Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, Ads in the corner of the screen, temporary loss of internet connection


  • This topic is locked This topic is locked
48 replies to this topic

#1 christhekid

christhekid

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 11 April 2012 - 01:21 AM

The help is very very greatly appreciated

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Christian at 2:15:51 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1729 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Google Update] "C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Facebook Update] "C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEAGAT~1.LNK - C:\Users\Christian\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23BF1AB4-3C72-48D7-A260-DB3CDAF8793D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4386A8E5-EA66-47D6-A379-928F8F30215B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 216.240.133.193 www.google-analytics.com.
Hosts: 216.240.133.193 ad-emea.doubleclick.net.
Hosts: 216.240.133.193 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - dc09309f-a595-4035-875a-d199023c13f3
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSviA64.sys [2011-6-24 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-20 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-28 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-20 2320920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-6-25 136824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/02/20 01:49:37;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-12-6 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-8 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-05 03:04:51 -------- d-----w- C:\Program Files (x86)\CDisplay
2012-04-03 22:24:31 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symefa64.sys
2012-04-03 22:24:31 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symds64.sys
2012-04-03 22:24:31 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symnets.sys
2012-04-03 22:24:30 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtsp64.sys
2012-04-03 22:24:30 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtspx64.sys
2012-04-03 22:24:30 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\ironx64.sys
2012-04-03 22:24:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207010.003
2012-04-03 03:34:09 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 02:54:54 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 02:50:48 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-04-03 02:50:47 -------- d-----w- C:\ProgramData\Tarma Installer
2012-04-03 02:50:43 -------- d-----w- C:\Program Files (x86)\fbphotozoom
2012-04-03 02:50:19 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-04-01 00:17:00 -------- d-----w- C:\Program Files\iPod
2012-04-01 00:16:59 -------- d-----w- C:\Program Files\iTunes
2012-03-19 18:29:35 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29:35 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 08:39:34 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:39:33 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:39:32 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-04-03 03:34:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 03:58:52 251392 ----a-w- C:\Windows\System32\staco64.dll
2012-03-12 03:57:19 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-03-12 03:57:19 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-03-12 03:57:19 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-03-12 03:55:50 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2012-03-12 03:55:50 411944 ----a-w- C:\Windows\System32\SynCOM.dll
2012-03-12 03:55:50 276264 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-03-12 03:55:50 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-03-12 03:55:50 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-03-12 03:55:50 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-03-12 03:55:50 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2012-03-12 03:55:50 1451056 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-03-12 03:55:50 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 2:18:50.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:54 PM

Posted 11 April 2012 - 02:38 AM

Hello christhekid and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Do you have access to a USB flash drive that we could utilize?


-----
It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 11 April 2012 - 04:59 PM

Seems to be fine right now, still a bit of the same problems like the add in the corner

