 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/10 21:22:36 | 003,765,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 21:22:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/10 21:20:44 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 20:48:47 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
[2013/10/09 20:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/10/09 16:41:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core.job
[2013/10/09 05:24:32 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/09 05:14:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/10/07 15:47:28 | 000,009,457 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/06 20:28:21 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
[2013/10/06 20:25:50 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 17:26:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/06 15:47:40 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\User\Desktop\iExplore.exe
[2013/10/05 23:43:48 | 000,001,244 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/05 23:43:48 | 000,001,220 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2013/10/05 22:07:00 | 000,002,362 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/22 18:27:53 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/22 18:27:49 | 002,876,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/22 18:27:49 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/22 18:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/22 18:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/22 18:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/22 18:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/20 22:30:24 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/20 21:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[4 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/10 22:14:26 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/10/10 22:05:28 | 000,000,512 | ---- | C] () -- C:\Users\User\Documents\MBR.dat
[2013/10/09 05:24:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/09 05:24:32 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/07 15:44:37 | 000,009,457 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/06 20:26:07 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
[2013/10/06 20:26:07 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
[2013/10/06 20:25:50 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 17:15:42 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/05 23:43:48 | 000,001,244 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/05 23:43:48 | 000,001,220 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2012/07/20 11:58:56 | 000,000,071 | ---- | C] () -- C:\Windows\ENX330.ini
[2012/02/29 19:16:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012/01/21 21:00:12 | 000,187,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/01 23:14:39 | 000,131,072 | ---- | C] ( ) -- C:\Windows\vm331Rmv.exe
[2012/01/01 23:14:38 | 000,001,598 | ---- | C] () -- C:\Windows\vm331Rmv.ini

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545016B9A300
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 105906176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2012/08/16 19:42:01 | 001,669,749 | ---- | M] () -- C:\MGtools.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2012/08/16 19:42:01 | 001,669,749 | ---- | M] () -- C:\MGtools.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/05/15 18:30:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2012/08/13 20:43:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2012/01/21 21:03:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012/08/13 20:46:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ArcSoft
[2011/10/05 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ashampoo
[2012/02/05 14:52:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/05 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CyberLink
[2012/07/23 14:21:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Epson
[2012/11/15 18:35:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFileViewer
[2011/10/05 11:55:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2011/10/05 02:44:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2012/04/28 15:52:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
[2012/07/20 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011/10/30 09:14:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2011/12/06 09:00:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/04/27 15:04:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2009/07/14 02:48:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2013/01/27 19:02:03 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2012/07/08 12:16:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2012/01/15 20:56:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Software
[2012/09/24 21:01:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PwrMgr
[2011/12/29 16:55:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Real
[2013/10/05 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2013/10/06 20:25:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/27 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WeatherBug
[2011/10/05 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows SideBar
[2012/07/08 12:52:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\System32\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\System32\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is FC52-8A0A
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\User
10/05/2011 02:44 AM <JUNCTION> Application Data [C:\Users\User\AppData\Roaming]
10/05/2011 02:44 AM <JUNCTION> Cookies [C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies]
10/05/2011 02:44 AM <JUNCTION> Local Settings [C:\Users\User\AppData\Local]
10/05/2011 02:44 AM <JUNCTION> My Documents [C:\Users\User\Documents]
10/05/2011 02:44 AM <JUNCTION> NetHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/05/2011 02:44 AM <JUNCTION> PrintHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/05/2011 02:44 AM <JUNCTION> Recent [C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent]
10/05/2011 02:44 AM <JUNCTION> SendTo [C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo]
10/05/2011 02:44 AM <JUNCTION> Start Menu [C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu]
10/05/2011 02:44 AM <JUNCTION> Templates [C:\Users\User\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\User\AppData\Local
10/05/2011 02:44 AM <JUNCTION> Temporary Internet Files [C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\User\AppData\LocalLow
01/17/2012 10:17 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\User\Documents
10/05/2011 02:44 AM <JUNCTION> My Music [C:\Users\User\Music]
10/05/2011 02:44 AM <JUNCTION> My Pictures [C:\Users\User\Pictures]
10/05/2011 02:44 AM <JUNCTION> My Videos [C:\Users\User\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 100,248,080,384 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\InstallInfo\\ShowIconsCommand: "C:\Users\User\AppData\Local\Torch\Application\torch.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\InstallInfo\\HideIconsCommand: "C:\Users\User\AppData\Local\Torch\Application\torch.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\InstallInfo\\ReinstallCommand: "C:\Users\User\AppData\Local\Torch\Application\torch.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\shell\open\command\\: "C:\Users\User\AppData\Local\Torch\Application\torch.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/09/22 18:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\InstallInfo\\ShowIconsCommand: "C:\Users\User\AppData\Local\Torch\Application\torch.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\InstallInfo\\HideIconsCommand: "C:\Users\User\AppData\Local\Torch\Application\torch.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\InstallInfo\\ReinstallCommand: "C:\Users\User\AppData\Local\Torch\Application\torch.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch\shell\open\command\\: "C:\Users\User\AppData\Local\Torch\Application\torch.exe"

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 21:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 21:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:100CB1DD

< End of report >







I will need to finish the rest tomorrow night. Need sleep for work tomorrow.
  • 0

#9
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
FARBAR log:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by User (administrator) on USER-PC on 10-10-2013 22:52:46
Running from C:\Users\User\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Vimicro) C:\Windows\VM331_STI.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [331BigDog] - C:\Windows\VM331_STI.EXE [192512 2007-08-09] (Vimicro)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [PWMTRV] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-25] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D7CE1955996CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DF71CF13-731A-4CB7-9F19-95CD3576B32D} URL = http://search.yahoo....36,17118,0,18,0
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...AutoDetect2.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.co...esPlayer_v4.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Empower3000) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcjkjmonopjbmipkgbibcplajafnggd\0.7_0
CHR Extension: (3DTin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (nGenx nFinity Browser\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbljgmognlmekcmkmlbgnmmkpklflojd\0.0.1.0_0
CHR Extension: (MindMeister) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0
CHR Extension: (Graphing Calculator by Desmos.com) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0
CHR Extension: (Audiotool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (GeoGebra) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0
CHR Extension: (EasyBib) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Sumo Paint) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0
CHR Extension: (Stupeflix Video Maker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0
CHR Extension: (Lucidchart for Education) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbabpaggdgcakhjllleobffeghmhjme\15.0.6_0
CHR Extension: (GoAnimate for Schools) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpaebfogajhndljeplcmjicfjcdddf\1.0.2_0
CHR Extension: (StudyBlue, Inc.) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh\1.7_0
CHR Extension: (Pixlr Editor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0
CHR Extension: (Diigo Web) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (TypingClub) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0
CHR Extension: (Pixton Comic Maker for Google Chromebooks\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odepbnabionemkpekcfilpihkkfngnop\1.3_0
CHR Extension: (WeVideo - Video Editor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.1.0_0
CHR Extension: (Khan Academy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko\0.0.0.1_0
CHR Extension: (Glogster EDU) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoigcdmeplpebbdfjcofinjnlghmefh\6_0
CHR Extension: (Pearson OpenClass) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\phllacioehenkhbnlpihgnhghgckpplm\1.0.1.0_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [edflbdjfhpiboilnedfoiepbmcllkedb] - C:\Users\User\AppData\Local\CRE\edflbdjfhpiboilnedfoiepbmcllkedb.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\User\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S4 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1385896 2012-06-27] (LogMeIn Inc.)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
S2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2012-03-07] (Intel Corporation)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-09] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-05-30] (Power Software Ltd)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [991872 2009-03-17] (Vimicro Corporation)
S3 vvftav323; C:\Windows\System32\drivers\vvftav323.sys [475136 2007-03-19] (Vimicro Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-12-29] (CyberLink Corp.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\User\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 22:52 - 2013-10-10 22:52 - 01087213 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2013-10-10 22:52 - 2013-10-10 22:52 - 00000000 ____D C:\FRST
2013-10-10 22:45 - 2013-10-10 22:45 - 00175878 _____ C:\Users\User\Desktop\OTL 10-10-2013 1045pm.Txt
2013-10-10 22:16 - 2013-10-10 22:18 - 00157115 _____ C:\Users\User\Desktop\USER-PC.txt
2013-10-10 22:14 - 2013-10-10 22:16 - 00000941 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-10-10 22:14 - 2013-10-10 22:16 - 00000000 ____D C:\Program Files\Speccy
2013-10-10 22:12 - 2013-10-10 22:12 - 05552488 _____ (Piriform Ltd) C:\Users\User\Downloads\spsetup123.exe
2013-10-10 22:05 - 2013-10-10 22:05 - 00001543 _____ C:\Users\User\Desktop\aswMBR 10-10-2013 10pm.txt
2013-10-10 22:05 - 2013-10-10 22:05 - 00000512 _____ C:\Users\User\Documents\MBR.dat
2013-10-10 21:38 - 2013-10-10 21:38 - 04745728 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr.exe
2013-10-10 21:35 - 2013-10-10 21:35 - 00008556 _____ C:\Users\User\Desktop\JRT.txt
2013-10-10 21:32 - 2013-10-10 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 21:28 - 2013-10-10 21:29 - 01032220 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2013-10-10 21:15 - 2013-10-10 21:18 - 00000000 ____D C:\AdwCleaner
2013-10-10 21:14 - 2013-10-10 21:10 - 01048960 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-10-10 20:39 - 2013-10-10 20:39 - 00000000 ____D C:\_OTL
2013-10-09 21:32 - 2013-10-09 21:32 - 00106516 _____ C:\Users\User\Desktop\OTL 10-09-2013 at 930pm.Txt
2013-10-09 21:30 - 2013-10-10 22:44 - 00075680 _____ C:\Users\User\Desktop\Extras.Txt
2013-10-09 21:27 - 2013-10-10 22:44 - 00175878 _____ C:\Users\User\Desktop\OTL.Txt
2013-10-09 20:51 - 2013-10-09 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2013-10-09 07:30 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 07:30 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 07:30 - 2013-09-22 18:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 07:30 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 07:30 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 07:30 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 07:30 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 05:35 - 2013-09-13 19:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 05:35 - 2013-09-07 21:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 05:35 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 05:35 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 05:35 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 05:35 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 05:35 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 05:35 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 05:35 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 05:35 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 05:35 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 05:35 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 05:35 - 2013-08-28 20:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 05:35 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 05:35 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 05:35 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 05:35 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 05:35 - 2013-07-12 05:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 05:35 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 05:35 - 2013-07-12 05:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 05:35 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 05:35 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 05:35 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 05:35 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 05:35 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 05:35 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 05:35 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 05:35 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 05:34 - 2013-08-27 19:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 05:34 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 05:34 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 05:34 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 05:34 - 2013-07-04 04:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 05:34 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 05:24 - 2013-10-09 05:24 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-07 15:44 - 2013-10-07 15:47 - 00009457 _____ C:\Windows\wininit.ini
2013-10-07 05:23 - 2013-10-07 05:23 - 00000020 ___SH C:\Users\User\ntuser.ini
2013-10-06 20:26 - 2013-10-09 20:48 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
2013-10-06 20:26 - 2013-10-06 20:28 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
2013-10-06 20:25 - 2013-10-06 20:25 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-06 20:25 - 2013-10-06 20:25 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-10-06 20:25 - 2013-10-06 20:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-06 20:25 - 2013-10-06 20:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-06 20:22 - 2013-10-06 20:23 - 27837368 _____ (SUPERAntiSpyware) C:\Users\User\Downloads\SUPERAntiSpyware.exe
2013-10-06 18:58 - 2013-10-06 20:11 - 00000160 _____ C:\VundoFix.txt
2013-10-06 18:58 - 2013-10-06 18:58 - 00000000 ____D C:\VundoFix Backups
2013-10-06 18:57 - 2013-10-06 18:57 - 00119808 _____ (Atribune.org) C:\Users\User\Downloads\VundoFix.exe
2013-10-06 17:26 - 2013-10-09 05:14 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-06 17:19 - 2013-10-06 17:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\3sf4ya79l1.exe
2013-10-06 17:15 - 2013-10-06 17:26 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:15 - 2013-10-06 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:10 - 2013-10-06 17:10 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup.exe
2013-10-06 15:52 - 2013-10-07 05:36 - 00004492 _____ C:\Users\User\Desktop\Rkill.txt
2013-10-06 15:51 - 2013-10-06 15:47 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore.exe
2013-10-05 23:43 - 2013-10-06 14:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 23:43 - 2013-10-05 23:56 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 23:43 - 2013-10-05 23:43 - 00001220 _____ C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2013-10-05 23:41 - 2013-07-04 15:57 - 16409960 _____ (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2013-09-23 18:10 - 2013-08-04 20:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-23 18:10 - 2013-08-01 20:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-23 18:10 - 2013-08-01 20:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-23 18:10 - 2013-08-01 20:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 19:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-23 18:10 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 18:10 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-23 18:10 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-23 18:10 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-10 22:52 - 2013-10-10 22:52 - 01087213 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2013-10-10 22:52 - 2013-10-10 22:52 - 00000000 ____D C:\FRST
2013-10-10 22:45 - 2013-10-10 22:45 - 00175878 _____ C:\Users\User\Desktop\OTL 10-10-2013 1045pm.Txt
2013-10-10 22:44 - 2013-10-09 21:30 - 00075680 _____ C:\Users\User\Desktop\Extras.Txt
2013-10-10 22:44 - 2013-10-09 21:27 - 00175878 _____ C:\Users\User\Desktop\OTL.Txt
2013-10-10 22:42 - 2012-09-25 20:58 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA.job
2013-10-10 22:18 - 2013-10-10 22:16 - 00157115 _____ C:\Users\User\Desktop\USER-PC.txt
2013-10-10 22:16 - 2013-10-10 22:14 - 00000941 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-10-10 22:16 - 2013-10-10 22:14 - 00000000 ____D C:\Program Files\Speccy
2013-10-10 22:12 - 2013-10-10 22:12 - 05552488 _____ (Piriform Ltd) C:\Users\User\Downloads\spsetup123.exe
2013-10-10 22:05 - 2013-10-10 22:05 - 00001543 _____ C:\Users\User\Desktop\aswMBR 10-10-2013 10pm.txt
2013-10-10 22:05 - 2013-10-10 22:05 - 00000512 _____ C:\Users\User\Documents\MBR.dat
2013-10-10 21:38 - 2013-10-10 21:38 - 04745728 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr.exe
2013-10-10 21:35 - 2013-10-10 21:35 - 00008556 _____ C:\Users\User\Desktop\JRT.txt
2013-10-10 21:32 - 2013-10-10 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 21:29 - 2013-10-10 21:28 - 01032220 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2013-10-10 21:29 - 2009-07-13 23:34 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 21:29 - 2009-07-13 23:34 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 21:27 - 2011-10-05 02:49 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 21:25 - 2012-08-28 06:59 - 01953178 _____ C:\Windows\WindowsUpdate.log
2013-10-10 21:22 - 2012-08-28 07:08 - 00018224 _____ C:\Windows\setupact.log
2013-10-10 21:22 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 21:22 - 2009-07-13 23:33 - 03765888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 21:18 - 2013-10-10 21:15 - 00000000 ____D C:\AdwCleaner
2013-10-10 21:10 - 2013-10-10 21:14 - 01048960 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-10-10 20:39 - 2013-10-10 20:39 - 00000000 ____D C:\_OTL
2013-10-09 23:33 - 2011-10-05 04:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 21:32 - 2013-10-09 21:32 - 00106516 _____ C:\Users\User\Desktop\OTL 10-09-2013 at 930pm.Txt
2013-10-09 20:48 - 2013-10-06 20:26 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
2013-10-09 20:47 - 2013-10-09 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2013-10-09 16:41 - 2012-09-25 20:58 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core.job
2013-10-09 16:35 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-09 15:59 - 2012-09-06 06:54 - 00033854 _____ C:\Windows\PFRO.log
2013-10-09 07:37 - 2013-08-20 22:37 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 07:33 - 2011-10-05 03:26 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 07:32 - 2012-01-17 10:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 05:24 - 2013-10-09 05:24 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-09 05:24 - 2012-01-01 23:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-09 05:23 - 2012-01-01 23:52 - 00000000 ____D C:\Program Files\Adobe
2013-10-09 05:22 - 2012-08-28 15:11 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-10-09 05:14 - 2013-10-06 17:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-07 15:47 - 2013-10-07 15:44 - 00009457 _____ C:\Windows\wininit.ini
2013-10-07 05:36 - 2013-10-06 15:52 - 00004492 _____ C:\Users\User\Desktop\Rkill.txt
2013-10-07 05:23 - 2013-10-07 05:23 - 00000020 ___SH C:\Users\User\ntuser.ini
2013-10-06 20:28 - 2013-10-06 20:26 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
2013-10-06 20:25 - 2013-10-06 20:25 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-06 20:25 - 2013-10-06 20:25 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-10-06 20:25 - 2013-10-06 20:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-06 20:25 - 2013-10-06 20:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-06 20:23 - 2013-10-06 20:22 - 27837368 _____ (SUPERAntiSpyware) C:\Users\User\Downloads\SUPERAntiSpyware.exe
2013-10-06 20:11 - 2013-10-06 18:58 - 00000160 _____ C:\VundoFix.txt
2013-10-06 18:58 - 2013-10-06 18:58 - 00000000 ____D C:\VundoFix Backups
2013-10-06 18:57 - 2013-10-06 18:57 - 00119808 _____ (Atribune.org) C:\Users\User\Downloads\VundoFix.exe
2013-10-06 17:26 - 2013-10-06 17:15 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:26 - 2013-10-06 17:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-10-06 17:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\3sf4ya79l1.exe
2013-10-06 17:10 - 2013-10-06 17:10 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup.exe
2013-10-06 15:47 - 2013-10-06 15:51 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore.exe
2013-10-06 14:04 - 2013-10-05 23:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 23:56 - 2013-10-05 23:43 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 23:43 - 2013-10-05 23:43 - 00001220 _____ C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2013-10-05 22:13 - 2012-01-02 16:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-10-05 22:07 - 2012-09-25 21:00 - 00002362 _____ C:\Users\User\Desktop\Google Chrome.lnk
2013-09-22 18:28 - 2013-10-09 07:30 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 18:28 - 2013-10-09 07:30 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 18:28 - 2013-10-09 07:30 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 18:27 - 2013-10-09 07:30 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 18:27 - 2013-10-09 07:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-20 22:30 - 2013-10-09 07:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-20 21:39 - 2013-10-09 07:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 19:48 - 2013-10-09 05:35 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 18:34