17:24:58.0159 1096 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:24:58.0437 1096 ============================================================
17:24:58.0437 1096 Current date / time: 2012/04/11 17:24:58.0437
17:24:58.0438 1096 SystemInfo:
17:24:58.0438 1096
17:24:58.0438 1096 OS Version: 6.1.7600 ServicePack: 0.0
17:24:58.0438 1096 Product type: Workstation
17:24:58.0438 1096 ComputerName: APRIL-HP
17:24:58.0438 1096 UserName: Christian
17:24:58.0438 1096 Windows directory: C:\Windows
17:24:58.0438 1096 System windows directory: C:\Windows
17:24:58.0439 1096 Running under WOW64
17:24:58.0439 1096 Processor architecture: Intel x64
17:24:58.0439 1096 Number of processors: 4
17:24:58.0439 1096 Page size: 0x1000
17:24:58.0439 1096 Boot type: Normal boot
17:24:58.0439 1096 ============================================================
17:24:59.0056 1096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:59.0065 1096 \Device\Harddisk0\DR0:
17:24:59.0066 1096 MBR used
17:24:59.0066 1096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:24:59.0066 1096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385A2800
17:24:59.0066 1096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38606800, BlocksNum 0x1D4B800
17:24:59.0066 1096 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
17:24:59.0156 1096 Initialize success
17:24:59.0156 1096 ============================================================
17:27:43.0269 6024 ============================================================
17:27:43.0269 6024 Scan started
17:27:43.0269 6024 Mode: Manual; SigCheck; TDLFS;
17:27:43.0269 6024 ============================================================
17:27:44.0501 6024 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:27:44.0687 6024 1394ohci - ok
17:27:44.0863 6024 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:27:44.0903 6024 ACPI - ok
17:27:45.0054 6024 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:27:45.0105 6024 AcpiPmi - ok
17:27:45.0247 6024 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:45.0276 6024 AdobeFlashPlayerUpdateSvc - ok
17:27:45.0416 6024 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:27:45.0455 6024 adp94xx - ok
17:27:45.0565 6024 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:27:45.0596 6024 adpahci - ok
17:27:45.0724 6024 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:27:45.0747 6024 adpu320 - ok
17:27:45.0831 6024 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:27:45.0919 6024 AeLookupSvc - ok
17:27:46.0044 6024 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:27:46.0102 6024 AFD - ok
17:27:46.0223 6024 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:27:46.0244 6024 agp440 - ok
17:27:46.0355 6024 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:27:46.0436 6024 ALG - ok
17:27:46.0556 6024 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:27:46.0572 6024 aliide - ok
17:27:46.0680 6024 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:27:46.0697 6024 amdide - ok
17:27:46.0825 6024 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:27:46.0875 6024 AmdK8 - ok
17:27:47.0012 6024 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:27:47.0057 6024 AmdPPM - ok
17:27:47.0177 6024 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:27:47.0197 6024 amdsata - ok
17:27:47.0357 6024 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:27:47.0373 6024 amdsbs - ok
17:27:47.0542 6024 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:27:47.0562 6024 amdxata - ok
17:27:47.0726 6024 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:27:47.0855 6024 AppID - ok
17:27:48.0178 6024 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:27:48.0269 6024 AppIDSvc - ok
17:27:48.0414 6024 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:27:48.0518 6024 Appinfo - ok
17:27:48.0742 6024 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:48.0761 6024 Apple Mobile Device - ok
17:27:48.0965 6024 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:27:49.0024 6024 arc - ok
17:27:49.0255 6024 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:27:49.0271 6024 arcsas - ok
17:27:49.0444 6024 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:49.0551 6024 AsyncMac - ok
17:27:49.0675 6024 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:27:49.0688 6024 atapi - ok
17:27:50.0482 6024 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:27:50.0609 6024 AudioEndpointBuilder - ok
17:27:50.0640 6024 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:27:50.0698 6024 AudioSrv - ok
17:27:50.0960 6024 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:27:50.0996 6024 AxInstSV - ok
17:27:51.0131 6024 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:27:51.0183 6024 b06bdrv - ok
17:27:51.0694 6024 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:27:51.0762 6024 b57nd60a - ok
17:27:52.0688 6024 BCM43XX (461e574d7967e895640109a371a912a5) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:27:52.0911 6024 BCM43XX - ok
17:27:52.0988 6024 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:27:53.0039 6024 BDESVC - ok
17:27:53.0152 6024 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:27:53.0238 6024 Beep - ok
17:27:53.0503 6024 BHDrvx64 (2175fbc1639e623872081b0f057409c8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys
17:27:53.0547 6024 BHDrvx64 - ok
17:27:53.0697 6024 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
17:27:53.0833 6024 BITS - ok
17:27:54.0083 6024 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:27:54.0110 6024 blbdrive - ok
17:27:54.0235 6024 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:27:54.0267 6024 Bonjour Service - ok
17:27:54.0381 6024 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:27:54.0442 6024 bowser - ok
17:27:54.0562 6024 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:27:54.0614 6024 BrFiltLo - ok
17:27:54.0709 6024 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:27:54.0745 6024 BrFiltUp - ok
17:27:54.0848 6024 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:27:54.0920 6024 Bridge - ok
17:27:54.0935 6024 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:27:54.0975 6024 BridgeMP - ok
17:27:55.0095 6024 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:27:55.0176 6024 Browser - ok
17:27:55.0307 6024 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:27:55.0374 6024 Brserid - ok
17:27:55.0468 6024 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:27:55.0504 6024 BrSerWdm - ok
17:27:55.0619 6024 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:27:55.0662 6024 BrUsbMdm - ok
17:27:55.0764 6024 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:27:55.0802 6024 BrUsbSer - ok
17:27:56.0173 6024 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:27:56.0267 6024 BthEnum - ok
17:27:56.0432 6024 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:27:56.0476 6024 BTHMODEM - ok
17:27:56.0659 6024 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:27:56.0695 6024 BthPan - ok
17:27:56.0844 6024 BTHPORT (538392664fee486620dfea146f2500bc) C:\Windows\System32\Drivers\BTHport.sys
17:27:56.0926 6024 BTHPORT - ok
17:27:57.0104 6024 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:27:57.0172 6024 bthserv - ok
17:27:57.0295 6024 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\Windows\System32\Drivers\BTHUSB.sys
17:27:57.0321 6024 BTHUSB - ok
17:27:57.0452 6024 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
17:27:57.0483 6024 btwampfl - ok
17:27:57.0631 6024 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
17:27:57.0640 6024 btwaudio - ok
17:27:57.0808 6024 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
17:27:57.0820 6024 btwavdt - ok
17:27:57.0953 6024 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:27:57.0993 6024 btwdins - ok
17:27:58.0105 6024 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:27:58.0114 6024 btwl2cap - ok
17:27:58.0275 6024 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
17:27:58.0285 6024 btwrchid - ok
17:27:58.0394 6024 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:27:58.0469 6024 cdfs - ok
17:27:58.0624 6024 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:27:58.0638 6024 cdrom - ok
17:27:58.0753 6024 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:27:58.0837 6024 CertPropSvc - ok
17:27:58.0951 6024 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:27:58.0995 6024 circlass - ok
17:27:59.0093 6024 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:27:59.0112 6024 CLFS - ok
17:27:59.0249 6024 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
17:27:59.0265 6024 CLKMSVC10_9EC60124 - ok
17:27:59.0344 6024 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:59.0355 6024 clr_optimization_v2.0.50727_32 - ok
17:27:59.0424 6024 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:59.0437 6024 clr_optimization_v2.0.50727_64 - ok
17:27:59.0551 6024 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:59.0561 6024 clr_optimization_v4.0.30319_32 - ok
17:27:59.0656 6024 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:59.0666 6024 clr_optimization_v4.0.30319_64 - ok
17:27:59.0763 6024 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
17:27:59.0772 6024 clwvd - ok
17:27:59.0882 6024 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:27:59.0914 6024 CmBatt - ok
17:28:00.0025 6024 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:28:00.0039 6024 cmdide - ok
17:28:00.0170 6024 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:28:00.0197 6024 CNG - ok
17:28:00.0312 6024 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:28:00.0325 6024 Compbatt - ok
17:28:00.0453 6024 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:28:00.0504 6024 CompositeBus - ok
17:28:00.0576 6024 COMSysApp - ok
17:28:00.0623 6024 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:28:00.0634 6024 crcdisk - ok
17:28:00.0730 6024 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:28:00.0793 6024 CryptSvc - ok
17:28:00.0927 6024 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:28:01.0003 6024 DcomLaunch - ok
17:28:01.0093 6024 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:28:01.0165 6024 defragsvc - ok
17:28:01.0315 6024 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:28:01.0343 6024 DfsC - ok
17:28:01.0458 6024 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:28:01.0496 6024 Dhcp - ok
17:28:01.0599 6024 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:28:01.0665 6024 discache - ok
17:28:01.0773 6024 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:28:01.0784 6024 Disk - ok
17:28:01.0878 6024 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:28:01.0900 6024 Dnscache - ok
17:28:02.0000 6024 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:28:02.0080 6024 dot3svc - ok
17:28:02.0166 6024 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:28:02.0229 6024 DPS - ok
17:28:02.0338 6024 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:28:02.0373 6024 drmkaud - ok
17:28:02.0498 6024 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:28:02.0513 6024 dtsoftbus01 - ok
17:28:02.0641 6024 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:02.0672 6024 DXGKrnl - ok
17:28:02.0770 6024 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:28:02.0842 6024 EapHost - ok
17:28:03.0033 6024 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:28:03.0235 6024 ebdrv - ok
17:28:03.0343 6024 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:28:03.0380 6024 eeCtrl - ok
17:28:03.0436 6024 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:28:03.0491 6024 EFS - ok
17:28:03.0605 6024 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:28:03.0670 6024 ehRecvr - ok
17:28:03.0727 6024 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:28:03.0760 6024 ehSched - ok
17:28:03.0854 6024 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:28:03.0879 6024 elxstor - ok
17:28:03.0987 6024 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:28:04.0009 6024 EraserUtilRebootDrv - ok
17:28:04.0092 6024 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:28:04.0141 6024 ErrDev - ok
17:28:04.0264 6024 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:28:04.0366 6024 EventSystem - ok
17:28:04.0469 6024 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:28:04.0533 6024 exfat - ok
17:28:04.0635 6024 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:28:04.0739 6024 fastfat - ok
17:28:04.0843 6024 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:28:04.0902 6024 Fax - ok
17:28:05.0054 6024 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:28:05.0094 6024 fdc - ok
17:28:05.0177 6024 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:28:05.0257 6024 fdPHost - ok
17:28:05.0349 6024 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:28:05.0431 6024 FDResPub - ok
17:28:05.0536 6024 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:28:05.0555 6024 FileInfo - ok
17:28:05.0663 6024 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:28:05.0741 6024 Filetrace - ok
17:28:05.0881 6024 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:28:05.0932 6024 flpydisk - ok
17:28:06.0033 6024 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:28:06.0054 6024 FltMgr - ok
17:28:06.0233 6024 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:28:06.0306 6024 FontCache - ok
17:28:06.0382 6024 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:28:06.0393 6024 FontCache3.0.0.0 - ok
17:28:06.0467 6024 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:28:06.0485 6024 FsDepends - ok
17:28:06.0569 6024 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:06.0582 6024 Fs_Rec - ok
17:28:06.0621 6024 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:28:06.0648 6024 fvevol - ok
17:28:06.0702 6024 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:28:06.0719 6024 gagp30kx - ok
17:28:06.0756 6024 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:28:06.0783 6024 GameConsoleService - ok
17:28:06.0825 6024 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:28:06.0841 6024 GEARAspiWDM - ok
17:28:06.0878 6024 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:28:06.0928 6024 gpsvc - ok
17:28:06.0967 6024 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:28:06.0994 6024 hcw85cir - ok
17:28:07.0030 6024 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:28:07.0064 6024 HdAudAddService - ok
17:28:07.0095 6024 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:28:07.0120 6024 HDAudBus - ok
17:28:07.0154 6024 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:28:07.0181 6024 HECIx64 - ok
17:28:07.0218 6024 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:28:07.0239 6024 HidBatt - ok
17:28:07.0271 6024 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:28:07.0294 6024 HidBth - ok
17:28:07.0327 6024 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:28:07.0354 6024 HidIr - ok
17:28:07.0387 6024 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:28:07.0459 6024 hidserv - ok
17:28:07.0537 6024 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:28:07.0558 6024 HidUsb - ok
17:28:07.0593 6024 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:28:07.0665 6024 hkmsvc - ok
17:28:07.0694 6024 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:28:07.0725 6024 HomeGroupListener - ok
17:28:07.0758 6024 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:28:07.0779 6024 HomeGroupProvider - ok
17:28:07.0828 6024 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:28:07.0844 6024 HP Support Assistant Service - ok
17:28:07.0884 6024 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:28:07.0895 6024 HP Wireless Assistant Service - ok
17:28:07.0922 6024 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:28:07.0939 6024 HPClientSvc - ok
17:28:07.0991 6024 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:28:08.0009 6024 HPDrvMntSvc.exe - ok
17:28:08.0071 6024 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:28:08.0116 6024 hpqwmiex - ok
17:28:08.0154 6024 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:28:08.0176 6024 HpSAMD - ok
17:28:08.0218 6024 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:28:08.0229 6024 HPWMISVC - ok
17:28:08.0267 6024 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:28:08.0345 6024 HTTP - ok