==================== End Of Log ============================













Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by User at 2013-10-10 22:53:49
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Age of Conan: Unchained
Amnesia - The Dark Descent (Version: 1.0.0)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.138)
ArcSoft WebCam Companion 3 (Version: 3.0.45.413)
Ashampoo Burning Studio 10.0.3 (Version: 10.0.3)
Bing Bar (Version: 7.0.619.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
CyberLink PowerDVD 10 (Version: 10.0.2429.51)
D3DX10 (Version: 15.4.2368.0902)
Debut Video Capture Software
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Event Manager (Version: 2.50.0000)
EPSON NX330 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.5.00)
File Type Assistant
Flash Player Pro V5.4
Free File Viewer 2012
Glary Utilities Pro 2.29.0.1032
Gold Miner Vegas Free Trial
Google Chrome (HKCU Version: 30.0.1599.69)
HP Webcam User's Guide
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.3.0.9)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (Version: 5.02.0011)
LogMeIn Hamachi (Version: 2.1.0.210)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
ManyCam 3.0.68 (remove only) (Version: 3.0.68)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Recent Documents Gadget (Version: 12.0.4518.1027)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MixPad Audio Mixer
MSVCRT (Version: 15.4.2862.0708)
On Screen Display (Version: 6.61.00)
PDF Settings CS5 (Version: 10.0)
Pokki (HKCU Version: 0.263.13.325)
Power Manager (Version: 6.32)
PowerISO (Version: 5.2)
RealPlayer
Skype Click to Call (Version: 6.2.10687)
Skype™ 6.3 (Version: 6.3.107)
Speccy (Version: 1.23)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1040)
The Sims™ 3 (Version: 1.17.60)
The Sims™ 3 Late Night (Version: 6.0.81)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem (Version: 7.62.00)
ThinkPad Power Management Driver (Version: 1.43)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Active Protection System (Version: 1.77.0.5)
ThinkVantage Fingerprint Software (Version: 5.9.4.6882)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 Digital Camera (Version: 1.8.0807.01)
VideoPad Video Editor
WeatherBug (Version: 7.0.0.7)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Wizard101 (Version: 1.0.0)
World of Warcraft (Version: 4.3.3.15354)

==================== Restore Points =========================

06-10-2013 11:19:17 Windows Update
07-10-2013 03:40:09 Windows Update
09-10-2013 10:35:57 Windows Update
09-10-2013 21:53:06 Windows Update
10-10-2013 02:52:12 Windows Update
11-10-2013 03:24:16 OTL Restore Point - 10/10/2013 10:24:11 PM

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {067E6DAE-87EF-41A7-A236-067CCA4E93C8} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {540153DE-58E3-44B2-AA86-F64644AF4DCF} - System32\Tasks\PMTask => C:\PROGRA~1\ThinkPad\UTILIT~1\PwmIdTsv.exe [2012-05-16] (Lenovo Group Limited)
Task: {55361876-193C-4997-9275-113330144806} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {5BA660B0-20AB-4179-9059-DE3EC8F0F703} - System32\Tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {5DA04740-E73C-490D-AF7A-B5F800BB7BFF} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {8F41BE1A-1DA8-482F-89A2-1528DB3E2AC4} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2010-10-14] (Glarysoft Ltd)
Task: {A9DF2391-BF53-4645-BA6E-BCC111D92F40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7532855-DD95-4AB8-810A-2BAD749B69F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {F64A2A4C-CF97-44B0-A519-A54C7757D7E2} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2012-08-10] (Trusted Software ApS)
Task: {FB73E66F-3080-4284-86A0-8EE7AFB758F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: C:\Windows\Tasks\0.job => c:\program files\internet explorer\iexplore.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-10-05 22:06 - 2013-10-03 01:03 - 04055504 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-05 22:06 - 2013-10-03 01:03 - 00415184 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-05 22:05 - 2013-10-03 01:02 - 01604560 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-10-05 22:06 - 2013-10-03 01:03 - 13611984 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:100CB1DD

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19978944.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19978944.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/10/2013 09:53:23 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/10/2013 09:52:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.


Microsoft Office Sessions:
=========================
Error: (10/08/2012 09:14:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 202719 seconds with 6300 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-08-12 19:33:13.337
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 21:40:59.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 21:33:41.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 21:02:36.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 20:38:37.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 19:45:49.159
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 19:43:21.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 19:38:09.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 19:29:55.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-11 19:21:39.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3070.43 MB
Available physical RAM: 1662.93 MB
Total Pagefile: 6139.15 MB
Available Pagefile: 4687.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:93.29 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 7447047B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#10
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
ComboFix log:



ComboFix 13-10-09.01 - User 10/10/2013 23:02:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1848 [GMT -5:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Adobe\gccheck.exe
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\Documents\~WRL2716.tmp
c:\users\User\Documents\~WRL2765.tmp
c:\users\User\Documents\~WRL2877.tmp
c:\users\User\Documents\ppt5EAF.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))
.
.
2013-10-11 04:10 . 2013-10-11 04:10 -------- d-----w- c:\users\User\AppData\Local\temp
2013-10-11 04:10 . 2013-10-11 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-11 03:52 . 2013-10-11 03:52 -------- d-----w- C:\FRST
2013-10-11 03:14 . 2013-10-11 03:16 -------- d-----w- c:\program files\Speccy
2013-10-11 02:32 . 2013-10-11 02:32 -------- d-----w- c:\windows\ERUNT
2013-10-11 02:24 . 2013-09-05 03:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C35FF694-F6D3-4763-80DF-B4667076B224}\mpengine.dll
2013-10-11 02:15 . 2013-10-11 02:18 -------- d-----w- C:\AdwCleaner
2013-10-11 01:39 . 2013-10-11 01:39 -------- d-----w- C:\_OTL
2013-10-09 10:35 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-09 10:34 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-09 10:34 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 10:34 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-09 10:34 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-09 10:34 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 10:34 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 01:25 . 2013-10-07 01:25 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-10-07 01:25 . 2013-10-07 01:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-07 01:25 . 2013-10-07 01:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-06 23:58 . 2013-10-06 23:58 -------- d-----w- C:\VundoFix Backups
2013-10-06 22:26 . 2013-10-09 10:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-06 22:15 . 2013-10-06 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-06 22:15 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-06 04:43 . 2013-10-06 19:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-06 04:43 . 2013-10-06 04:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-10-06 03:00 . 2013-10-06 03:00 -------- d-----w- c:\users\User\AppData\Local\Programs
2013-10-06 02:58 . 2013-10-06 02:57 718712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B36D093-D721-4DE6-B1A8-C1D0D11695BF}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-09 08:52 . 2013-01-28 02:21 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-09-09 08:52 . 2013-01-28 02:21 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-09-09 08:52 . 2013-01-28 02:21 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-09-09 08:52 . 2012-12-31 04:55 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-09 08:52 . 2011-06-11 07:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-28 16:00 . 2013-07-28 16:00 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-28 16:00 . 2013-07-28 16:00 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-28 16:00 . 2013-07-28 16:00 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-28 16:00 . 2013-07-28 16:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-28 16:00 . 2013-07-28 16:00 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-28 16:00 . 2013-07-28 16:00 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-28 16:00 . 2013-07-28 16:00 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-28 16:00 . 2013-07-28 16:00 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-28 16:00 . 2013-07-28 16:00 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-28 16:00 . 2013-07-28 16:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-28 16:00 . 2013-07-28 16:00 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-28 16:00 . 2013-07-28 16:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-28 16:00 . 2013-07-28 16:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-28 16:00 . 2013-07-28 16:00 361984 ----a-w- c:\windows\system32\html.iec
2013-07-28 16:00 . 2013-07-28 16:00 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-28 16:00 . 2013-07-28 16:00 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-28 16:00 . 2013-07-28 16:00 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-28 15:57 . 2013-07-28 15:57 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-28 15:57 . 2013-07-28 15:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-28 15:57 . 2013-07-28 15:57 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-28 15:57 . 2013-07-28 15:57 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-28 15:57 . 2013-07-28 15:57 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-28 15:57 . 2013-07-28 15:57 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-28 15:57 . 2013-07-28 15:57 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-28 15:57 . 2013-07-28 15:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-28 15:57 . 2013-07-28 15:57 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-28 15:57 . 2013-07-28 15:57 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-28 15:57 . 2013-07-28 15:57 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-28 15:57 . 2013-07-28 15:57 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-28 15:57 . 2013-07-28 15:57 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-28 15:57 . 2013-07-28 15:57 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-28 15:57 . 2013-07-28 15:57 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-28 15:57 . 2013-07-28 15:57 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-25 08:57 . 2013-08-14 04:45 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 04:44 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"331BigDog"="c:\windows\VM331_STI.EXE" [2007-08-09 192512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-05-16 4395104]
"TpShocks"="TpShocks.exe" [2012-06-21 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2010-10-12 18:56 979328 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus NX330(Network)]
2011-01-20 18:01 212480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIHAA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 19:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 02:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 17:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2012-04-20 11:46 2099064 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2010-12-08 16:04 55120 ----a-w- c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-05-31 04:10 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-09 22:14 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-10-02 19:54 5706480 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-10-29 21:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-05-09 161384]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-05-16 280640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-09 40776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vm331avs;iCM10 USB 2.0 Camera;c:\windows\system32\Drivers\vm331avs.sys [2009-03-18 991872]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1343400]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-05-16 25416]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/05 05:17];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-12-29 15:26 87536]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 521600]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - CPUZ136
*Deregistered* - aswMBR
*Deregistered* - cpuz136
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\0.job
- c:\program files\internet explorer\iexplore.exe [2013-10-09 23:54]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 01:58]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033630711-3411533705-1815766804-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 01:58]
.
2013-10-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7e59eb7e-1320-4d40-aac4-0ddf630a1d73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-10-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8b7dfd03-ad88-4b20-882a-59562f0d8b0b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-19978944.sys
MSConfigStartUp-24x7HELP - c:\program files\24x7Help\App24x7Help.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Pokki - c:\users\User\AppData\Local\Pokki\v0.259\pokki.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2013-10-10 23:12:26
ComboFix-quarantined-files.txt 2013-10-11 04:12
.
Pre-Run: 100,047,679,488 bytes free
Post-Run: 99,966,464,000 bytes free
.
- - End Of File - - 30C059C36953D9657BC40EBF25DBFB7A
A36C5E4F47E84449FF07ED3517B43A31
  • 0

Advertisements


#11
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
TDS logs attached

Attached Files


  • 0

#12
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
going to be for sure now, will run malwarebytes now as I sleep.
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Run TDSSKiller again as you did the last time but this time change it from Skip to Delete for the TDSS File System entries:

23:21:52.0986 3872 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:21:52.0986 3872 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that


This is another one to run while you sleep:


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
(They have started foisting Chrome and the Google toolbar on you so uncheck them before downloading.)


Uninstall Microsoft Security Essentials
See: http://support.micro....com/kb/2435760 if you have trouble uninstalling MSE

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free "Basic" version is what we want.)

Once you have it installed and updated (preferably when you sleep or maybe while at work):


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
  • 0

#14
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
New TDS log:

17:14:29.0036 4980 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:14:33.0092 4980 ============================================================
17:14:33.0092 4980 Current date / time: 2013/10/11 17:14:33.0076
17:14:33.0092 4980 SystemInfo:
17:14:33.0092 4980
17:14:33.0092 4980 OS Version: 6.1.7601 ServicePack: 1.0
17:14:33.0092 4980 Product type: Workstation
17:14:33.0092 4980 ComputerName: USER-PC
17:14:33.0092 4980 UserName: User
17:14:33.0092 4980 Windows directory: C:\Windows
17:14:33.0092 4980 System windows directory: C:\Windows
17:14:33.0092 4980 Processor architecture: Intel x86
17:14:33.0092 4980 Number of processors: 2
17:14:33.0092 4980 Page size: 0x1000
17:14:33.0092 4980 Boot type: Normal boot
17:14:33.0092 4980 ============================================================
17:14:36.0166 4980 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
17:14:36.0166 4980 ============================================================
17:14:36.0166 4980 \Device\Harddisk0\DR0:
17:14:36.0166 4980 MBR partitions:
17:14:36.0166 4980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:14:36.0166 4980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
17:14:36.0166 4980 ============================================================
17:14:36.0197 4980 C: <-> \Device\Harddisk0\DR0\Partition2
17:14:36.0213 4980 E: <-> \Device\Harddisk0\DR0\Partition1
17:14:36.0213 4980 ============================================================
17:14:36.0213 4980 Initialize success
17:14:36.0213 4980 ============================================================
17:15:07.0447 4576 ============================================================
17:15:07.0447 4576 Scan started
17:15:07.0447 4576 Mode: Manual; SigCheck; TDLFS;
17:15:07.0447 4576 ============================================================
17:15:07.0752 4576 ================ Scan system memory ========================
17:15:07.0752 4576 System memory - ok
17:15:07.0753 4576 ================ Scan services =============================
17:15:08.0031 4576 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:15:08.0508 4576 !SASCORE - ok
17:15:08.0787 4576 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:15:08.0851 4576 1394ohci - ok
17:15:09.0021 4576 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:15:09.0059 4576 ACDaemon - ok
17:15:09.0138 4576 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:15:09.0167 4576 ACPI - ok
17:15:09.0234 4576 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:15:09.0291 4576 AcpiPmi - ok
17:15:09.0373 4576 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
17:15:09.0447 4576 ADIHdAudAddService - ok
17:15:09.0542 4576 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:15:09.0571 4576 AdobeARMservice - ok
17:15:09.0750 4576 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:15:09.0789 4576 adp94xx - ok
17:15:09.0815 4576 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:15:09.0838 4576 adpahci - ok
17:15:09.0862 4576 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:15:09.0882 4576 adpu320 - ok
17:15:09.0952 4576 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
17:15:09.0987 4576 AEADIFilters - ok
17:15:10.0027 4576 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:15:10.0076 4576 AeLookupSvc - ok
17:15:10.0145 4576 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
17:15:10.0183 4576 AFD - ok
17:15:10.0220 4576 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:15:10.0237 4576 agp440 - ok
17:15:10.0305 4576 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:15:10.0322 4576 aic78xx - ok
17:15:10.0434 4576 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:15:10.0513 4576 ALG - ok
17:15:10.0582 4576 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:15:10.0617 4576 aliide - ok
17:15:10.0670 4576 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:15:10.0697 4576 amdagp - ok
17:15:10.0802 4576 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:15:10.0825 4576 amdide - ok
17:15:10.0876 4576 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:15:10.0924 4576 AmdK8 - ok
17:15:10.0947 4576 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:15:10.0987 4576 AmdPPM - ok
17:15:11.0037 4576 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:15:11.0055 4576 amdsata - ok
17:15:11.0112 4576 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:15:11.0133 4576 amdsbs - ok
17:15:11.0166 4576 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:15:11.0181 4576 amdxata - ok
17:15:11.0267 4576 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:15:11.0357 4576 AppID - ok
17:15:11.0401 4576 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:15:11.0460 4576 AppIDSvc - ok
17:15:11.0503 4576 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
17:15:11.0553 4576 Appinfo - ok
17:15:11.0702 4576 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:15:11.0723 4576 Apple Mobile Device - ok
17:15:11.0817 4576 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:15:11.0841 4576 arc - ok
17:15:11.0858 4576 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:15:11.0876 4576 arcsas - ok
17:15:11.0951 4576 [ DFD07F0A36BD4F7E7AD2BC5548213694 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:15:11.0973 4576 ArcSoftKsUFilter - ok
17:15:12.0015 4576 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:15:12.0075 4576 AsyncMac - ok
17:15:12.0134 4576 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:15:12.0161 4576 atapi - ok
17:15:12.0208 4576 [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:15:12.0282 4576 Ati External Event Utility - ok
17:15:12.0441 4576 [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:15:12.0665 4576 atikmdag - ok
17:15:12.0756 4576 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:15:12.0810 4576 AudioEndpointBuilder - ok
17:15:12.0822 4576 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:15:12.0864 4576 Audiosrv - ok
17:15:12.0931 4576 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:15:12.0973 4576 AxInstSV - ok
17:15:13.0051 4576 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:15:13.0103 4576 b06bdrv - ok
17:15:13.0156 4576 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:15:13.0192 4576 b57nd60x - ok
17:15:13.0307 4576 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:15:13.0337 4576 BBSvc - ok
17:15:13.0433 4576 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:15:13.0475 4576 BDESVC - ok
17:15:13.0511 4576 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:15:13.0565 4576 Beep - ok
17:15:13.0618 4576 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:15:13.0680 4576 BFE - ok
17:15:13.0724 4576 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
17:15:13.0772 4576 BITS - ok
17:15:13.0817 4576 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:15:13.0905 4576 blbdrive - ok
17:15:14.0018 4576 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:15:14.0052 4576 Bonjour Service - ok
17:15:14.0107 4576 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:15:14.0159 4576 bowser - ok
17:15:14.0204 4576 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:15:14.0245 4576 BrFiltLo - ok
17:15:14.0278 4576 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:15:14.0329 4576 BrFiltUp - ok
17:15:14.0373 4576 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:15:14.0454 4576 BridgeMP - ok
17:15:14.0501 4576 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:15:14.0558 4576 Browser - ok
17:15:14.0612 4576 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:15:14.0650 4576 Brserid - ok
17:15:14.0673 4576 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:14.0712 4576 BrSerWdm - ok
17:15:14.0743 4576 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:14.0797 4576 BrUsbMdm - ok
17:15:14.0831 4576 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:14.0869 4576 BrUsbSer - ok
17:15:14.0895 4576 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:15:14.0949 4576 BTHMODEM - ok
17:15:15.0002 4576 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:15:15.0058 4576 bthserv - ok
17:15:15.0241 4576 catchme - ok
17:15:15.0289 4576 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:15:15.0377 4576 cdfs - ok
17:15:15.0537 4576 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:15:15.0618 4576 cdrom - ok
17:15:15.0686 4576 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:15:15.0740 4576 CertPropSvc - ok
17:15:15.0774 4576 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:15:15.0794 4576 circlass - ok
17:15:15.0836 4576 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:15:15.0858 4576 CLFS - ok
17:15:15.0950 4576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:15.0975 4576 clr_optimization_v2.0.50727_32 - ok
17:15:16.0067 4576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:16.0092 4576 clr_optimization_v4.0.30319_32 - ok
17:15:16.0109 4576 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:15:16.0142 4576 CmBatt - ok
17:15:16.0195 4576 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:15:16.0211 4576 cmdide - ok
17:15:16.0260 4576 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:15:16.0294 4576 CNG - ok
17:15:16.0345 4576 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:15:16.0360 4576 Compbatt - ok
17:15:16.0423 4576 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:15:16.0486 4576 CompositeBus - ok
17:15:16.0495 4576 COMSysApp - ok
17:15:16.0526 4576 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:15:16.0542 4576 crcdisk - ok
17:15:16.0613 4576 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:15:16.0652 4576 CryptSvc - ok
17:15:16.0705 4576 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:15:16.0774 4576 DcomLaunch - ok
17:15:16.0844 4576 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:15:16.0918 4576 defragsvc - ok