17:28:08.0381 6024 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:28:08.0395 6024 hwpolicy - ok
17:28:08.0429 6024 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:28:08.0450 6024 i8042prt - ok
17:28:08.0492 6024 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
17:28:08.0516 6024 iaStor - ok
17:28:08.0561 6024 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:28:08.0574 6024 IAStorDataMgrSvc - ok
17:28:08.0609 6024 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:28:08.0633 6024 iaStorV - ok
17:28:08.0682 6024 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:28:08.0715 6024 idsvc - ok
17:28:08.0788 6024 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvia64.sys
17:28:08.0812 6024 IDSVia64 - ok
17:28:09.0010 6024 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:28:09.0272 6024 igfx - ok
17:28:09.0308 6024 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:28:09.0326 6024 iirsp - ok
17:28:09.0368 6024 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:28:09.0454 6024 IKEEXT - ok
17:28:09.0502 6024 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:28:09.0527 6024 Impcd - ok
17:28:09.0696 6024 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:28:09.0711 6024 IntcDAud - ok
17:28:09.0818 6024 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:28:09.0832 6024 intelide - ok
17:28:09.0952 6024 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:10.0025 6024 intelppm - ok
17:28:10.0121 6024 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:28:10.0236 6024 IPBusEnum - ok
17:28:10.0376 6024 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:10.0464 6024 IpFilterDriver - ok
17:28:10.0600 6024 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:28:10.0643 6024 IPMIDRV - ok
17:28:10.0758 6024 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:28:10.0887 6024 IPNAT - ok
17:28:11.0003 6024 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:28:11.0047 6024 iPod Service - ok
17:28:11.0147 6024 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:28:11.0181 6024 IRENUM - ok
17:28:11.0315 6024 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:28:11.0340 6024 isapnp - ok
17:28:11.0348 6024 Suspicious service (Hidden): iscFlash
17:28:11.0396 6024 iscFlash ( HiddenService.Multi.Generic ) - warning
17:28:11.0396 6024 iscFlash - detected HiddenService.Multi.Generic (1)
17:28:11.0506 6024 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:28:11.0533 6024 iScsiPrt - ok
17:28:11.0634 6024 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:28:11.0655 6024 kbdclass - ok
17:28:11.0814 6024 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:28:11.0899 6024 kbdhid - ok
17:28:12.0058 6024 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:28:12.0081 6024 KSecDD - ok
17:28:12.0190 6024 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:28:12.0218 6024 KSecPkg - ok
17:28:12.0316 6024 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:28:12.0407 6024 ksthunk - ok
17:28:12.0511 6024 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:28:12.0629 6024 KtmRm - ok
17:28:12.0740 6024 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
17:28:12.0786 6024 LanmanServer - ok
17:28:12.0913 6024 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:28:13.0008 6024 LanmanWorkstation - ok
17:28:13.0098 6024 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:28:13.0110 6024 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:28:13.0110 6024 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:28:13.0235 6024 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:28:13.0322 6024 lltdio - ok
17:28:13.0418 6024 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:28:13.0500 6024 lltdsvc - ok
17:28:13.0589 6024 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:28:13.0663 6024 lmhosts - ok
17:28:13.0774 6024 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:28:13.0803 6024 LMS - ok
17:28:13.0921 6024 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:28:13.0940 6024 LSI_FC - ok
17:28:14.0045 6024 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:28:14.0066 6024 LSI_SAS - ok
17:28:14.0176 6024 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:28:14.0194 6024 LSI_SAS2 - ok
17:28:14.0303 6024 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:28:14.0328 6024 LSI_SCSI - ok
17:28:14.0452 6024 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:28:14.0541 6024 luafv - ok
17:28:14.0666 6024 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:28:14.0681 6024 MBAMProtector - ok
17:28:15.0254 6024 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:28:15.0298 6024 MBAMService - ok
17:28:15.0792 6024 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:28:15.0818 6024 Mcx2Svc - ok
17:28:15.0963 6024 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:28:15.0987 6024 megasas - ok
17:28:16.0549 6024 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:28:16.0578 6024 MegaSR - ok
17:28:16.0859 6024 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:28:16.0944 6024 MMCSS - ok
17:28:17.0384 6024 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:28:17.0480 6024 Modem - ok
17:28:17.0776 6024 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:28:17.0824 6024 monitor - ok
17:28:17.0931 6024 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:28:17.0942 6024 mouclass - ok
17:28:18.0071 6024 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:28:18.0100 6024 mouhid - ok
17:28:18.0263 6024 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:28:18.0273 6024 mountmgr - ok
17:28:18.0400 6024 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:28:18.0422 6024 mpio - ok
17:28:18.0528 6024 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:28:18.0608 6024 mpsdrv - ok
17:28:18.0733 6024 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:28:18.0769 6024 MRxDAV - ok
17:28:18.0982 6024 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:28:19.0025 6024 mrxsmb - ok
17:28:19.0197 6024 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:28:19.0234 6024 mrxsmb10 - ok
17:28:19.0421 6024 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:28:19.0452 6024 mrxsmb20 - ok
17:28:19.0696 6024 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
17:28:19.0707 6024 msahci - ok
17:28:19.0901 6024 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:28:19.0931 6024 msdsm - ok
17:28:20.0080 6024 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:28:20.0118 6024 MSDTC - ok
17:28:20.0300 6024 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:28:20.0371 6024 Msfs - ok
17:28:20.0574 6024 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:28:20.0654 6024 mshidkmdf - ok
17:28:20.0875 6024 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:28:20.0887 6024 msisadrv - ok
17:28:20.0970 6024 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:28:21.0035 6024 MSiSCSI - ok
17:28:21.0101 6024 msiserver - ok
17:28:21.0180 6024 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:28:21.0248 6024 MSKSSRV - ok
17:28:21.0365 6024 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:28:21.0423 6024 MSPCLOCK - ok
17:28:21.0552 6024 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:28:21.0625 6024 MSPQM - ok
17:28:21.0816 6024 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:28:21.0857 6024 MsRPC - ok
17:28:21.0990 6024 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:28:22.0007 6024 mssmbios - ok
17:28:22.0270 6024 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:28:22.0345 6024 MSTEE - ok
17:28:22.0503 6024 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:28:22.0565 6024 MTConfig - ok
17:28:22.0775 6024 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:28:22.0825 6024 Mup - ok
17:28:22.0958 6024 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:28:23.0056 6024 napagent - ok
17:28:23.0190 6024 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:28:23.0284 6024 NativeWifiP - ok
17:28:23.0511 6024 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110625.002\ENG64.SYS
17:28:23.0528 6024 NAVENG - ok
17:28:24.0678 6024 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110625.002\EX64.SYS
17:28:24.0789 6024 NAVEX15 - ok
17:28:25.0000 6024 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:28:25.0070 6024 NDIS - ok
17:28:25.0281 6024 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:28:25.0383 6024 NdisCap - ok
17:28:25.0564 6024 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:28:25.0631 6024 NdisTapi - ok
17:28:25.0802 6024 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:28:27.0231 6024 Ndisuio - ok
17:28:29.0835 6024 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:28:30.0337 6024 NdisWan - ok
17:28:30.0457 6024 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:28:30.0589 6024 NDProxy - ok
17:28:30.0782 6024 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:28:30.0860 6024 NetBIOS - ok
17:28:33.0733 6024 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:28:34.0327 6024 NetBT - ok
17:28:34.0495 6024 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:28:34.0518 6024 Netlogon - ok
17:28:34.0636 6024 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:28:34.0759 6024 Netman - ok
17:28:36.0132 6024 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:28:36.0243 6024 netprofm - ok
17:28:36.0427 6024 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:28:36.0439 6024 NetTcpPortSharing - ok
17:28:40.0753 6024 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:28:43.0510 6024 netw5v64 - ok
17:28:45.0294 6024 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:28:45.0319 6024 nfrd960 - ok
17:28:47.0458 6024 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
17:28:47.0477 6024 NIS - ok
17:28:49.0733 6024 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:28:49.0819 6024 NlaSvc - ok
17:28:50.0434 6024 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:28:50.0732 6024 Npfs - ok
17:28:51.0105 6024 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:28:51.0225 6024 nsi - ok
17:28:51.0367 6024 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:28:51.0464 6024 nsiproxy - ok
17:28:51.0807 6024 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:28:51.0873 6024 Ntfs - ok
17:28:52.0725 6024 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:28:52.0812 6024 Null - ok
17:28:53.0400 6024 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:28:53.0444 6024 nvraid - ok
17:28:53.0559 6024 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:28:53.0586 6024 nvstor - ok
17:28:53.0832 6024 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:28:53.0854 6024 nv_agp - ok
17:28:54.0586 6024 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:28:54.0665 6024 ohci1394 - ok
17:28:54.0917 6024 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:54.0989 6024 p2pimsvc - ok
17:28:55.0182 6024 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:28:55.0203 6024 p2psvc - ok
17:28:55.0383 6024 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:28:55.0401 6024 Parport - ok
17:28:55.0583 6024 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:28:55.0607 6024 partmgr - ok
17:28:55.0774 6024 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:28:55.0821 6024 PcaSvc - ok
17:28:56.0946 6024 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:28:56.0970 6024 pci - ok
17:28:57.0193 6024 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:28:57.0213 6024 pciide - ok
17:28:57.0451 6024 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:28:57.0475 6024 pcmcia - ok
17:28:57.0679 6024 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:28:57.0692 6024 pcw - ok
17:28:58.0531 6024 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:28:58.0591 6024 PEAUTH - ok
17:28:58.0739 6024 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:28:58.0778 6024 PerfHost - ok
17:28:59.0010 6024 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:28:59.0178 6024 pla - ok
17:28:59.0416 6024 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:28:59.0484 6024 PlugPlay - ok
17:28:59.0815 6024 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:29:00.0194 6024 PNRPAutoReg - ok
17:29:01.0295 6024 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:29:01.0339 6024 PNRPsvc - ok
17:29:01.0714 6024 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:29:01.0818 6024 PolicyAgent - ok
17:29:02.0277 6024 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:29:02.0380 6024 Power - ok
17:29:02.0648 6024 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:29:02.0705 6024 PptpMiniport - ok
17:29:02.0907 6024 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:29:02.0944 6024 Processor - ok
17:29:03.0124 6024 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:29:03.0216 6024 ProfSvc - ok
17:29:03.0597 6024 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:29:03.0660 6024 ProtectedStorage - ok
17:29:03.0985 6024 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:29:04.0074 6024 Psched - ok
17:29:05.0000 6024 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:29:05.0138 6024 ql2300 - ok
17:29:05.0352 6024 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:29:05.0369 6024 ql40xx - ok
17:29:05.0608 6024 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:29:05.0648 6024 QWAVE - ok
17:29:06.0071 6024 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:29:06.0140 6024 QWAVEdrv - ok
17:29:06.0450 6024 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:29:06.0706 6024 RasAcd - ok
17:29:07.0159 6024 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:29:07.0214 6024 RasAgileVpn - ok
17:29:07.0331 6024 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:29:07.0407 6024 RasAuto - ok
17:29:07.0563 6024 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:29:07.0715 6024 Rasl2tp - ok
17:29:08.0266 6024 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:29:08.0395 6024 RasMan - ok
17:29:08.0555 6024 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:29:08.0623 6024 RasPppoe - ok
17:29:08.0805 6024 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:29:08.0889 6024 RasSstp - ok
17:29:09.0093 6024 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:29:09.0179 6024 rdbss - ok
17:29:09.0436 6024 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:29:09.0478 6024 rdpbus - ok
17:29:09.0638 6024 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:29:09.0708 6024 RDPCDD - ok
17:29:10.0180 6024 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:29:10.0384 6024 RDPENCDD - ok
17:29:10.0613 6024 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:29:10.0666 6024 RDPREFMP - ok
17:29:10.0769 6024 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
17:29:10.0837 6024 RDPWD - ok
17:29:11.0023 6024 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
17:29:11.0045 6024 rdyboost - ok
17:29:11.0161 6024 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:29:11.0248 6024 RemoteAccess - ok
17:29:11.0422 6024 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:29:11.0512 6024 RemoteRegistry - ok
17:29:12.0110 6024 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:29:12.0181 6024 RFCOMM - ok
17:29:12.0530 6024 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:29:12.0562 6024 RoxioNow Service - ok
17:29:12.0956 6024 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:29:13.0075 6024 RpcEptMapper - ok
17:29:13.0219 6024 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:29:13.0260 6024 RpcLocator - ok
17:29:13.0412 6024 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:29:13.0473 6024 RpcSs - ok
17:29:13.0611 6024 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:29:13.0629 6024 RSPCIESTOR - ok
17:29:13.0765 6024 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:29:13.0852 6024 rspndr - ok
17:29:14.0268 6024 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:29:14.0290 6024 RTL8167 - ok
17:29:14.0409 6024 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:29:14.0424 6024 SamSs - ok
17:29:14.0491 6024 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:29:14.0520 6024 sbp2port - ok
17:29:14.0872 6024 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:29:14.0950 6024 SBSDWSCService - ok
17:29:15.0166 6024 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:29:15.0236 6024 SCardSvr - ok