17:15:16.0974 4576 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:15:17.0061 4576 DfsC - ok
17:15:17.0117 4576 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:15:17.0158 4576 Dhcp - ok
17:15:17.0194 4576 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:15:17.0277 4576 discache - ok
17:15:17.0326 4576 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:15:17.0343 4576 Disk - ok
17:15:17.0369 4576 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:15:17.0409 4576 Dnscache - ok
17:15:17.0452 4576 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:15:17.0512 4576 dot3svc - ok
17:15:17.0574 4576 [ 3C2FEC38D9D825C69C29FE5EB7339CB5 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
17:15:17.0589 4576 DozeHDD - ok
17:15:17.0693 4576 [ A318DF063DF2BC2C5F81644997068631 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
17:15:17.0722 4576 DozeSvc - ok
17:15:17.0759 4576 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:15:17.0821 4576 DPS - ok
17:15:17.0860 4576 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:15:17.0880 4576 drmkaud - ok
17:15:17.0974 4576 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:15:18.0015 4576 DXGKrnl - ok
17:15:18.0088 4576 [ 3DB2E2C118A2107D11421F800A90F48C ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
17:15:18.0105 4576 e1express - ok
17:15:18.0145 4576 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:15:18.0212 4576 EapHost - ok
17:15:18.0335 4576 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:15:18.0439 4576 ebdrv - ok
17:15:18.0473 4576 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:15:18.0514 4576 EFS - ok
17:15:18.0597 4576 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:15:18.0630 4576 ehRecvr - ok
17:15:18.0658 4576 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:15:18.0677 4576 ehSched - ok
17:15:18.0737 4576 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:15:18.0774 4576 elxstor - ok
17:15:18.0867 4576 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
17:15:18.0896 4576 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
17:15:18.0896 4576 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
17:15:18.0975 4576 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
17:15:19.0006 4576 EpsonCustomerParticipation - ok
17:15:19.0043 4576 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:15:19.0060 4576 ErrDev - ok
17:15:19.0141 4576 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:15:19.0201 4576 EventSystem - ok
17:15:19.0229 4576 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:15:19.0290 4576 exfat - ok
17:15:19.0333 4576 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:15:19.0425 4576 fastfat - ok
17:15:19.0482 4576 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:15:19.0543 4576 Fax - ok
17:15:19.0568 4576 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:15:19.0586 4576 fdc - ok
17:15:19.0624 4576 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:15:19.0727 4576 fdPHost - ok
17:15:19.0758 4576 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:15:19.0822 4576 FDResPub - ok
17:15:19.0857 4576 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:15:19.0873 4576 FileInfo - ok
17:15:19.0888 4576 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:15:19.0925 4576 Filetrace - ok
17:15:19.0932 4576 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:15:19.0973 4576 flpydisk - ok
17:15:20.0012 4576 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:15:20.0033 4576 FltMgr - ok
17:15:20.0135 4576 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
17:15:20.0218 4576 FontCache - ok
17:15:20.0305 4576 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:15:20.0327 4576 FontCache3.0.0.0 - ok
17:15:20.0350 4576 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:15:20.0368 4576 FsDepends - ok
17:15:20.0454 4576 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:15:20.0476 4576 fssfltr - ok
17:15:20.0678 4576 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:15:20.0741 4576 fsssvc - ok
17:15:20.0810 4576 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:15:20.0835 4576 Fs_Rec - ok
17:15:20.0926 4576 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:15:20.0960 4576 fvevol - ok
17:15:21.0003 4576 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:15:21.0021 4576 gagp30kx - ok
17:15:21.0049 4576 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:15:21.0060 4576 GEARAspiWDM - ok
17:15:21.0103 4576 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:15:21.0173 4576 gpsvc - ok
17:15:21.0234 4576 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:15:21.0255 4576 hamachi - ok
17:15:21.0417 4576 [ F31D7F8A7699575DBB3B3A3AB4AA6216 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:15:21.0480 4576 Hamachi2Svc - ok
17:15:21.0504 4576 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:15:21.0538 4576 hcw85cir - ok
17:15:21.0604 4576 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:15:21.0669 4576 HdAudAddService - ok
17:15:21.0704 4576 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:15:21.0746 4576 HDAudBus - ok
17:15:21.0752 4576 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:15:21.0780 4576 HidBatt - ok
17:15:21.0810 4576 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:15:21.0847 4576 HidBth - ok
17:15:21.0870 4576 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:15:21.0914 4576 HidIr - ok
17:15:21.0962 4576 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:15:22.0042 4576 hidserv - ok
17:15:22.0117 4576 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:15:22.0193 4576 HidUsb - ok
17:15:22.0231 4576 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:15:22.0269 4576 hkmsvc - ok
17:15:22.0317 4576 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:15:22.0338 4576 HomeGroupListener - ok
17:15:22.0371 4576 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:15:22.0419 4576 HomeGroupProvider - ok
17:15:22.0459 4576 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:15:22.0476 4576 HpSAMD - ok
17:15:22.0571 4576 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:15:22.0615 4576 HSF_DPV - ok
17:15:22.0633 4576 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:15:22.0651 4576 HSXHWAZL - ok
17:15:22.0730 4576 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:15:22.0795 4576 HTTP - ok
17:15:22.0812 4576 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:15:22.0828 4576 hwpolicy - ok
17:15:22.0890 4576 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:15:22.0936 4576 i8042prt - ok
17:15:22.0991 4576 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:15:23.0022 4576 iaStor - ok
17:15:23.0077 4576 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:15:23.0102 4576 iaStorV - ok
17:15:23.0166 4576 [ BF648877413F6160E480814A24942B65 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
17:15:23.0190 4576 IBMPMDRV - ok
17:15:23.0209 4576 [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
17:15:23.0221 4576 IBMPMSVC - ok
17:15:23.0314 4576 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:15:23.0362 4576 idsvc - ok
17:15:23.0410 4576 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:15:23.0427 4576 iirsp - ok
17:15:23.0544 4576 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:15:23.0632 4576 IKEEXT - ok
17:15:23.0677 4576 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:15:23.0704 4576 intelide - ok
17:15:23.0765 4576 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:15:23.0813 4576 intelppm - ok
17:15:23.0873 4576 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:15:23.0985 4576 IPBusEnum - ok
17:15:24.0012 4576 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:24.0051 4576 IpFilterDriver - ok
17:15:24.0122 4576 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:15:24.0166 4576 iphlpsvc - ok
17:15:24.0216 4576 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:15:24.0268 4576 IPMIDRV - ok
17:15:24.0304 4576 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:15:24.0359 4576 IPNAT - ok
17:15:24.0435 4576 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:15:24.0470 4576 iPod Service - ok
17:15:24.0486 4576 [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda C:\Windows\system32\DRIVERS\irda.sys
17:15:24.0548 4576 irda - ok
17:15:24.0597 4576 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:15:24.0643 4576 IRENUM - ok
17:15:24.0688 4576 [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon C:\Windows\System32\irmon.dll
17:15:24.0732 4576 Irmon - ok
17:15:24.0776 4576 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:15:24.0793 4576 isapnp - ok
17:15:24.0830 4576 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:15:24.0852 4576 iScsiPrt - ok
17:15:24.0908 4576 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:24.0937 4576 kbdclass - ok
17:15:24.0985 4576 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:25.0028 4576 kbdhid - ok
17:15:25.0062 4576 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:15:25.0080 4576 KeyIso - ok
17:15:25.0126 4576 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:15:25.0152 4576 KSecDD - ok
17:15:25.0169 4576 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:15:25.0187 4576 KSecPkg - ok
17:15:25.0214 4576 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:15:25.0283 4576 KtmRm - ok
17:15:25.0309 4576 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
17:15:25.0349 4576 LanmanServer - ok
17:15:25.0392 4576 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:15:25.0432 4576 LanmanWorkstation - ok
17:15:25.0542 4576 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
17:15:25.0567 4576 LENOVO.MICMUTE - ok
17:15:25.0627 4576 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
17:15:25.0649 4576 lenovo.smi - ok
17:15:25.0672 4576 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
17:15:25.0685 4576 Lenovo.VIRTSCRLSVC - ok
17:15:25.0743 4576 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:15:25.0820 4576 lltdio - ok
17:15:25.0899 4576 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:15:25.0979 4576 lltdsvc - ok
17:15:26.0000 4576 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:15:26.0062 4576 lmhosts - ok
17:15:26.0124 4576 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:15:26.0143 4576 LSI_FC - ok
17:15:26.0161 4576 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:15:26.0182 4576 LSI_SAS - ok
17:15:26.0213 4576 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:15:26.0231 4576 LSI_SAS2 - ok
17:15:26.0253 4576 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:15:26.0271 4576 LSI_SCSI - ok
17:15:26.0317 4576 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:15:26.0394 4576 luafv - ok
17:15:26.0456 4576 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
17:15:26.0492 4576 ManyCam - ok
17:15:26.0576 4576 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:15:26.0592 4576 MBAMProtector - ok
17:15:26.0720 4576 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:15:26.0754 4576 MBAMScheduler - ok
17:15:26.0788 4576 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:15:26.0821 4576 MBAMService - ok
17:15:26.0891 4576 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
17:15:26.0938 4576 mcaudrv_simple - ok
17:15:26.0987 4576 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:15:27.0019 4576 Mcx2Svc - ok
17:15:27.0100 4576 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:15:27.0123 4576 mdmxsdk - ok
17:15:27.0157 4576 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:15:27.0174 4576 megasas - ok
17:15:27.0229 4576 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:15:27.0251 4576 MegaSR - ok
17:15:27.0347 4576 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:15:27.0371 4576 Microsoft Office Groove Audit Service - ok
17:15:27.0406 4576 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:15:27.0470 4576 MMCSS - ok
17:15:27.0500 4576 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:15:27.0560 4576 Modem - ok
17:15:27.0601 4576 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:15:27.0653 4576 monitor - ok
17:15:27.0686 4576 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:15:27.0702 4576 mouclass - ok
17:15:27.0785 4576 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:15:27.0841 4576 mouhid - ok
17:15:27.0882 4576 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:15:27.0899 4576 mountmgr - ok
17:15:27.0987 4576 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:15:28.0021 4576 MpFilter - ok
17:15:28.0050 4576 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:15:28.0071 4576 mpio - ok
17:15:28.0232 4576 [ A69630D039C38018689190234F866D77 ] MpKsl78321d40 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13F2F8C9-3CCF-4EA1-ABCD-55F6D4EF7D29}\MpKsl78321d40.sys
17:15:28.0247 4576 MpKsl78321d40 - ok
17:15:28.0297 4576 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:15:28.0370 4576 mpsdrv - ok
17:15:28.0437 4576 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:15:28.0517 4576 MpsSvc - ok
17:15:28.0568 4576 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:15:28.0637 4576 MRxDAV - ok
17:15:28.0695 4576 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:28.0744 4576 mrxsmb - ok
17:15:28.0780 4576 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:28.0801 4576 mrxsmb10 - ok
17:15:28.0836 4576 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:28.0902 4576 mrxsmb20 - ok
17:15:28.0950 4576 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:15:28.0973 4576 msahci - ok
17:15:29.0021 4576 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:15:29.0052 4576 msdsm - ok
17:15:29.0078 4576 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:15:29.0122 4576 MSDTC - ok
17:15:29.0170 4576 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:15:29.0207 4576 Msfs - ok
17:15:29.0220 4576 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:15:29.0278 4576 mshidkmdf - ok
17:15:29.0324 4576 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:15:29.0351 4576 msisadrv - ok
17:15:29.0432 4576 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:15:29.0512 4576 MSiSCSI - ok
17:15:29.0517 4576 msiserver - ok
17:15:29.0553 4576 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:15:29.0592 4576 MSKSSRV - ok
17:15:29.0679 4576 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:15:29.0710 4576 MsMpSvc - ok
17:15:29.0723 4576 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:29.0777 4576 MSPCLOCK - ok
17:15:29.0813 4576 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:15:29.0872 4576 MSPQM - ok
17:15:29.0897 4576 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:15:29.0917 4576 MsRPC - ok
17:15:29.0966 4576 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:15:29.0982 4576 mssmbios - ok
17:15:30.0031 4576 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:15:30.0069 4576 MSTEE - ok
17:15:30.0081 4576 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:15:30.0098 4576 MTConfig - ok
17:15:30.0114 4576 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:15:30.0131 4576 Mup - ok
17:15:30.0185 4576 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:15:30.0267 4576 napagent - ok
17:15:30.0334 4576 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:15:30.0360 4576 NativeWifiP - ok
17:15:30.0440 4576 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:15:30.0478 4576 NDIS - ok
17:15:30.0506 4576 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:30.0566 4576 NdisCap - ok
17:15:30.0590 4576 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:30.0646 4576 NdisTapi - ok
17:15:30.0691 4576 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:30.0766 4576 Ndisuio - ok
17:15:30.0813 4576 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:30.0889 4576 NdisWan - ok
17:15:30.0913 4576 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:15:31.0026 4576 NDProxy - ok
17:15:31.0094 4576 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:15:31.0224 4576 NetBIOS - ok
17:15:31.0297 4576 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:15:31.0348 4576 NetBT - ok
17:15:31.0363 4576 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:15:31.0381 4576 Netlogon - ok
17:15:31.0445 4576 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:15:31.0487 4576 Netman - ok
17:15:31.0525 4576 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:15:31.0590 4576 netprofm - ok
17:15:31.0636 4576 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:15:31.0662 4576 NetTcpPortSharing - ok
17:15:31.0817 4576 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
17:15:31.0990 4576 netw5v32 - ok
17:15:32.0044 4576 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:15:32.0061 4576 nfrd960 - ok
17:15:32.0122 4576 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:15:32.0142 4576 NisDrv - ok
17:15:32.0217 4576 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:15:32.0242 4576 NisSrv - ok
17:15:32.0286 4576 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:15:32.0333 4576 NlaSvc - ok
17:15:32.0359 4576 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:15:32.0397 4576 Npfs - ok
17:15:32.0457 4576 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
17:15:32.0493 4576 NSCIRDA - ok
17:15:32.0529 4576 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:15:32.0581 4576 nsi - ok
17:15:32.0613 4576 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:15:32.0668 4576 nsiproxy - ok
17:15:32.0758 4576 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:15:32.0817 4576 Ntfs - ok
17:15:32.0836 4576 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:15:32.0873 4576 Null - ok
17:15:32.0910 4576 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:15:32.0928 4576 nvraid - ok
17:15:32.0955 4576 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:15:32.0975 4576 nvstor - ok
17:15:33.0014 4576 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:15:33.0033 4576 nv_agp - ok
17:15:33.0111 4576 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:15:33.0153 4576 odserv - ok
17:15:33.0171 4576 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:15:33.0206 4576 ohci1394 - ok
17:15:33.0268 4576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:33.0285 4576 ose - ok
17:15:33.0322 4576 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:15:33.0363 4576 p2pimsvc - ok
17:15:33.0416 4576 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:15:33.0448 4576 p2psvc - ok
17:15:33.0486 4576 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:15:33.0507 4576 Parport - ok
17:15:33.0570 4576 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:15:33.0585 4576 partmgr - ok
17:15:33.0601 4576 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:15:33.0617 4576 Parvdm - ok
17:15:33.0632 4576 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:15:33.0663 4576 PcaSvc - ok
17:15:33.0679 4576 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:15:33.0695 4576 pci - ok
17:15:33.0726 4576 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:15:33.0741 4576 pciide - ok
17:15:33.0773 4576 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:15:33.0788 4576 pcmcia - ok
17:15:33.0819 4576 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:15:33.0835 4576 pcw - ok
17:15:33.0897 4576 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:15:33.0960 4576 PEAUTH - ok
17:15:34.0053 4576 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:15:34.0147 4576 pla - ok
17:15:34.0209 4576 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:15:34.0256 4576 PlugPlay - ok
17:15:34.0303 4576 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:15:34.0350 4576 PNRPAutoReg - ok
17:15:34.0397 4576 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:15:34.0428 4576 PNRPsvc - ok
17:15:34.0475 4576 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:15:34.0521 4576 PolicyAgent - ok
17:15:34.0568 4576 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:15:34.0646 4576 Power - ok
17:15:34.0740 4576 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
17:15:34.0802 4576 Power Manager DBC Service - ok
17:15:34.0849 4576 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:15:34.0896 4576 PptpMiniport - ok
17:15:34.0911 4576 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:15:34.0958 4576 Processor - ok
17:15:35.0005 4576 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:15:35.0052 4576 ProfSvc - ok
17:15:35.0083 4576 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:15:35.0099 4576 ProtectedStorage - ok
17:15:35.0145 4576 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
17:15:35.0161 4576 psadd - ok
17:15:35.0223 4576 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:15:35.0255 4576 Psched - ok
17:15:35.0333 4576 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
17:15:35.0395 4576 PwmEWSvc - ok
17:15:35.0473 4576 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:15:35.0520 4576 ql2300 - ok
17:15:35.0551 4576 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:15:35.0567 4576 ql40xx - ok
17:15:35.0598 4576 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:15:35.0629 4576 QWAVE - ok
17:15:35.0660 4576 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:15:35.0676 4576 QWAVEdrv - ok
17:15:35.0707 4576 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:15:35.0754 4576 RasAcd - ok
17:15:35.0801 4576 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:35.0879 4576 RasAgileVpn - ok
17:15:35.0941 4576 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:15:35.0988 4576 RasAuto - ok
17:15:36.0035 4576 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:36.0191 4576 Rasl2tp - ok
17:15:36.0253 4576 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:15:36.0315 4576 RasMan - ok
17:15:36.0347 4576 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:36.0393 4576 RasPppoe - ok
17:15:36.0425 4576 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:15:36.0471 4576 RasSstp - ok
17:15:36.0534 4576 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:15:36.0627 4576 rdbss - ok