17:29:15.0360 6024 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
17:29:15.0381 6024 SCDEmu - ok
17:29:15.0579 6024 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:29:15.0664 6024 scfilter - ok
17:29:16.0102 6024 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:29:16.0195 6024 Schedule - ok
17:29:16.0583 6024 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:29:16.0671 6024 SCPolicySvc - ok
17:29:16.0809 6024 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
17:29:16.0841 6024 sdbus - ok
17:29:16.0879 6024 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:29:16.0933 6024 SDRSVC - ok
17:29:17.0013 6024 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:29:17.0036 6024 SeaPort - ok
17:29:17.0124 6024 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:29:17.0226 6024 secdrv - ok
17:29:17.0367 6024 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:29:17.0448 6024 seclogon - ok
17:29:17.0559 6024 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:29:17.0633 6024 SENS - ok
17:29:17.0728 6024 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:29:17.0774 6024 SensrSvc - ok
17:29:18.0939 6024 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:29:18.0998 6024 Serenum - ok
17:29:19.0158 6024 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:29:19.0180 6024 Serial - ok
17:29:19.0474 6024 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:29:19.0520 6024 sermouse - ok
17:29:19.0762 6024 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:29:19.0824 6024 SessionEnv - ok
17:29:20.0970 6024 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:29:21.0044 6024 sffdisk - ok
17:29:21.0249 6024 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:29:21.0287 6024 sffp_mmc - ok
17:29:21.0668 6024 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:29:21.0689 6024 sffp_sd - ok
17:29:22.0406 6024 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:29:22.0440 6024 sfloppy - ok
17:29:22.0635 6024 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:29:22.0767 6024 SharedAccess - ok
17:29:22.0896 6024 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:29:22.0963 6024 ShellHWDetection - ok
17:29:23.0094 6024 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:29:23.0110 6024 SiSRaid2 - ok
17:29:23.0266 6024 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:29:23.0286 6024 SiSRaid4 - ok
17:29:23.0380 6024 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:29:23.0396 6024 SkypeUpdate - ok
17:29:23.0601 6024 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:29:23.0692 6024 Smb - ok
17:29:24.0077 6024 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:29:24.0103 6024 SNMPTRAP - ok
17:29:24.0272 6024 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:29:24.0289 6024 spldr - ok
17:29:24.0393 6024 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:29:24.0466 6024 Spooler - ok
17:29:24.0838 6024 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:29:25.0045 6024 sppsvc - ok
17:29:25.0179 6024 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:29:25.0263 6024 sppuinotify - ok
17:29:25.0506 6024 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
17:29:25.0542 6024 SRTSP - ok
17:29:25.0768 6024 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
17:29:25.0776 6024 SRTSPX - ok
17:29:26.0096 6024 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:29:26.0116 6024 srv - ok
17:29:26.0370 6024 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:29:26.0449 6024 srv2 - ok
17:29:26.0704 6024 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:29:26.0728 6024 SrvHsfHDA - ok
17:29:27.0068 6024 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:29:27.0203 6024 SrvHsfV92 - ok
17:29:27.0429 6024 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:29:27.0453 6024 SrvHsfWinac - ok
17:29:27.0668 6024 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:29:27.0713 6024 srvnet - ok
17:29:28.0405 6024 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:29:28.0506 6024 SSDPSRV - ok
17:29:28.0639 6024 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:29:28.0682 6024 SstpSvc - ok
17:29:28.0828 6024 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:29:28.0839 6024 stexstor - ok
17:29:29.0144 6024 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
17:29:29.0144 6024 Suspicious file (Hidden): C:\Windows\system32\DRIVERS\stwrt64.sys. md5: 0aad250a31a7ee96e0945ab9e1f3baa7
17:29:29.0145 6024 STHDA ( HiddenFile.Multi.Generic ) - warning
17:29:29.0145 6024 STHDA - detected HiddenFile.Multi.Generic (1)
17:29:29.0421 6024 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:29:29.0471 6024 stisvc - ok
17:29:29.0699 6024 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:29:29.0711 6024 swenum - ok
17:29:30.0382 6024 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:29:30.0453 6024 swprv - ok
17:29:30.0775 6024 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
17:29:30.0794 6024 SymDS - ok
17:29:31.0046 6024 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
17:29:31.0079 6024 SymEFA - ok
17:29:31.0302 6024 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:29:31.0314 6024 SymEvent - ok
17:29:31.0593 6024 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
17:29:31.0606 6024 SymIRON - ok
17:29:32.0056 6024 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
17:29:32.0073 6024 SymNetS - ok
17:29:33.0321 6024 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
17:29:33.0404 6024 SynTP - ok
17:29:33.0630 6024 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:29:33.0717 6024 SysMain - ok
17:29:33.0819 6024 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:29:34.0570 6024 TabletInputService - ok
17:29:34.0738 6024 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:29:34.0816 6024 TapiSrv - ok
17:29:34.0995 6024 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:29:35.0043 6024 TBS - ok
17:29:35.0234 6024 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:29:35.0295 6024 Tcpip - ok
17:29:35.0501 6024 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:29:35.0552 6024 TCPIP6 - ok
17:29:35.0708 6024 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:29:35.0746 6024 tcpipreg - ok
17:29:36.0607 6024 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:29:36.0661 6024 TDPIPE - ok
17:29:36.0798 6024 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:29:36.0837 6024 TDTCP - ok
17:29:36.0955 6024 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:29:37.0053 6024 tdx - ok
17:29:37.0199 6024 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:29:37.0216 6024 TermDD - ok
17:29:37.0342 6024 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:29:37.0450 6024 TermService - ok
17:29:37.0551 6024 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:29:37.0606 6024 Themes - ok
17:29:37.0711 6024 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:29:37.0795 6024 THREADORDER - ok
17:29:37.0967 6024 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:29:38.0074 6024 TrkWks - ok
17:29:38.0598 6024 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:29:38.0631 6024 TrustedInstaller - ok
17:29:38.0778 6024 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:29:38.0849 6024 tssecsrv - ok
17:29:39.0137 6024 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:29:39.0275 6024 tunnel - ok
17:29:39.0446 6024 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:29:39.0466 6024 uagp35 - ok
17:29:39.0610 6024 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
17:29:39.0661 6024 udfs - ok
17:29:39.0771 6024 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:29:39.0795 6024 UI0Detect - ok
17:29:40.0603 6024 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:29:40.0623 6024 uliagpkx - ok
17:29:40.0858 6024 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:29:40.0900 6024 umbus - ok
17:29:41.0350 6024 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:29:41.0400 6024 UmPass - ok
17:29:41.0609 6024 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:29:41.0691 6024 UNS - ok
17:29:41.0906 6024 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:29:42.0012 6024 upnphost - ok
17:29:42.0741 6024 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:29:42.0776 6024 USBAAPL64 - ok
17:29:42.0956 6024 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:29:43.0017 6024 usbaudio - ok
17:29:43.0195 6024 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:29:43.0258 6024 usbccgp - ok
17:29:43.0375 6024 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:29:43.0431 6024 usbcir - ok
17:29:43.0572 6024 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
17:29:43.0618 6024 usbehci - ok
17:29:43.0797 6024 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:29:43.0969 6024 usbhub - ok
17:29:44.0652 6024 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
17:29:44.0687 6024 usbohci - ok
17:29:44.0837 6024 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:29:44.0890 6024 usbprint - ok
17:29:45.0151 6024 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:29:45.0186 6024 usbscan - ok
17:29:45.0334 6024 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:29:45.0393 6024 USBSTOR - ok
17:29:45.0563 6024 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
17:29:45.0602 6024 usbuhci - ok
17:29:45.0753 6024 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:29:45.0801 6024 usbvideo - ok
17:29:46.0507 6024 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:29:46.0604 6024 UxSms - ok
17:29:46.0701 6024 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:29:46.0748 6024 VaultSvc - ok
17:29:46.0870 6024 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:29:46.0895 6024 vdrvroot - ok
17:29:47.0021 6024 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:29:47.0086 6024 vds - ok
17:29:47.0215 6024 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:29:47.0240 6024 vga - ok
17:29:47.0381 6024 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:29:47.0482 6024 VgaSave - ok
17:29:47.0611 6024 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:29:47.0643 6024 vhdmp - ok
17:29:47.0777 6024 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:29:47.0801 6024 viaide - ok
17:29:48.0147 6024 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:29:48.0164 6024 volmgr - ok
17:29:48.0248 6024 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:29:48.0265 6024 volmgrx - ok
17:29:48.0363 6024 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:29:48.0389 6024 volsnap - ok
17:29:48.0515 6024 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:29:48.0536 6024 vsmraid - ok
17:29:48.0684 6024 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:29:48.0753 6024 VSS - ok
17:29:48.0902 6024 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:29:48.0943 6024 vwifibus - ok
17:29:49.0060 6024 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:29:49.0112 6024 vwififlt - ok
17:29:49.0231 6024 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:29:49.0304 6024 W32Time - ok
17:29:49.0440 6024 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:29:49.0464 6024 WacomPen - ok
17:29:49.0617 6024 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:49.0711 6024 WANARP - ok
17:29:49.0751 6024 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:49.0834 6024 Wanarpv6 - ok
17:29:50.0120 6024 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:29:50.0193 6024 WatAdminSvc - ok
17:29:50.0361 6024 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:29:50.0438 6024 wbengine - ok
17:29:50.0545 6024 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:29:50.0587 6024 WbioSrvc - ok
17:29:50.0717 6024 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:29:50.0787 6024 wcncsvc - ok
17:29:50.0896 6024 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:29:50.0938 6024 WcsPlugInService - ok
17:29:51.0065 6024 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:29:51.0089 6024 Wd - ok
17:29:51.0160 6024 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:29:51.0192 6024 Wdf01000 - ok
17:29:51.0310 6024 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:51.0362 6024 WdiServiceHost - ok
17:29:51.0368 6024 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:51.0399 6024 WdiSystemHost - ok
17:29:51.0516 6024 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:29:51.0572 6024 WebClient - ok
17:29:51.0676 6024 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:29:51.0788 6024 Wecsvc - ok
17:29:52.0375 6024 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:29:52.0450 6024 wercplsupport - ok
17:29:52.0543 6024 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:29:52.0630 6024 WerSvc - ok
17:29:52.0745 6024 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:29:52.0819 6024 WfpLwf - ok
17:29:52.0972 6024 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:29:52.0996 6024 WIMMount - ok
17:29:53.0009 6024 WinHttpAutoProxySvc - ok
17:29:53.0156 6024 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:29:53.0241 6024 Winmgmt - ok
17:29:53.0409 6024 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:29:53.0540 6024 WinRM - ok
17:29:53.0723 6024 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
17:29:53.0785 6024 WinUsb - ok
17:29:54.0421 6024 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:29:54.0509 6024 Wlansvc - ok
17:29:54.0589 6024 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:29:54.0605 6024 wlcrasvc - ok
17:29:54.0797 6024 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:29:54.0927 6024 wlidsvc - ok
17:29:55.0092 6024 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:29:55.0112 6024 WmiAcpi - ok
17:29:55.0290 6024 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:29:55.0339 6024 wmiApSrv - ok
17:29:55.0376 6024 WMPNetworkSvc - ok
17:29:55.0473 6024 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:29:55.0516 6024 WPCSvc - ok
17:29:55.0639 6024 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:29:55.0719 6024 WPDBusEnum - ok
17:29:56.0282 6024 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:29:56.0380 6024 ws2ifsl - ok
17:29:56.0512 6024 WSearch - ok
17:29:56.0723 6024 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:29:56.0890 6024 wuauserv - ok
17:29:57.0004 6024 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:29:57.0067 6024 WudfPf - ok
17:29:57.0208 6024 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:29:57.0259 6024 WUDFRd - ok
17:29:57.0378 6024 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:29:57.0460 6024 wudfsvc - ok
17:29:57.0643 6024 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:29:57.0699 6024 WwanSvc - ok
17:29:58.0264 6024 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:29:58.0343 6024 yukonw7 - ok
17:29:58.0412 6024 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:29:58.0612 6024 \Device\Harddisk0\DR0 - ok
17:29:58.0619 6024 Boot (0x1200) (63efc281954bf16288afa79481afa2d7) \Device\Harddisk0\DR0\Partition0
17:29:58.0620 6024 \Device\Harddisk0\DR0\Partition0 - ok
17:29:58.0640 6024 Boot (0x1200) (88a5fafcdcf020a535e8dafdb72aa481) \Device\Harddisk0\DR0\Partition1
17:29:58.0642 6024 \Device\Harddisk0\DR0\Partition1 - ok
17:29:58.0685 6024 Boot (0x1200) (21b53d2f7a5501d62fb42a42779354cd) \Device\Harddisk0\DR0\Partition2
17:29:58.0687 6024 \Device\Harddisk0\DR0\Partition2 - ok
17:29:58.0733 6024 Boot (0x1200) (3b366d57d728b4c27548e301a377d8bc) \Device\Harddisk0\DR0\Partition3
17:29:58.0734 6024 \Device\Harddisk0\DR0\Partition3 - ok
17:29:58.0735 6024 ============================================================
17:29:58.0735 6024 Scan finished
17:29:58.0735 6024 ============================================================
17:29:58.0748 2880 Detected object count: 3
17:29:58.0748 2880 Actual detected object count: 3
17:31:08.0197 2880 iscFlash ( HiddenService.Multi.Generic ) - skipped by user
17:31:08.0197 2880 iscFlash ( HiddenService.Multi.Generic ) - User select action: Skip
17:31:08.0197 2880 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:08.0197 2880 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:08.0200 2880 STHDA ( HiddenFile.Multi.Generic ) - skipped by user
17:31:08.0200 2880 STHDA ( HiddenFile.Multi.Generic ) - User select action: Skip
17:31:27.0349 2132 Deinitialize success