17:15:36.0643 4576 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:15:36.0659 4576 rdpbus - ok
17:15:36.0690 4576 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:36.0737 4576 RDPCDD - ok
17:15:36.0783 4576 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:15:36.0830 4576 RDPENCDD - ok
17:15:36.0893 4576 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:15:36.0939 4576 RDPREFMP - ok
17:15:36.0986 4576 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:15:37.0049 4576 RDPWD - ok
17:15:37.0095 4576 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:15:37.0111 4576 rdyboost - ok
17:15:37.0158 4576 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:15:37.0220 4576 RemoteAccess - ok
17:15:37.0251 4576 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:15:37.0314 4576 RemoteRegistry - ok
17:15:37.0361 4576 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:15:37.0423 4576 RpcEptMapper - ok
17:15:37.0485 4576 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:15:37.0532 4576 RpcLocator - ok
17:15:37.0579 4576 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
17:15:37.0626 4576 RpcSs - ok
17:15:37.0688 4576 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:15:37.0766 4576 rspndr - ok
17:15:37.0782 4576 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:15:37.0813 4576 SamSs - ok
17:15:37.0907 4576 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:15:37.0922 4576 SASDIFSV - ok
17:15:37.0985 4576 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:15:38.0000 4576 SASKUTIL - ok
17:15:38.0078 4576 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:15:38.0109 4576 sbp2port - ok
17:15:38.0125 4576 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:15:38.0172 4576 SCardSvr - ok
17:15:38.0250 4576 [ 90226947195699EEE8B1241627FE77CE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:15:38.0359 4576 SCDEmu - ok
17:15:38.0390 4576 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:15:38.0468 4576 scfilter - ok
17:15:38.0546 4576 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:15:38.0609 4576 Schedule - ok
17:15:38.0640 4576 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:15:38.0687 4576 SCPolicySvc - ok
17:15:38.0718 4576 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:15:38.0765 4576 SDRSVC - ok
17:15:38.0874 4576 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:15:38.0905 4576 SeaPort - ok
17:15:38.0967 4576 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:15:39.0014 4576 secdrv - ok
17:15:39.0061 4576 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:15:39.0123 4576 seclogon - ok
17:15:39.0170 4576 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:15:39.0233 4576 SENS - ok
17:15:39.0279 4576 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:15:39.0326 4576 SensrSvc - ok
17:15:39.0357 4576 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:15:39.0373 4576 Serenum - ok
17:15:39.0420 4576 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:15:39.0435 4576 Serial - ok
17:15:39.0482 4576 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:15:39.0513 4576 sermouse - ok
17:15:39.0576 4576 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:15:39.0607 4576 SessionEnv - ok
17:15:39.0638 4576 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:15:39.0701 4576 sffdisk - ok
17:15:39.0716 4576 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:15:39.0763 4576 sffp_mmc - ok
17:15:39.0794 4576 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:15:39.0810 4576 sffp_sd - ok
17:15:39.0841 4576 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:15:39.0903 4576 sfloppy - ok
17:15:39.0935 4576 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:15:39.0997 4576 SharedAccess - ok
17:15:40.0028 4576 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:15:40.0075 4576 ShellHWDetection - ok
17:15:40.0106 4576 [ E91FA3B0F15FADB90B1346A0FAABFFFB ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
17:15:40.0122 4576 Shockprf - ok
17:15:40.0184 4576 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:15:40.0215 4576 sisagp - ok
17:15:40.0262 4576 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:15:40.0278 4576 SiSRaid2 - ok
17:15:40.0309 4576 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:15:40.0325 4576 SiSRaid4 - ok
17:15:40.0543 4576 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:15:40.0637 4576 Skype C2C Service - ok
17:15:40.0746 4576 [ B23EC17A0CD78FAE8DE3BBB7DF228D7E ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:15:40.0777 4576 SkypeUpdate - ok
17:15:40.0824 4576 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:15:40.0855 4576 Smb - ok
17:15:40.0949 4576 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
17:15:40.0980 4576 smihlp - ok
17:15:41.0042 4576 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:15:41.0058 4576 SNMPTRAP - ok
17:15:41.0105 4576 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:15:41.0120 4576 spldr - ok
17:15:41.0183 4576 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:15:41.0261 4576 Spooler - ok
17:15:41.0417 4576 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:15:41.0526 4576 sppsvc - ok
17:15:41.0588 4576 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:15:41.0635 4576 sppuinotify - ok
17:15:41.0697 4576 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:15:41.0760 4576 srv - ok
17:15:41.0791 4576 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:15:41.0822 4576 srv2 - ok
17:15:41.0869 4576 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:15:41.0885 4576 SrvHsfHDA - ok
17:15:41.0931 4576 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:15:41.0963 4576 SrvHsfV92 - ok
17:15:41.0994 4576 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:15:42.0025 4576 SrvHsfWinac - ok
17:15:42.0072 4576 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:15:42.0119 4576 srvnet - ok
17:15:42.0150 4576 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:15:42.0228 4576 SSDPSRV - ok
17:15:42.0243 4576 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:15:42.0306 4576 SstpSvc - ok
17:15:42.0337 4576 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:15:42.0353 4576 stexstor - ok
17:15:42.0431 4576 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:15:42.0493 4576 StiSvc - ok
17:15:42.0602 4576 [ 9D4A85334D002B6A6FDB7C5F3E3722EB ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
17:15:42.0633 4576 SUService - ok
17:15:42.0680 4576 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:15:42.0696 4576 swenum - ok
17:15:42.0852 4576 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:15:42.0914 4576 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:15:42.0914 4576 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:15:42.0961 4576 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:15:43.0039 4576 swprv - ok
17:15:43.0070 4576 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:15:43.0086 4576 SynTP - ok
17:15:43.0164 4576 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:15:43.0195 4576 SysMain - ok
17:15:43.0226 4576 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:15:43.0273 4576 TabletInputService - ok
17:15:43.0320 4576 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:15:43.0382 4576 TapiSrv - ok
17:15:43.0413 4576 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:15:43.0476 4576 TBS - ok
17:15:43.0632 4576 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:15:43.0694 4576 Tcpip - ok
17:15:43.0757 4576 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:15:43.0803 4576 TCPIP6 - ok
17:15:43.0866 4576 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:15:43.0913 4576 tcpipreg - ok
17:15:43.0975 4576 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:15:44.0037 4576 TDPIPE - ok
17:15:44.0069 4576 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:15:44.0100 4576 TDTCP - ok
17:15:44.0147 4576 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:15:44.0240 4576 tdx - ok
17:15:44.0256 4576 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:15:44.0271 4576 TermDD - ok
17:15:44.0334 4576 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:15:44.0396 4576 TermService - ok
17:15:44.0427 4576 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:15:44.0474 4576 Themes - ok
17:15:44.0505 4576 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:15:44.0537 4576 THREADORDER - ok
17:15:44.0568 4576 [ 8F58C4FBF3F6E5B816C47201EDE90DCE ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
17:15:44.0583 4576 TPDIGIMN - ok
17:15:44.0615 4576 [ 116156A5835224407A6DC8C44B6EF4EE ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
17:15:44.0630 4576 TPHDEXLGSVC - ok
17:15:44.0693 4576 [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
17:15:44.0724 4576 TPHKLOAD - ok
17:15:44.0739 4576 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
17:15:44.0755 4576 TPHKSVC - ok
17:15:44.0817 4576 [ C9DA1FEF94EF44D7BD0CA0CBDAD5C44C ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
17:15:44.0849 4576 TPPWRIF - ok
17:15:44.0880 4576 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:15:44.0942 4576 TrkWks - ok
17:15:45.0020 4576 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:15:45.0098 4576 TrustedInstaller - ok
17:15:45.0129 4576 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:45.0192 4576 tssecsrv - ok
17:15:45.0270 4576 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:15:45.0317 4576 TsUsbFlt - ok
17:15:45.0395 4576 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:15:45.0457 4576 tunnel - ok
17:15:45.0504 4576 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:15:45.0535 4576 uagp35 - ok
17:15:45.0644 4576 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
17:15:45.0675 4576 uCamMonitor - ok
17:15:45.0691 4576 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:15:45.0769 4576 udfs - ok
17:15:45.0816 4576 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:15:45.0847 4576 UI0Detect - ok
17:15:45.0878 4576 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:15:45.0894 4576 uliagpkx - ok
17:15:45.0972 4576 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:15:46.0003 4576 umbus - ok
17:15:46.0034 4576 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:15:46.0081 4576 UmPass - ok
17:15:46.0128 4576 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:15:46.0190 4576 upnphost - ok
17:15:46.0253 4576 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:15:46.0284 4576 USBAAPL - ok
17:15:46.0393 4576 [ A1977C315BF5691DA99235AA4A6907AF ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:15:46.0533 4576 usbaudio - ok
17:15:46.0596 4576 [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:15:46.0674 4576 usbccgp - ok
17:15:46.0705 4576 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:15:46.0752 4576 usbcir - ok
17:15:46.0767 4576 [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:15:46.0830 4576 usbehci - ok
17:15:46.0861 4576 [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:15:46.0908 4576 usbhub - ok