Farbar Service Scanner Version: 01-03-2012
Ran by Christian (administrator) on 11-04-2012 at 17:36:21
Running from "C:\Users\Christian\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 23:50] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 11 April 2012 - 05:01 PM

OTL logfile created on: 4/11/2012 5:38:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.23% Memory free
7.60 Gb Paging File | 5.54 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.82 Gb Total Space | 357.87 Gb Free Space | 79.38% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 1.83 Gb Free Space | 12.49% Space Free | Partition Type: NTFS

Computer Name: APRIL-HP | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 17:37:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL.exe
PRC - [2012/04/11 17:36:02 | 000,337,137 | ---- | M] () -- C:\Users\Christian\Downloads\FSS.exe
PRC - [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/22 14:34:33 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 05:19:50 | 004,950,664 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/06/15 02:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/12/11 03:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/07/23 15:44:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/23 15:44:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/26 18:02:52 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/09/29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/11 17:36:02 | 000,337,137 | ---- | M] () -- C:\Users\Christian\Downloads\FSS.exe
MOD - [2012/04/02 22:54:54 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/19 14:29:35 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/11 23:55:24 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1cf99a471d270faeced42cb9eaa0980\IAStorUtil.ni.dll
MOD - [2012/03/11 23:55:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f6678aaee1dfa07180264a8cdfc526f8\IAStorCommon.ni.dll
MOD - [2012/02/15 04:29:27 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
MOD - [2012/02/15 04:29:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:28:56 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 04:28:49 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/15 04:28:38 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/15 04:28:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\404eb597d8a6e96e5bcd6cfb3b6ad693\System.Xml.ni.dll
MOD - [2012/02/15 04:28:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/15 04:28:26 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/14 12:58:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/28 05:19:50 | 004,950,664 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/06/28 05:19:28 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/06/28 05:19:26 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/06/28 05:19:26 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2010/11/22 18:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 18:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 18:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/10 17:26:28 | 000,237,361 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/02/10 17:26:28 | 000,237,361 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2009/09/29 12:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/11 17:28:21 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 23:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/29 23:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/21 18:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2012/04/02 23:34:16 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2010/12/06 19:21:08 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/07/23 15:44:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/07/23 15:44:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/11 17:28:22 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/11 23:57:19 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/11 23:55:50 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/17 21:32:11 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/07/14 15:46:04 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/05/13 00:30:43 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/11 03:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/08 17:30:00 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/08 14:55:14 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/12/08 14:55:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/12/08 14:55:04 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/20 17:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 17:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 17:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 10:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 18:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/06/02 21:08:18 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSviA64.sys -- (IDSVia64)
DRV - [2011/05/24 21:09:18 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110625.002\EX64.SYS -- (NAVEX15)
DRV - [2011/05/24 21:09:18 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110625.002\ENG64.SYS -- (NAVENG)
DRV - [2011/05/19 15:37:05 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/05/13 00:31:05 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/13 00:31:05 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 06 19 2B 0E 12 8D FC 42 83 7E F1 44 BB 53 EC DA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 06 19 2B 0E 12 8D FC 42 83 7E F1 44 BB 53 EC DA [binary data]

IE - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 06 19 2B 0E 12 8D FC 42 83 7E F1 44 BB 53 EC DA [binary data]
IE - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/11 18:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_6_3 [2012/04/11 17:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/02/20 05:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/20 05:51:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/20 05:52:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/11 23:20:17 | 000,000,000 | ---D | M]

[2011/06/23 22:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions
[2012/04/03 18:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions
[2011/07/08 02:49:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}
[2012/03/12 00:14:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/02 22:50:48 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\plugin@yontoo.com
[2011/11/09 01:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/20 23:30:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0PQBGL2X.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0PQBGL2X.DEFAULT\EXTENSIONS\FBPHOTOZOOM@INSTALLDADDY.COM.XPI
[2012/03/19 14:29:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 19:08:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 19:08:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: UnfollowHater = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm\1.0.6_0\
CHR - Extension: Skype Click to Call = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: ICE Quick Stream = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.92_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: Yontoo = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Gmail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/05 20:26:00 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003..\Run: [Facebook Update] C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe (Macrovision Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Users\Christian\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23BF1AB4-3C72-48D7-A260-DB3CDAF8793D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4386A8E5-EA66-47D6-A379-928F8F30215B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7af9844a-7053-11e0-a20c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7af9844a-7053-11e0-a20c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe --cdmenu
O33 - MountPoints2\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\Shell - "" = AutoRun
O33 - MountPoints2\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\Shell - "" = AutoRun
O33 - MountPoints2\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\Shell - "" = AutoRun
O33 - MountPoints2\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\Shell - "" = AutoRun
O33 - MountPoints2\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\recycle21autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()


========== Files/Folders - Created Within 30 Days ==========

[2012/04/11 17:31:08 | 004,113,408 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2012/04/11 17:31:08 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2012/04/11 17:31:08 | 001,424,896 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2012/04/11 17:31:08 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2012/04/11 17:30:24 | 000,251,392 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2012/04/11 17:30:16 | 000,535,040 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2012/04/11 17:30:13 | 001,966,080 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2012/04/11 17:30:13 | 000,655,872 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2012/04/11 17:30:13 | 000,446,464 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2012/04/11 17:24:31 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christian\Desktop\tdsskiller.exe
[2012/04/07 01:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/04/04 23:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
[2012/04/04 23:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay
[2012/04/04 22:02:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\tumblr gifs
[2012/04/02 23:34:09 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/02 22:54:54 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/02 22:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/04/02 22:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/04/02 22:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom
[2012/04/02 22:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/03/31 20:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/31 20:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/31 20:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/20 23:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/20 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/14 04:39:34 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 04:39:33 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 04:39:32 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 21:54:29 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/13 21:54:29 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 21:54:29 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/13 21:54:29 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/13 21:54:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/13 21:54:11 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 21:54:11 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 21:54:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 21:54:10 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 21:54:10 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/11 17:35:36 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristian.job
[2012/04/11 17:34:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 17:31:05 | 001,911,926 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207010.003\Cat.DB
[2012/04/11 17:28:22 | 004,113,408 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2012/04/11 17:28:22 | 001,424,896 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2012/04/11 17:28:22 | 000,535,040 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2012/04/11 17:28:22 | 000,446,464 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2012/04/11 17:28:21 | 006,012,416 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2012/04/11 17:28:21 | 005,077,504 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2012/04/11 17:28:21 | 001,966,080 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2012/04/11 17:28:21 | 001,819,136 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2012/04/11 17:28:21 | 001,041,920 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2012/04/11 17:28:21 | 000,655,872 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2012/04/11 17:28:21 | 000,251,392 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2012/04/11 17:28:21 | 000,233,472 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2012/04/11 17:28:20 | 000,564,224 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2012/04/11 17:24:36 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christian\Desktop\tdsskiller.exe
[2012/04/11 17:21:38 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:21:38 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:18:04 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/11 17:18:04 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/11 17:18:04 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/11 17:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 17:13:33 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 02:50:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003UA.job
[2012/04/11 02:47:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003UA.job
[2012/04/11 00:43:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAPRIL-HP$.job
[2012/04/10 20:50:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003Core.job
[2012/04/10 15:47:26 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003Core.job
[2012/04/10 00:48:12 | 000,002,417 | ---- | M] () -- C:\Users\Christian\Desktop\Google Chrome.lnk
[2012/04/07 01:07:21 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/04/04 23:04:51 | 000,000,943 | ---- | M] () -- C:\Users\Christian\Desktop\CDisplay.lnk
[2012/04/04 22:22:18 | 000,239,239 | ---- | M] () -- C:\Users\Christian\Desktop\tumblr_m1zib9XrbN1qfjt2j.jpg
[2012/04/04 22:01:12 | 000,002,480 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/04/02 23:34:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/02 23:34:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/02 23:34:09 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/31 20:17:38 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 20:40:14 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207010.003\isolate.ini
[2012/03/22 18:45:38 | 048,682,316 | ---- | M] () -- C:\Users\Christian\Desktop\02-Capricorn.wav
[2012/03/20 23:30:00 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/14 11:52:40 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 01:07:21 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012/04/07 01:07:21 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/04/04 23:04:51 | 000,000,943 | ---- | C] () -- C:\Users\Christian\Desktop\CDisplay.lnk
[2012/04/04 22:22:16 | 000,239,239 | ---- | C] () -- C:\Users\Christian\Desktop\tumblr_m1zib9XrbN1qfjt2j.jpg
[2012/04/02 22:54:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 20:17:38 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/28 16:31:15 | 000,054,174 | ---- | C] () -- C:\Users\Christian\Desktop\13431_1139185457785_1771887936_272391_3146426_n.jpg
[2012/03/22 18:38:09 | 048,682,316 | ---- | C] () -- C:\Users\Christian\Desktop\02-Capricorn.wav
[2012/03/11 23:56:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/12/28 00:37:23 | 000,010,902 | -HS- | C] () -- C:\Users\Christian\AppData\Local\f3bvygcqja281okh
[2011/12/28 00:37:23 | 000,010,902 | -HS- | C] () -- C:\ProgramData\f3bvygcqja281okh
[2011/12/19 05:47:55 | 000,010,682 | -HS- | C] () -- C:\Users\Christian\AppData\Local\7rnm1t05kq5iyr62360qmt0ft180wf3w4yf00
[2011/12/19 05:47:55 | 000,010,682 | -HS- | C] () -- C:\ProgramData\7rnm1t05kq5iyr62360qmt0ft180wf3w4yf00
[2011/12/16 18:34:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Im82pD.dat
[2011/12/16 17:37:27 | 000,011,516 | -HS- | C] () -- C:\Users\Christian\AppData\Local\4r18fa0h73o552
[2011/12/16 17:37:27 | 000,011,516 | -HS- | C] () -- C:\ProgramData\4r18fa0h73o552
[2011/12/05 20:54:09 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2011/12/05 20:25:17 | 000,009,968 | -HS- | C] () -- C:\Users\Christian\AppData\Local\2s18yw0b74o842
[2011/12/05 20:25:17 | 000,009,968 | -HS- | C] () -- C:\ProgramData\2s18yw0b74o842
[2011/08/29 02:30:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/08 02:54:46 | 000,000,552 | ---- | C] () -- C:\ProgramData\5671ed2b
[2011/07/07 17:28:01 | 000,006,379 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\DD98.986
[2011/04/26 22:14:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/09 06:09:44 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/08 14:55:08 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/08 14:55:04 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/12/08 14:55:02 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/09/24 19:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\system64\drivers\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_06066178c18f60bb\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_707b24137e7e1538\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a5210cb0540e395e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_06066178c18f60bb\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_707b24137e7e1538\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a5210cb0540e395e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/01/09 06:15:58 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/01/09 06:12:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/01/09 06:15:58 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/01/09 06:12:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/01/09 06:15:58 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/01/09 06:12:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/01/09 06:15:58 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/01/09 06:12:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: TDX.SYS >
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\SysNative\drivers\tdx.sys
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\system64\drivers\tdx.sys
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\system64\drivers\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/01/09 06:15:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/01/09 06:15:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011/01/09 06:15:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2011/01/09 06:15:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 14:29:35 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 14:29:35 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 14:29:35 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/26 10:58:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/26 10:58:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/26 10:58:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/26 10:58:15 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/19 14:29:35 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/19 14:29:35 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/19 14:29:35 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/03/19 14:29:35 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/26 10:58:13 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/26 10:58:13 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/26 10:58:13 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/26 10:58:15 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Christian\Desktop\Shaun.of.the.Dead.2004.DVDRIP-ZEKTORM.mp4:TOC.WMV

< End of report >



OTL Extras logfile created on: 4/11/2012 5:38:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.23% Memory free
7.60 Gb Paging File | 5.54 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.82 Gb Total Space | 357.87 Gb Free Space | 79.38% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 1.83 Gb Free Space | 12.49% Space Free | Partition Type: NTFS

Computer Name: APRIL-HP | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2156863413-2491466932-731352748-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{470E9A78-A276-46EB-85F1-05625C766889}" = HTC Sync
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownloader" = 1ClickDownloader
"AC3Filter" = AC3Filter (remove only)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"CDisplay_is1" = CDisplay 1.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Daniusoft MP3 WAV Converter_is1" = Daniusoft MP3 WAV Converter(Build 2.3.1.0)
"Debut" = Debut Video Capture Software
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Pixillion" = Pixillion Image Converter
"PowerISO" = PowerISO
"Reason5_is1" = Reason 5.0
"ReCycle_is1" = ReCycle 2.1.2
"Switch" = Switch Sound File Converter
"uTorrent" = µTorrent
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2156863413-2491466932-731352748-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2011 5:35:30 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 209837

Error - 10/6/2011 5:35:31 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/6/2011 5:35:31 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/7/2011 2:23:19 AM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/7/2011 2:23:19 AM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/7/2011 10:34:23 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/7/2011 10:34:23 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/7/2011 10:34:26 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/7/2011 10:34:26 PM | Computer Name = April-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/8/2011 7:22:44 PM | Computer Name = April-HP | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 7.0.1.4288, time
stamp: 0x4e83b93a Faulting module name: xul.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4e83b840 Exception code: 0xc0000005 Fault offset: 0x68a446f8 Faulting process
id: 0xe58 Faulting application start time: 0x01cc86112120005b Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: xul.dll
Report
Id: 6cb81e46-f204-11e0-87dc-cc52af6b1f86

[ Hewlett-Packard Events ]
Error - 10/8/2011 7:24:19 PM | Computer Name = April-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101108072417.xml
File not created by asset agent

Error - 12/21/2011 6:06:57 PM | Computer Name = April-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121121050653.xml
File not created by asset agent

Error - 12/29/2011 3:49:10 AM | Computer Name = April-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121129024907.xml
File not created by asset agent

Error - 3/11/2012 11:28:16 PM | Computer Name = April-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 3/11/2012 11:28:36 PM | Computer Name = April-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/11/2012 11:28:47 PM | Computer Name = April-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/12/2012 12:17:11 AM | Computer Name = April-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization:
50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 3/28/2012 6:06:04 PM | Computer Name = April-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/4f6cd5b0_e680_488b_a1bd_65209addc7e5/1eskexqdectfqnsvshtxubvk_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3893 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 4/11/2012 5:25:32 PM | Computer Name = April-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 3/14/2012 3:05:22 PM | Computer Name = April-HP | Source = CaslWmi | ID = 5
Description = 2012/03/14 15:05:22.096|000017CC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2012 4:37:25 PM | Computer Name = April-HP | Source = CaslWmi | ID = 5
Description = 2012/03/21 16:37:25.271|0000155C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2012 4:38:48 PM | Computer Name = April-HP | Source = CaslWmi | ID = 5
Description = 2012/03/21 16:38:48.699|000017E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2012 4:38:55 PM | Computer Name = April-HP | Source = CaslWmi | ID = 5
Description = 2012/03/21 16:38:55.453|000017E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/28/2012 6:06:18 PM | Computer Name = April-HP | Source = CaslWmi | ID = 5
Description = 2012/03/28 18:06:18.966|00001120|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/4/2012 10:12:45 PM | Computer Name = April-HP | Source = CaslWmi | ID = 5
Description = 2012/04/04 22:12:45.143|00000E64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 4/26/2011 11:10:14 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:10:22 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:11:29 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:11:37 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:12:45 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:12:52 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:14:00 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:14:08 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:15:15 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/26/2011 11:15:23 PM | Computer Name = April-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 11/9/2011 2:20:51 PM | Computer Name = April-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 11/9/2011 5:19:53 PM | Computer Name = April-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 11/10/2011 2:09:20 AM | Computer Name = April-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:07:04 AM on ?11/?10/?2011 was unexpected.

Error - 11/10/2011 2:15:20 AM | Computer Name = April-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243

Error - 11/11/2011 2:08:18 PM | Computer Name = April-HP | Source = DCOM | ID = 10010
Description =

Error - 11/12/2011 12:30:01 AM | Computer Name = April-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 11/14/2011 6:14:40 PM | Computer Name = April-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 11/16/2011 5:57:30 PM | Computer Name = April-HP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/16/2011 5:57:42 PM | Computer Name = April-HP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/16/2011 5:58:42 PM | Computer Name = April-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:54 PM

Posted 12 April 2012 - 01:02 AM

Hi christhekid!

Okay, thanks for that update.

We'll need to repair some data in your registry a little later to fix some corrupt data.

We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Double click on Programs and Features
  • Find and click the Uninstall button to uninstall the following (if present):
  • Yontoo 1.10.02
  • Java™ 6 Update 22 (64-bit)


NEXT:




OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2011/07/08 02:49:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O33 - MountPoints2\{7af9844a-7053-11e0-a20c-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{7af9844a-7053-11e0-a20c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe --cdmenu
    O33 - MountPoints2\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\Shell - "" = AutoRun
    O33 - MountPoints2\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\Shell\AutoRun\command - "" = H:\Autorun.exe
    O33 - MountPoints2\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
    O33 - MountPoints2\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
    O33 - MountPoints2\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\recycle21autorun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
    O37 - HKU\S-1-5-21-2156863413-2491466932-731352748-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2012/04/02 22:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
    [2011/12/28 00:37:23 | 000,010,902 | -HS- | C] () -- C:\Users\Christian\AppData\Local\f3bvygcqja281okh
    [2011/12/28 00:37:23 | 000,010,902 | -HS- | C] () -- C:\ProgramData\f3bvygcqja281okh
    [2011/12/19 05:47:55 | 000,010,682 | -HS- | C] () -- C:\Users\Christian\AppData\Local\7rnm1t05kq5iyr62360qmt0ft180wf3w4yf00
    [2011/12/19 05:47:55 | 000,010,682 | -HS- | C] () -- C:\ProgramData\7rnm1t05kq5iyr62360qmt0ft180wf3w4yf00
    [2011/12/16 18:34:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Im82pD.dat
    [2011/12/16 17:37:27 | 000,011,516 | -HS- | C] () -- C:\Users\Christian\AppData\Local\4r18fa0h73o552
    [2011/12/16 17:37:27 | 000,011,516 | -HS- | C] () -- C:\ProgramData\4r18fa0h73o552
    [2011/12/05 20:25:17 | 000,009,968 | -HS- | C] () -- C:\Users\Christian\AppData\Local\2s18yw0b74o842
    [2011/12/05 20:25:17 | 000,009,968 | -HS- | C] () -- C:\ProgramData\2s18yw0b74o842
    [2011/07/08 02:54:46 | 000,000,552 | ---- | C] () -- C:\ProgramData\5671ed2b
    [2011/07/07 17:28:01 | 000,006,379 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\DD98.986
    @Alternate Data Stream - 64 bytes -> C:\Users\Christian\Desktop\Shaun.of.the.Dead.2004.DVDRIP-ZEKTORM.mp4:TOC.WMV
    
    :Reg
    
    :Files
    C:\Program Files (x86)\Yontoo\
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 12 April 2012 - 07:26 PM

Everything seems to be ok at the moment, after I ran combofix I had to do a system restore because I wasn't able to connect back to ther internet. Thank you for all the help also, much appreciation.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\defaults\preferences folder moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\defaults folder moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7af9844a-7053-11e0-a20c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7af9844a-7053-11e0-a20c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7af9844a-7053-11e0-a20c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7af9844a-7053-11e0-a20c-806e6f6e6963}\ not found.
File E:\wubi.exe --cdmenu not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4336aad-ae50-11e0-80c3-cc52af6b1f86}\ not found.
File H:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc004230-a8e4-11e0-9083-cc52af6b1f86}\ not found.
File G:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc00424c-a8e4-11e0-9083-cc52af6b1f86}\ not found.
File G:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc004279-a8e4-11e0-9083-cc52af6b1f86}\ not found.
File G:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\recycle21autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\TL-Bootstrap.exe not found.
Registry key HKEY_USERS\S-1-5-21-2156863413-2491466932-731352748-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2156863413-2491466932-731352748-1003_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Folder C:\Program Files (x86)\Yontoo\ not found.
C:\Users\Christian\AppData\Local\f3bvygcqja281okh moved successfully.
C:\ProgramData\f3bvygcqja281okh moved successfully.
C:\Users\Christian\AppData\Local\7rnm1t05kq5iyr62360qmt0ft180wf3w4yf00 moved successfully.
C:\ProgramData\7rnm1t05kq5iyr62360qmt0ft180wf3w4yf00 moved successfully.
C:\ProgramData\Im82pD.dat moved successfully.
C:\Users\Christian\AppData\Local\4r18fa0h73o552 moved successfully.
C:\ProgramData\4r18fa0h73o552 moved successfully.
C:\Users\Christian\AppData\Local\2s18yw0b74o842 moved successfully.
C:\ProgramData\2s18yw0b74o842 moved successfully.
C:\ProgramData\5671ed2b moved successfully.
C:\Users\Christian\AppData\Roaming\DD98.986 moved successfully.
ADS C:\Users\Christian\Desktop\Shaun.of.the.Dead.2004.DVDRIP-ZEKTORM.mp4:TOC.WMV deleted successfully.
========== REGISTRY ==========
========== FILES ==========
Folder C:\Program Files (x86)\Yontoo not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: April
->Flash cache emptied: 11854 bytes

User: Christian
->Flash cache emptied: 7054 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: April
->Java cache emptied: 0 bytes

User: Christian
->Java cache emptied: 99874 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04122012_190410

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





ComboFix 12-04-12.03 - Christian 04/12/2012 19:26:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2125 [GMT -4:00]
Running from: c:\users\Christian\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Propellerhead Software\ReCycle
c:\programdata\Propellerhead Software\ReCycle\ReCycle212.dat
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\4iavi8sa.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}
c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\4iavi8sa.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\chrome.manifest
c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\4iavi8sa.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\chrome\xulcache.jar
c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\4iavi8sa.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\defaults\preferences\xulcache.js
c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\4iavi8sa.default\extensions\{6a5d881f-2e0a-4018-99f7-0a51e21b4fca}\install.rdf
c:\users\Christian\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\Christian\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 23:40 . 2012-04-12 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 23:40 . 2012-04-12 23:40 -------- d-----w- c:\users\April\AppData\Local\temp
2012-04-12 23:04 . 2012-04-12 23:04 -------- d-----w- C:\_OTL
2012-04-12 22:56 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 22:56 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 22:56 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 22:56 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 22:56 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 22:56 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 22:56 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 21:31 . 2012-04-11 21:28 4113408 ----a-w- c:\windows\system32\stlang64.dll
2012-04-11 21:31 . 2012-04-11 21:28 1424896 ----a-w- c:\windows\sttray64.exe
2012-04-11 21:31 . 2012-04-11 21:28 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-04-11 21:31 . 2012-04-11 21:28 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-04-11 21:30 . 2012-04-11 21:28 251392 ----a-w- c:\windows\system32\staco64.dll
2012-04-11 21:30 . 2012-04-11 21:28 535040 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-04-11 21:30 . 2012-04-11 21:28 446464 ----a-w- c:\windows\system32\stcplx64.dll
2012-04-11 21:30 . 2012-04-11 21:28 655872 ------w- c:\windows\system32\stapi64.dll
2012-04-11 21:30 . 2012-04-11 21:28 1966080 ----a-w- c:\windows\system32\stapo64.dll
2012-04-05 03:04 . 2012-04-05 03:04 -------- d-----w- c:\program files (x86)\CDisplay
2012-04-03 22:24 . 2012-04-05 02:00 -------- d-----w- c:\windows\system32\drivers\NISx64\1207010.003
2012-04-03 03:34 . 2012-04-03 03:34 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 02:54 . 2012-04-03 03:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 02:50 . 2012-04-03 02:50 -------- d-----w- c:\program files (x86)\fbphotozoom
2012-04-03 02:50 . 2012-04-03 02:51 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-04-01 00:17 . 2012-04-01 00:17 -------- d-----w- c:\program files\iPod
2012-04-01 00:16 . 2012-04-01 00:17 -------- d-----w- c:\program files\iTunes
2012-03-21 03:30 . 2012-03-21 03:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-19 18:29 . 2012-03-19 18:29 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 21:28 . 2011-02-20 09:37 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-04-11 21:28 . 2011-02-20 09:37 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-04-11 21:28 . 2011-02-20 09:37 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-04-11 21:28 . 2011-02-20 09:37 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-04-03 03:34 . 2011-07-04 22:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 03:57 . 2012-03-12 03:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-12 03:57 . 2012-03-12 03:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-03-12 03:57 . 2011-02-20 09:37 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-12 03:55 . 2012-03-12 03:56 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-03-12 03:55 . 2012-03-12 03:56 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-12 03:55 . 2012-03-12 03:56 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-03-12 03:55 . 2012-03-12 03:56 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-12 03:55 . 2012-03-12 03:56 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-03-12 03:55 . 2012-03-12 03:56 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-12 03:55 . 2012-03-12 03:56 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-03-12 03:55 . 2012-03-12 03:56 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-03-12 03:55 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-22 740216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]
"Facebook Update"="c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-09 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Seagate Product Registration.lnk - c:\users\Christian\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2011-8-27 1731736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/02/20 01:49;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-12-06 240112]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvia64.sys [2011-06-03 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-13 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 03:34]
.
2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003Core.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-09 01:44]
.
2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003UA.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-09 01:44]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 03:27]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 03:27]
.
2012-04-11 c:\windows\Tasks\HPCeeScheduleForAPRIL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-12 c:\windows\Tasks\HPCeeScheduleForChristian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-08 417304]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-11 1424896]
"combofix"="c:\combofix\CF13184.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\0pqbgl2x.default\
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-04-12 20:01:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 00:01
.
Pre-Run: 383,171,960,832 bytes free
Post-Run: 382,930,288,640 bytes free
.
- - End Of File - - ACA7BC8E0B1D94E0AE1AC22314BF97B3

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:54 PM

Posted 13 April 2012 - 12:05 AM

Hi!

Not a problem!

Do me a favor and run ComboFix again, and if you lose the ability to connect to the internet after it runs, please proceed with running ComboFix once more to see if it restores your internet connection.

If it still won't restore your internet connection and your forced to do a system restore to get your internet connection back do the following:


Running FRST

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Edited by SweetTech, 13 April 2012 - 12:05 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 15 April 2012 - 11:11 PM

Before I do this, I can't find my flash drive at the moment, If I use an external hard drive instead will that be fine.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:54 PM

Posted 17 April 2012 - 01:29 AM

Hi!

Yes you should be able to use an external hard drive to complete the above task. :)

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 20 April 2012 - 09:51 PM

Im not sure if I did something wrong but when I got to finding the program in the flash drive from notepad a bunch of letters and numbers just show up, so what am I doing wrong?

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:54 PM

Posted 21 April 2012 - 01:46 AM

Hi!

I'm not sure if I'm following you 100%. But from what I can gather, I think you may have attempted to open up FRST64 with Notepad, and the results you are seeing is a bunch of gibberish.

The reason why we wanted to launch Notepad, was so that we could make sure we knew what the correct drive for your external hard drive is. This is for when you go back to the Command Prompt you can ensure you're entering the correct command in.

Let me know if that makes sense. I'd like to have you try it again, and see if you have different results with the information above.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 22 April 2012 - 05:56 PM

Im going to try it again but in the mean time can you tell me if this laptop has been hacked or anything? because Ive seen music downloaded into itunes of a song which I never paid for and a notice of a movie that was supposedly downloaded which I never did.

#13 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 22 April 2012 - 06:18 PM

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012
Ran by SYSTEM at 22-04-2012 19:12:46
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2010-12-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-12-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2010-12-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-03-11] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-04-11] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions [598016 2009-11-19] (Teleca Sweden AB)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKU\April\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Christian\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Christian\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Christian\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Christian\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [4950664 2011-06-28] ()
HKU\Christian\...\Run: [Google Update] "C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-01] (Google Inc.)
HKU\Christian\...\Run: [Facebook Update] "C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-02-08] (Facebook Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-15] (Adobe Systems Incorporated)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CLKMSVC10_9EC60124; "C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [240112 2010-12-06] (CyberLink)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [103992 2010-07-21] (Hewlett-Packard Company)
2 HPClientSvc; "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" [291896 2010-08-05] (Hewlett-Packard Company)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [34872 2012-02-15] (Hewlett-Packard Development Company, L.P.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13592 2011-04-29] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [399344 2010-09-11] (Roxio)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-07-23] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
3 Bridge; C:\Windows\System32\Drivers\Bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-12-10] (CyberLink Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-07-14] (DT Soft Ltd)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-12] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-12] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvia64.sys [488056 2011-06-02] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110625.002\ENG64.SYS [117880 2011-05-24] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110625.002\EX64.SYS [2011768 2011-05-24] (Symantec Corporation)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [329832 2010-12-08] (Realtek Semiconductor Corp.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-12] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-17 23:17 - 2012-04-17 23:17 - 0802113 ____A C:\Users\Christian\Downloads\Unlocker1.9.1.exe
2012-04-17 23:17 - 2012-04-04 19:18 - 0575288 ____A () C:\Users\Christian\Downloads\unlocker.exe
2012-04-17 22:38 - 2011-06-23 20:44 - 0919846 ____A C:\Users\Christian\Downloads\tumblr_m208g7cMP11rshg3mo1_500.gif
2012-04-15 23:02 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-15 23:02 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-15 23:02 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-15 23:02 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-15 23:01 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-15 23:01 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-15 23:01 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-15 23:01 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-15 23:01 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-15 23:01 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-15 23:01 - 2011-05-02 21:21 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-15 23:01 - 2011-05-02 20:50 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-15 23:01 - 2011-04-26 06:58 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-15 23:01 - 2011-04-26 06:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-15 23:01 - 2010-12-20 22:16 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-15 23:01 - 2010-12-20 21:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-15 23:01 - 2009-07-13 17:41 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-15 23:01 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-15 23:01 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-15 23:01 - 2009-07-13 17:16 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-15 23:01 - 2009-07-13 17:16 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-15 23:01 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-15 23:01 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-15 23:00 - 2009-07-13 17:47 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-15 23:00 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-15 23:00 - 2009-07-13 17:38 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-15 23:00 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-15 23:00 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-15 23:00 - 2009-07-13 17:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-15 23:00 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-15 16:24 - 2012-04-21 18:02 - 0000000 ____D C:\Windows\system64
2012-04-15 02:48 - 2009-07-13 17:38 - 0024372 ____A C:\ComboFix.txt
2012-04-14 16:50 - 2011-10-09 15:59 - 0000000 ____D C:\Users\Christian\Downloads\ErykahBaduDiscography
2012-04-14 16:48 - 2011-08-22 11:04 - 0021709 ____A C:\Users\Christian\Downloads\O-Demonoid.me-O_Erykah_Badu_Discography_8983040.3818.torrent
2012-04-12 18:09 - 2011-08-02 16:42 - 0000000 ____D C:\Users\Christian\Downloads\The_Basedprint_2-(DatPiff.com)(1)
2012-04-12 18:07 - 2012-04-12 18:09 - 101942836 ____A C:\Users\Christian\Downloads\The_Basedprint_2-(DatPiff.com)(1).zip
2012-04-12 17:29 - 2012-02-06 12:47 - 0000000 ____D C:\Users\Christian\Downloads\1_bleep-(DatPiff.com)
2012-04-12 17:27 - 2012-04-12 17:29 - 151757544 ____A C:\Users\Christian\Downloads\1_bleep-(DatPiff.com).zip
2012-04-12 16:03 - 2012-04-04 19:04 - 0024867 ____A C:\Users\Christian\Desktop\combo.txt
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-12 15:41 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-12 15:41 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-12 15:41 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-12 15:41 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-12 15:41 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-12 15:23 - 2012-04-17 23:23 - 0000000 ____D C:\Qoobox
2012-04-12 15:23 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\ERDNT
2012-04-12 15:19 - 2012-03-22 14:45 - 0022210 ____A C:\Users\Christian\Desktop\04122012_190410.log
2012-04-12 15:04 - 2012-04-15 16:24 - 0000000 ____D C:\_OTL
2012-04-11 14:12 - 2012-04-12 18:08 - 101942836 ____A C:\Users\Christian\Downloads\The_Basedprint_2-(DatPiff.com).zip
2012-04-11 13:53 - 2012-04-22 14:48 - 0071060 ____A C:\Users\Christian\Downloads\Extras.Txt
2012-04-11 13:52 - 2012-04-11 13:37 - 0192456 ____A C:\Users\Christian\Downloads\OTL.Txt
2012-04-11 13:37 - 2011-07-28 17:02 - 0593920 ____A (OldTimer Tools) C:\Users\Christian\Downloads\OTL.exe
2012-04-11 13:36 - 2011-07-29 13:53 - 0337137 ____A C:\Users\Christian\Downloads\FSS.exe
2012-04-11 13:32 - 2012-04-11 13:31 - 0111958 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_17.32.24_log.txt
2012-04-11 13:31 - 2012-04-11 13:28 - 1819136 ____A (IDT, Inc.) C:\Windows\System32\IDTNC64.cpl
2012-04-11 13:31 - 2009-07-13 21:37 - 0003774 ____A C:\Windows\System32\2hps.ico
2012-04-11 13:31 - 2009-07-13 17:41 - 4113408 ____A (IDT, Inc.) C:\Windows\System32\stlang64.dll
2012-04-11 13:31 - 2009-07-13 17:41 - 0564224 ____A (IDT, Inc.) C:\Windows\System32\idt64mp1.exe
2012-04-11 13:31 - 2009-07-13 17:40 - 0003774 ____A C:\Windows\System32\bltinmic.ico
2012-04-11 13:31 - 2009-06-10 12:31 - 1424896 ____A (IDT, Inc.) C:\Windows\sttray64.exe
2012-04-11 13:30 - 2012-04-11 13:28 - 1966080 ____A (IDT, Inc.) C:\Windows\System32\stapo64.dll
2012-04-11 13:30 - 2012-04-11 13:28 - 0655872 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2012-04-11 13:30 - 2009-07-13 17:41 - 0446464 ____A (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2012-04-11 13:30 - 2009-07-13 17:41 - 0251392 ____A (IDT, Inc.) C:\Windows\System32\staco64.dll
2012-04-11 13:30 - 2009-07-13 16:06 - 0535040 ____A (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2012-04-11 13:24 - 2011-11-07 20:26 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Christian\Desktop\tdsskiller.exe
2012-04-11 13:24 - 2011-04-26 06:35 - 0134988 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_17.24.57_log.txt
2012-04-10 22:21 - 2011-10-01 19:27 - 0007057 ____A C:\Users\Christian\Desktop\Attach.txt
2012-04-10 22:15 - 2011-11-09 11:33 - 0607260 ____R (Swearware) C:\Users\Christian\Downloads\dds(1).scr
2012-04-06 21:07 - 2011-07-14 11:45 - 0001110 ____A C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2012-04-06 21:07 - 2011-07-10 18:25 - 1471592 ____A (NCH Software) C:\Users\Christian\Downloads\debutsetup.exe
2012-04-05 20:26 - 2011-09-27 11:31 - 0011474 ____A C:\Users\Christian\Downloads\[Demonoid.me]-The_Avengers_005_(2010)_(c2c)(Legion_of_Danger_CPS)_8983040.3818.torrent
2012-04-05 20:22 - 2012-02-23 10:56 - 0000000 ____D C:\Users\Christian\Downloads\Uncanny X-Men #540
2012-04-05 20:22 - 2011-10-14 12:26 - 0007977 ____A C:\Users\Christian\Downloads\[[Demonoid.me]]-Fear_Itself_Uncanny_X_Men_540_(2011)_(c2c)_(DangerAngel_CPS)__8983040.3818.torrent
2012-04-04 19:56 - 2012-02-08 17:44 - 0000000 ____D C:\Users\Christian\Downloads\Fear Itself - Marvel 2011
2012-04-04 19:50 - 2012-04-04 19:51 - 29222628 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_538__2011___c2c___MegaDanger_MM-CPS_.cbr
2012-04-04 19:24 - 2012-04-04 19:19 - 29078321 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_532_(2011)_(Minutemen-Meganubis).cbr
2012-04-04 19:23 - 2012-04-22 14:48 - 34869303 ____A C:\Users\Christian\Downloads\Uncanny X-Men 533 (2011) (Minutemen-Meganubis).cbr
2012-04-04 19:23 - 2012-04-04 19:41 - 26187105 ____A C:\Users\Christian\Downloads\Uncanny X-Men 536 (2011) (c2c) (DangerAngel-CPS).cbr
2012-04-04 19:22 - 2012-04-04 20:09 - 24516145 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_537__2011___c2c___DangerAngel-DCP_.cbr
2012-04-04 19:22 - 2012-04-04 19:55 - 23831422 ____A C:\Users\Christian\Downloads\Uncanny X-Men 535 (2011) (c2c) (Archangel-CPS).cbr
2012-04-04 19:21 - 2012-04-04 20:18 - 41507955 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_534__2011___c2c___DangerAngel-CPS_.cbr
2012-04-04 19:19 - 2012-04-04 20:20 - 18466841 ____A C:\Users\Christian\Downloads\Uncanny X-Men 534.1 (2011) (noads) (LegionWezz-CPS-DCP).cbr
2012-04-04 19:18 - 2012-04-04 19:48 - 29695598 ____A C:\Users\Christian\Downloads\Uncanny X-Men 539 (2011) (c2c) (DangerAngel-CPS).cbr
2012-04-04 19:18 - 2012-04-04 19:18 - 0008475 ____A C:\Users\Christian\Downloads\UNCANNY_X_-_MEN___536.6353449.TPB.torrent
2012-04-04 19:18 - 2012-04-04 19:18 - 0007975 ____A C:\Users\Christian\Downloads\UNCANNY_X_-_MEN___537.6424757.TPB.torrent
2012-04-04 19:18 - 2012-04-04 19:17 - 0009397 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___538.6474127.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0013230 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___534.6271030.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0011128 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___533.6199836.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0007827 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___535.6329834.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0006196 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___534.1.6300512.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:16 - 0009347 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___532.6132203.TPB.torrent
2012-04-04 19:16 - 2012-04-04 20:02 - 0007870 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___531.6065495.TPB.torrent
2012-04-04 19:16 - 2012-04-04 19:22 - 24149672 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_531_2011.cbr
2012-04-04 19:04 - 2012-04-04 19:04 - 1158444 ____A C:\Users\Christian\Downloads\setup.zip
2012-04-04 19:04 - 2012-02-18 23:16 - 0000943 ____A C:\Users\Christian\Desktop\CDisplay.lnk
2012-04-04 19:04 - 2011-12-01 17:59 - 0000000 ____D C:\Users\Christian\Downloads\setup
2012-04-04 19:04 - 2011-10-25 08:56 - 0000000 ____D C:\Program Files (x86)\CDisplay
2012-04-04 19:04 - - 0000943 ____A C:\Users\April\Desktop\CDisplay.lnk
2012-04-04 18:22 - 2012-04-21 23:32 - 0239239 ____A C:\Users\Christian\Desktop\tumblr_m1zib9XrbN1qfjt2j.jpg
2012-04-04 18:02 - 2012-04-11 13:24 - 0000000 ____D C:\Users\Christian\Desktop\tumblr gifs
2012-04-02 19:34 - 2012-04-15 17:34 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-02 18:54 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-02 18:54 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-02 18:50 - 2012-03-11 20:13 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-02 18:50 - 2012-03-11 20:13 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-04-02 18:50 - 2011-11-07 21:22 - 0193198 ____A C:\Users\Christian\Downloads\Men_In_Black_-_Complete_Series.exe
2012-04-02 18:50 - 2011-08-17 10:29 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-04-02 18:50 - 2011-08-02 21:10 - 0000000 ____D C:\Program Files (x86)\Yontoo
2012-04-02 18:50 - - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-31 16:17 - 2012-04-16 00:39 - 0000000 ____D C:\Program Files\iPod
2012-03-31 16:17 - 2012-02-23 16:21 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 16:16 - 2012-03-31 16:17 - 0000000 ____D C:\Program Files\iTunes
2012-03-28 12:31 - 2011-07-08 08:25 - 0054174 ____A C:\Users\Christian\Desktop\13431_1139185457785_1771887936_272391_3146426_n.jpg
2012-03-25 23:30 - 2012-01-02 21:15 - 0000000 ____D C:\Users\Christian\Downloads\Lil B - God s Father - HotNewHipHop


============ 3 Months Modified Files and Folders =============

2012-04-22 19:13 - 2012-04-22 19:12 - 0000000 ____D C:\FRST
2012-04-22 15:07 - 2011-02-20 01:59 - 3062255616 __ASH C:\hiberfil.sys
2012-04-22 15:07 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 15:07 - 2009-07-13 20:51 - 0076305 ____A C:\Windows\setupact.log
2012-04-22 15:04 - 2011-02-20 01:37 - 1108627 ____A C:\Windows\WindowsUpdate.log
2012-04-22 15:04 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 15:04 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-22 15:02 - 2011-06-23 20:46 - 0000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2012-04-22 14:48 - 2012-04-14 16:50 - 0000000 ____D C:\Users\Christian\Downloads\ErykahBaduDiscography
2012-04-22 14:48 - 2012-04-05 20:22 - 0000000 ____D C:\Users\Christian\Downloads\Uncanny X-Men #540
2012-04-22 14:48 - 2012-02-27 21:52 - 0000000 ____D C:\Users\Christian\Downloads\WZRD (Kid Cudi & Dot Da Genius) - WZRD [2012] [320 kbps]
2012-04-22 14:48 - 2012-02-23 10:58 - 0000000 ____D C:\Users\Christian\Downloads\Tyga-Careless_World-(Deluxe_Edition)-2012-CR
2012-04-22 14:48 - 2012-02-02 12:28 - 0000000 ____D C:\Users\Christian\Downloads\LiveLoveA$AP
2012-04-22 14:48 - 2012-01-09 21:55 - 0000000 ____D C:\Users\Christian\Downloads\Childish Gambino
2012-04-22 14:47 - 2011-10-01 19:27 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003UA.job
2012-04-21 23:34 - 2012-04-02 18:54 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-21 23:32 - 2012-04-04 18:02 - 0000000 ____D C:\Users\Christian\Desktop\tumblr gifs
2012-04-21 22:50 - 2012-02-08 17:45 - 0000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003UA.job
2012-04-21 18:02 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-21 16:50 - 2012-02-08 17:45 - 0000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003Core.job
2012-04-21 15:34 - 2011-10-01 19:27 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156863413-2491466932-731352748-1003Core.job
2012-04-18 14:18 - 2011-07-27 17:29 - 0000348 ____A C:\Windows\Tasks\HPCeeScheduleForChristian.job
2012-04-18 14:13 - 2011-06-23 18:35 - 0000000 ____D C:\users\Christian
2012-04-18 14:12 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-04-18 14:10 - 2011-04-27 17:53 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-04-18 14:09 - 2012-03-21 12:38 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-04-17 23:23 - 2011-06-23 18:35 - 0000000 ____D C:\Users\Christian\AppData\LocalLow
2012-04-17 23:17 - 2012-04-17 23:17 - 0802113 ____A C:\Users\Christian\Downloads\Unlocker1.9.1.exe
2012-04-17 23:17 - 2012-04-17 23:17 - 0575288 ____A () C:\Users\Christian\Downloads\unlocker.exe
2012-04-17 22:38 - 2012-04-17 22:38 - 0919846 ____A C:\Users\Christian\Downloads\tumblr_m208g7cMP11rshg3mo1_500.gif
2012-04-16 13:47 - 2011-10-01 19:28 - 0002417 ____A C:\Users\Christian\Desktop\Google Chrome.lnk
2012-04-15 17:34 - 2012-04-02 19:34 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-15 17:34 - 2012-04-02 18:54 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-15 17:34 - 2011-07-04 14:39 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-15 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-15 16:24 - 2012-04-15 16:24 - 0000000 ____D C:\Windows\system64
2012-04-15 16:22 - 2012-04-12 15:23 - 0000000 ____D C:\Windows\ERDNT
2012-04-15 16:22 - 2012-01-01 01:48 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-15 16:22 - 2011-04-26 18:14 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-15 16:22 - 2011-04-26 06:34 - 0000000 ____D C:\users\April
2012-04-15 16:22 - 2011-02-20 01:50 - 0000000 ____D C:\Users\All Users\Norton
2012-04-15 16:22 - 2011-02-20 01:50 - 0000000 ____D C:\ProgramData\Norton
2012-04-15 16:22 - 2011-01-09 01:52 - 0000000 ____D C:\Users\All Users\RoxioNow
2012-04-15 16:22 - 2011-01-09 01:52 - 0000000 ____D C:\ProgramData\RoxioNow
2012-04-15 16:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-15 16:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-15 16:22 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-15 02:48 - 2012-04-15 02:48 - 0024372 ____A C:\ComboFix.txt
2012-04-15 02:48 - 2012-04-12 15:23 - 0000000 ____D C:\Qoobox
2012-04-14 23:58 - 2009-07-13 18:34 - 61603840 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-14 23:58 - 2009-07-13 18:34 - 18087936 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-14 23:58 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-14 23:58 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-14 23:58 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-14 16:48 - 2012-04-14 16:48 - 0021709 ____A C:\Users\Christian\Downloads\O-Demonoid.me-O_Erykah_Badu_Discography_8983040.3818.torrent
2012-04-12 18:10 - 2011-07-07 22:50 - 0000000 ____D C:\Users\Christian\Desktop\Old music
2012-04-12 18:09 - 2012-04-12 18:09 - 0000000 ____D C:\Users\Christian\Downloads\The_Basedprint_2-(DatPiff.com)(1)
2012-04-12 18:08 - 2012-04-12 18:07 - 101942836 ____A C:\Users\Christian\Downloads\The_Basedprint_2-(DatPiff.com)(1).zip
2012-04-12 17:29 - 2012-04-12 17:29 - 0000000 ____D C:\Users\Christian\Downloads\1_bleep-(DatPiff.com)
2012-04-12 17:28 - 2012-04-12 17:27 - 151757544 ____A C:\Users\Christian\Downloads\1_bleep-(DatPiff.com).zip
2012-04-12 16:19 - 2012-04-02 18:50 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-12 16:19 - 2012-04-02 18:50 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-04-12 16:19 - 2012-04-02 18:50 - 0000000 ____D C:\Program Files (x86)\Yontoo
2012-04-12 16:17 - 2011-01-09 02:05 - 0000000 ____D C:\Program Files\Java
2012-04-12 16:03 - 2012-04-12 16:03 - 0024867 ____A C:\Users\Christian\Desktop\combo.txt
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-12 15:41 - 2012-04-12 15:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-12 15:37 - 2011-07-07 13:17 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Propellerhead Software
2012-04-12 15:19 - 2012-04-12 15:19 - 0022210 ____A C:\Users\Christian\Desktop\04122012_190410.log
2012-04-12 15:04 - 2012-04-12 15:04 - 0000000 ____D C:\_OTL
2012-04-12 14:51 - 2011-02-20 01:42 - 0006922 ____A C:\Windows\PFRO.log
2012-04-11 20:25 - 2011-06-29 08:08 - 0000000 ____D C:\Users\Christian\Documents\Youcam
2012-04-11 14:13 - 2012-04-11 14:12 - 101942836 ____A C:\Users\Christian\Downloads\The_Basedprint_2-(DatPiff.com).zip
2012-04-11 13:53 - 2012-04-11 13:53 - 0071060 ____A C:\Users\Christian\Downloads\Extras.Txt
2012-04-11 13:52 - 2012-04-11 13:52 - 0192456 ____A C:\Users\Christian\Downloads\OTL.Txt
2012-04-11 13:37 - 2012-04-11 13:37 - 0593920 ____A (OldTimer Tools) C:\Users\Christian\Downloads\OTL.exe
2012-04-11 13:36 - 2012-04-11 13:36 - 0337137 ____A C:\Users\Christian\Downloads\FSS.exe
2012-04-11 13:35 - 2012-04-11 13:32 - 0111958 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_17.32.24_log.txt
2012-04-11 13:34 - 2011-01-09 01:41 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-04-11 13:31 - 2012-04-11 13:24 - 0134988 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_17.24.57_log.txt
2012-04-11 13:31 - 2012-03-11 19:59 - 0000000 ____D C:\Program Files\IDT
2012-04-11 13:28 - 2012-04-11 13:31 - 4113408 ____A (IDT, Inc.) C:\Windows\System32\stlang64.dll
2012-04-11 13:28 - 2012-04-11 13:31 - 1819136 ____A (IDT, Inc.) C:\Windows\System32\IDTNC64.cpl
2012-04-11 13:28 - 2012-04-11 13:31 - 1424896 ____A (IDT, Inc.) C:\Windows\sttray64.exe
2012-04-11 13:28 - 2012-04-11 13:31 - 0564224 ____A (IDT, Inc.) C:\Windows\System32\idt64mp1.exe
2012-04-11 13:28 - 2012-04-11 13:31 - 0003774 ____A C:\Windows\System32\bltinmic.ico
2012-04-11 13:28 - 2012-04-11 13:31 - 0003774 ____A C:\Windows\System32\2hps.ico
2012-04-11 13:28 - 2012-04-11 13:30 - 1966080 ____A (IDT, Inc.) C:\Windows\System32\stapo64.dll
2012-04-11 13:28 - 2012-04-11 13:30 - 0655872 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2012-04-11 13:28 - 2012-04-11 13:30 - 0535040 ____A (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2012-04-11 13:28 - 2012-04-11 13:30 - 0446464 ____A (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2012-04-11 13:28 - 2012-04-11 13:30 - 0251392 ____A (IDT, Inc.) C:\Windows\System32\staco64.dll
2012-04-11 13:28 - 2011-02-20 01:37 - 6012416 ____A (IDT, Inc.) C:\Windows\System32\IDTNGUI.exe
2012-04-11 13:28 - 2011-02-20 01:37 - 5077504 ____A (IDT, Inc.) C:\Windows\System32\IDTNHP.dll
2012-04-11 13:28 - 2011-02-20 01:37 - 1041920 ____A (IDT, Inc.) C:\Windows\System32\IDTNX.dll
2012-04-11 13:28 - 2011-02-20 01:37 - 0233472 ____A (IDT, Inc.) C:\Windows\System32\IDTNJ.exe
2012-04-11 13:28 - 2011-02-20 01:37 - 0017454 ____A C:\Windows\System32\nbspkrs.ico
2012-04-11 13:24 - 2012-04-11 13:24 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Christian\Desktop\tdsskiller.exe
2012-04-10 22:21 - 2012-04-10 22:21 - 0007057 ____A C:\Users\Christian\Desktop\Attach.txt
2012-04-10 22:15 - 2012-04-10 22:15 - 0607260 ____R (Swearware) C:\Users\Christian\Downloads\dds(1).scr
2012-04-10 20:43 - 2011-04-27 17:42 - 0000342 ____A C:\Windows\Tasks\HPCeeScheduleForAPRIL-HP$.job
2012-04-10 10:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-08 14:57 - 2011-04-26 06:43 - 0000174 ___SH C:\Users\April\Start Menu\Programs\Startup\desktop.ini
2012-04-08 14:57 - 2011-04-26 06:43 - 0000174 ___SH C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-07 16:36 - 2011-10-08 15:22 - 0000000 ____D C:\Users\Christian\AppData\Local\CrashDumps
2012-04-06 21:07 - 2012-04-06 21:07 - 1471592 ____A (NCH Software) C:\Users\Christian\Downloads\debutsetup.exe
2012-04-06 21:07 - 2012-04-06 21:07 - 0001110 ____A C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2012-04-06 21:07 - 2011-08-11 11:45 - 0000000 ____D C:\Users\Christian\AppData\Roaming\NCH Software
2012-04-06 21:07 - 2011-08-11 11:45 - 0000000 ____D C:\Users\All Users\NCH Software
2012-04-06 21:07 - 2011-08-11 11:45 - 0000000 ____D C:\ProgramData\NCH Software
2012-04-06 21:07 - 2011-08-11 11:45 - 0000000 ____D C:\Program Files (x86)\NCH Software
2012-04-05 20:26 - 2012-04-05 20:26 - 0011474 ____A C:\Users\Christian\Downloads\[Demonoid.me]-The_Avengers_005_(2010)_(c2c)(Legion_of_Danger_CPS)_8983040.3818.torrent
2012-04-05 20:22 - 2012-04-05 20:22 - 0007977 ____A C:\Users\Christian\Downloads\[[Demonoid.me]]-Fear_Itself_Uncanny_X_Men_540_(2011)_(c2c)_(DangerAngel_CPS)__8983040.3818.torrent
2012-04-04 20:49 - 2012-04-04 19:56 - 0000000 ____D C:\Users\Christian\Downloads\Fear Itself - Marvel 2011
2012-04-04 20:20 - 2012-04-04 19:23 - 34869303 ____A C:\Users\Christian\Downloads\Uncanny X-Men 533 (2011) (Minutemen-Meganubis).cbr
2012-04-04 20:18 - 2012-04-04 19:24 - 29078321 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_532_(2011)_(Minutemen-Meganubis).cbr
2012-04-04 20:09 - 2012-04-04 19:21 - 41507955 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_534__2011___c2c___DangerAngel-CPS_.cbr
2012-04-04 20:02 - 2012-04-04 19:50 - 29222628 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_538__2011___c2c___MegaDanger_MM-CPS_.cbr
2012-04-04 19:55 - 2012-04-04 19:19 - 18466841 ____A C:\Users\Christian\Downloads\Uncanny X-Men 534.1 (2011) (noads) (LegionWezz-CPS-DCP).cbr
2012-04-04 19:51 - 2012-04-04 19:22 - 24516145 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_537__2011___c2c___DangerAngel-DCP_.cbr
2012-04-04 19:48 - 2012-04-04 19:23 - 26187105 ____A C:\Users\Christian\Downloads\Uncanny X-Men 536 (2011) (c2c) (DangerAngel-CPS).cbr
2012-04-04 19:41 - 2012-04-04 19:22 - 23831422 ____A C:\Users\Christian\Downloads\Uncanny X-Men 535 (2011) (c2c) (Archangel-CPS).cbr
2012-04-04 19:22 - 2012-04-04 19:18 - 29695598 ____A C:\Users\Christian\Downloads\Uncanny X-Men 539 (2011) (c2c) (DangerAngel-CPS).cbr
2012-04-04 19:19 - 2012-04-04 19:16 - 24149672 ____A C:\Users\Christian\Downloads\Uncanny_X-Men_531_2011.cbr
2012-04-04 19:18 - 2012-04-04 19:18 - 0009397 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___538.6474127.TPB.torrent
2012-04-04 19:18 - 2012-04-04 19:18 - 0008475 ____A C:\Users\Christian\Downloads\UNCANNY_X_-_MEN___536.6353449.TPB.torrent
2012-04-04 19:18 - 2012-04-04 19:18 - 0007975 ____A C:\Users\Christian\Downloads\UNCANNY_X_-_MEN___537.6424757.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0013230 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___534.6271030.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0011128 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___533.6199836.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0009347 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___532.6132203.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0007827 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___535.6329834.TPB.torrent
2012-04-04 19:17 - 2012-04-04 19:17 - 0006196 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___534.1.6300512.TPB.torrent
2012-04-04 19:16 - 2012-04-04 19:16 - 0007870 ____A C:\Users\Christian\Downloads\UNCANNY_X-MEN___531.6065495.TPB.torrent
2012-04-04 19:04 - 2012-04-04 19:04 - 1158444 ____A C:\Users\Christian\Downloads\setup.zip
2012-04-04 19:04 - 2012-04-04 19:04 - 0000943 ____A C:\Users\Christian\Desktop\CDisplay.lnk
2012-04-04 19:04 - 2012-04-04 19:04 - 0000943 ____A C:\Users\April\Desktop\CDisplay.lnk
2012-04-04 19:04 - 2012-04-04 19:04 - 0000000 ____D C:\Users\Christian\Downloads\setup
2012-04-04 19:04 - 2012-04-04 19:04 - 0000000 ____D C:\Program Files (x86)\CDisplay
2012-04-04 18:22 - 2012-04-04 18:22 - 0239239 ____A C:\Users\Christian\Desktop\tumblr_m1zib9XrbN1qfjt2j.jpg
2012-04-04 18:01 - 2011-04-26 06:43 - 0002480 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-04-04 18:01 - 2011-02-20 01:50 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-02 18:51 - 2012-04-02 18:50 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-04-02 18:50 - 2012-04-02 18:50 - 0193198 ____A C:\Users\Christian\Downloads\Men_In_Black_-_Complete_Series.exe
2012-04-02 18:50 - 2012-04-02 18:50 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-31 16:17 - 2012-03-31 16:17 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 16:17 - 2012-03-31 16:17 - 0000000 ____D C:\Program Files\iPod
2012-03-31 16:17 - 2012-03-31 16:16 - 0000000 ____D C:\Program Files\iTunes
2012-03-31 16:17 - 2012-03-11 19:24 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-25 23:32 - 2012-03-25 23:30 - 0000000 ____D C:\Users\Christian\Downloads\Lil B - God s Father - HotNewHipHop
2012-03-22 18:34 - 2012-03-22 18:32 - 175256268 ____A C:\Users\Christian\Downloads\Lil B - God s Father - HotNewHipHop.zip
2012-03-22 15:25 - 2011-07-14 13:15 - 0000000 ____D C:\Users\Christian\Desktop\Reason 5
2012-03-22 14:45 - 2012-03-22 14:38 - 48682316 ____A C:\Users\Christian\Desktop\02-Capricorn.wav
2012-03-22 14:43 - 2011-07-14 13:35 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Audacity
2012-03-20 21:08 - 2011-10-28 10:52 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2012-03-20 19:30 - 2011-10-28 10:51 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-20 19:30 - 2011-10-28 10:51 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-20 19:30 - 2011-10-28 10:51 - 0000000 ____D C:\Users\All Users\Skype
2012-03-20 19:30 - 2011-10-28 10:51 - 0000000 ____D C:\ProgramData\Skype
2012-03-20 14:36 - 2012-03-20 14:36 - 0000000 ____D C:\Users\Christian\Downloads\Vol 2
2012-03-19 17:03 - 2012-03-19 17:01 - 109704031 ____A C:\Users\Christian\Downloads\Vol 2.zip
2012-03-14 15:44 - 2012-03-14 15:37 - 52895310 ____A C:\Users\Christian\Downloads\Ron_Contour_and_The_Vancouver_Islands-Longmile_Buggedness-2011-FTD.rar
2012-03-14 07:52 - 2009-07-13 20:45 - 0276072 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-11 20:13 - 2012-03-11 20:13 - 0000000 ____D C:\Users\All Users\Synaptics
2012-03-11 20:13 - 2012-03-11 20:13 - 0000000 ____D C:\ProgramData\Synaptics
2012-03-11 19:57 - 2012-03-11 19:57 - 0565352 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-03-11 19:57 - 2012-03-11 19:57 - 0074272 ____A C:\Windows\System32\RtNicProp64.dll
2012-03-11 19:57 - 2012-03-11 19:56 - 0001414 ____A C:\Windows\Synaptics.log
2012-03-11 19:57 - 2011-02-20 01:37 - 0107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-03-11 19:57 - 2011-02-20 01:36 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-11 19:57 - 2011-02-20 01:34 - 0015842 ____A C:\Windows\DPINST.LOG
2012-03-11 19:55 - 2012-03-11 19:56 - 1451056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2012-03-11 19:55 - 2012-03-11 19:56 - 0276264 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2012-03-11 19:55 - 2012-03-11 19:56 - 0226600 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2012-03-11 19:55 - 2012-03-11 19:56 - 0222504 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2012-03-11 19:55 - 2012-03-11 19:56 - 0177448 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2012-03-11 19:55 - 2012-03-11 19:56 - 0148264 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll
2012-03-11 19:55 - 2012-03-11 19:56 - 0107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2012-03-11 19:55 - 2012-03-11 19:56 - 0066856 ____A C:\Windows\SysWOW64\SynTPEnhPS.dll
2012-03-11 19:55 - 2010-12-16 18:26 - 0411944 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2012-03-11 19:54 - 2011-02-20 01:34 - 0000000 ____D C:\Program Files (x86)\Intel
2012-03-11 19:54 - 2011-01-09 02:00 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-11 19:20 - 2012-03-11 19:20 - 0001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-03-11 19:20 - 2012-03-11 19:20 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-05 22:43 - 2012-04-15 23:01 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-15 23:01 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-15 23:01 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:54 - 2012-04-15 23:00 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-15 23:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-15 23:00 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-15 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-15 23:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-15 23:00 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-15 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 15:12 - 2011-11-07 21:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-28 01:55 - 2012-01-03 20:19 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-27 23:34 - 2012-04-15 23:01 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-15 23:01 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-15 23:01 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-15 23:01 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-15 23:01 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-15 23:01 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-15 23:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-15 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-15 23:01 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-15 23:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:43 - 2012-04-15 23:01 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:42 - 2012-04-15 23:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-15 23:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 22:06 - 2012-02-27 22:06 - 4067544 ____A C:\Users\Christian\Downloads\Chip Tha Ripper Gloryus Feat Kid Cudi - HotNewHipHop.mp3
2012-02-27 22:05 - 2012-02-27 22:05 - 9976664 ____A C:\Users\Christian\Downloads\Kid Cudi- Dose of Dopeness (Produced by Dot Da Genius) - HotNewHipHop(1).mp3
2012-02-27 21:51 - 2012-02-27 21:51 - 0018586 ____A C:\Users\Christian\Downloads\++Demonoid.me++-WZRD_(Kid_Cudi_Dot_Da_Genius)_WZRD_(2012)_(320_kbps)_8983040.3818.torrent
2012-02-27 17:52 - 2012-04-15 23:01 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-15 23:01 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-15 23:01 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-15 23:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-15 23:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-15 23:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-15 23:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-15 23:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-15 23:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-15 23:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-15 23:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-15 23:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-15 23:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 16:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-02-23 16:21 - 2012-02-23 16:21 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-02-23 16:19 - 2012-02-23 16:19 - 0000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-23 16:19 - 2012-02-23 16:19 - 0000000 ____D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-23 10:56 - 2012-02-23 10:56 - 0013758 ____A C:\Users\Christian\Downloads\Tyga_Careless_World_(Deluxe_Edition)_2012_CR-_Demonoid.me_-_8983040.3818.torrent
2012-02-20 12:40 - 2012-02-20 12:40 - 9976664 ____A C:\Users\Christian\Downloads\Kid Cudi- Dose of Dopeness (Produced by Dot Da Genius) - HotNewHipHop.mp3
2012-02-19 02:02 - 2012-02-19 02:02 - 0000000 ____D C:\Users\Christian\Documents\Blio
2012-02-19 02:02 - 2012-02-19 02:01 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Blio
2012-02-18 23:16 - 2012-02-06 19:46 - 0001856 ____A C:\Users\Christian\Desktop\Capture_20120206 - Shortcut.lnk
2012-02-18 23:16 - 2012-02-05 19:26 - 0001856 ____A C:\Users\Christian\Desktop\Capture_20120205 - Shortcut.lnk
2012-02-16 15:07 - 2011-01-09 01:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 18:36 - 2012-02-15 18:36 - 0001164 ____A C:\Users\Christian\Desktop\inzekwind.txt
2012-02-15 18:18 - 2012-02-15 18:18 - 0001299 ____A C:\Users\Christian\Desktop\inzektors.txt
2012-02-15 07:01 - 2012-02-15 07:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 07:01 - 2012-02-15 07:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-15 00:24 - 2011-06-23 18:35 - 0000174 ___SH C:\Users\Christian\Start Menu\Programs\Startup\desktop.ini
2012-02-15 00:24 - 2011-06-23 18:35 - 0000174 ___SH C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:27 - 2012-03-13 17:54 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 17:54 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 17:54 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 17:54 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-11 22:26 - 2012-02-11 22:25 - 6500352 ____A C:\Users\Christian\Downloads\02_super_mario_world.mp3
2012-02-11 22:24 - 2012-02-11 22:24 - 1274595 ____A C:\Users\Christian\Downloads\44_-_title.mp3
2012-02-11 21:35 - 2012-02-11 21:21 - 815668730 ____A C:\Users\Christian\Downloads\Dolo Beats Soundkit 2011.zip
2012-02-10 19:28 - 2012-02-10 19:28 - 3524467 ____A C:\Users\Christian\Downloads\blade-brown-dance-class-act_o_GIFSoup.com.gif
2012-02-10 18:59 - 2012-02-10 18:59 - 3101126 ____A C:\Users\Christian\Downloads\Yuna - Live Your Life.mp3
2012-