17:15:46.0955 4576 [ DCDF9855145A14DFCA0AB32308871961 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:15:47.0001 4576 usbohci - ok
17:15:47.0048 4576 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:15:47.0079 4576 usbprint - ok
17:15:47.0111 4576 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:47.0157 4576 USBSTOR - ok
17:15:47.0173 4576 [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:15:47.0235 4576 usbuhci - ok
17:15:47.0298 4576 [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:15:47.0360 4576 usbvideo - ok
17:15:47.0391 4576 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:15:47.0438 4576 UxSms - ok
17:15:47.0438 4576 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:15:47.0469 4576 VaultSvc - ok
17:15:47.0532 4576 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:15:47.0547 4576 vdrvroot - ok
17:15:47.0610 4576 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:15:47.0672 4576 vds - ok
17:15:47.0719 4576 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:47.0766 4576 vga - ok
17:15:47.0813 4576 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:15:47.0859 4576 VgaSave - ok
17:15:47.0891 4576 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:15:47.0906 4576 vhdmp - ok
17:15:47.0953 4576 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:15:47.0969 4576 viaagp - ok
17:15:47.0984 4576 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:15:48.0015 4576 ViaC7 - ok
17:15:48.0078 4576 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:15:48.0109 4576 viaide - ok
17:15:48.0203 4576 [ E19C382E2B1F1478F76C6A285ADBB993 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys
17:15:48.0265 4576 vm331avs - ok
17:15:48.0296 4576 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:15:48.0327 4576 volmgr - ok
17:15:48.0374 4576 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:15:48.0405 4576 volmgrx - ok
17:15:48.0452 4576 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:15:48.0468 4576 volsnap - ok
17:15:48.0515 4576 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:15:48.0530 4576 vsmraid - ok
17:15:48.0593 4576 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:15:48.0655 4576 VSS - ok
17:15:48.0811 4576 [ CCDE899C270F65D6F9835130067913CA ] vvftav323 C:\Windows\system32\drivers\vvftav323.sys
17:15:48.0858 4576 vvftav323 - ok
17:15:48.0889 4576 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:15:48.0951 4576 vwifibus - ok
17:15:49.0045 4576 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:15:49.0139 4576 W32Time - ok
17:15:49.0185 4576 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:15:49.0217 4576 WacomPen - ok
17:15:49.0263 4576 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:15:49.0326 4576 WANARP - ok
17:15:49.0326 4576 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:15:49.0357 4576 Wanarpv6 - ok
17:15:49.0466 4576 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:15:49.0529 4576 WatAdminSvc - ok
17:15:49.0622 4576 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:15:49.0700 4576 wbengine - ok
17:15:49.0763 4576 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:15:49.0841 4576 WbioSrvc - ok
17:15:49.0887 4576 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:15:49.0919 4576 wcncsvc - ok
17:15:49.0965 4576 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:15:49.0997 4576 WcsPlugInService - ok
17:15:50.0028 4576 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:15:50.0059 4576 Wd - ok
17:15:50.0106 4576 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:15:50.0153 4576 Wdf01000 - ok
17:15:50.0184 4576 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:15:50.0246 4576 WdiServiceHost - ok
17:15:50.0262 4576 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:15:50.0277 4576 WdiSystemHost - ok
17:15:50.0340 4576 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
17:15:50.0402 4576 WebClient - ok
17:15:50.0433 4576 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:15:50.0480 4576 Wecsvc - ok
17:15:50.0496 4576 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:15:50.0527 4576 wercplsupport - ok
17:15:50.0574 4576 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:15:50.0636 4576 WerSvc - ok
17:15:50.0683 4576 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:50.0714 4576 WfpLwf - ok
17:15:50.0730 4576 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:15:50.0745 4576 WIMMount - ok
17:15:50.0792 4576 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:15:50.0839 4576 winachsf - ok
17:15:50.0964 4576 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:15:51.0026 4576 WinDefend - ok
17:15:51.0057 4576 WinHttpAutoProxySvc - ok
17:15:51.0135 4576 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:15:51.0198 4576 Winmgmt - ok
17:15:51.0260 4576 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:15:51.0354 4576 WinRM - ok
17:15:51.0479 4576 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
17:15:51.0525 4576 WinUsb - ok
17:15:51.0619 4576 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:15:51.0666 4576 Wlansvc - ok
17:15:51.0775 4576 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:15:51.0806 4576 wlcrasvc - ok
17:15:51.0947 4576 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:15:52.0009 4576 wlidsvc - ok
17:15:52.0056 4576 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:15:52.0087 4576 WmiAcpi - ok
17:15:52.0149 4576 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:15:52.0181 4576 wmiApSrv - ok
17:15:52.0305 4576 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:15:52.0368 4576 WMPNetworkSvc - ok
17:15:52.0399 4576 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:15:52.0430 4576 WPCSvc - ok
17:15:52.0477 4576 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:15:52.0524 4576 WPDBusEnum - ok
17:15:52.0571 4576 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:15:52.0633 4576 ws2ifsl - ok
17:15:52.0680 4576 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
17:15:52.0727 4576 wscsvc - ok
17:15:52.0727 4576 WSearch - ok
17:15:52.0836 4576 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:15:52.0914 4576 wuauserv - ok
17:15:52.0945 4576 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:15:52.0961 4576 WudfPf - ok
17:15:53.0023 4576 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:15:53.0054 4576 WUDFRd - ok
17:15:53.0117 4576 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:15:53.0148 4576 wudfsvc - ok
17:15:53.0179 4576 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:15:53.0226 4576 WwanSvc - ok
17:15:53.0273 4576 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
17:15:53.0304 4576 XAudio - ok
17:15:53.0382 4576 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
17:15:53.0429 4576 XAudioService - ok
17:15:53.0538 4576 [ 74EC37B9EAF9FCA015B933A526825C7A ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
17:15:53.0553 4576 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
17:15:53.0600 4576 ================ Scan global ===============================
17:15:53.0631 4576 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:15:53.0678 4576 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
17:15:53.0725 4576 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
17:15:53.0756 4576 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:15:53.0756 4576 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:15:53.0772 4576 [Global] - ok
17:15:53.0772 4576 ================ Scan MBR ==================================
17:15:53.0787 4576 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:15:54.0380 4576 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:15:54.0380 4576 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:15:54.0380 4576 ================ Scan VBR ==================================
17:15:54.0380 4576 [ 3712A9FA3FBA85998190CD752CEE4323 ] \Device\Harddisk0\DR0\Partition1
17:15:54.0380 4576 \Device\Harddisk0\DR0\Partition1 - ok
17:15:54.0427 4576 [ 44AEB71A70097B0131DCF11E38471B21 ] \Device\Harddisk0\DR0\Partition2
17:15:54.0427 4576 \Device\Harddisk0\DR0\Partition2 - ok
17:15:54.0427 4576 ============================================================
17:15:54.0427 4576 Scan finished
17:15:54.0427 4576 ============================================================
17:15:54.0443 3944 Detected object count: 3
17:15:54.0443 3944 Actual detected object count: 3
17:16:18.0511 3944 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:18.0511 3944 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:18.0515 3944 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:18.0516 3944 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:18.0667 3944 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:16:18.0690 3944 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:16:18.0799 3944 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:16:18.0854 3944 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:16:18.0883 3944 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:16:18.0930 3944 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:16:21.0214 3944 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:16:21.0236 3944 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:16:21.0243 3944 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:16:21.0249 3944 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:16:21.0579 3944 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:16:21.0616 3944 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:16:21.0633 3944 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:16:21.0639 3944 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:16:21.0648 3944 \Device\Harddisk0\DR0\TDLFS - deleted
17:16:21.0648 3944 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:16:38.0162 4116 Deinitialize success
  • 0

#15
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Malwarebytes log: First time it completed the scan, making progress....


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.11.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
User :: USER-PC [administrator]

10/10/2013 11:30:42 PM
mbam-log-2013-10-10 (23-30-42).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347446
Time elapsed: 8 hour(s), 58 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 20
C:\Users\User\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Windows\Installer\1e4e567c.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\1e4e5682.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\1e4e5688.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP0DNBP2\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K16B1Q0J\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5MV56TQ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10102013_203901\C_Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\mgHelperGC.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\torch\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\PerHelperGC.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP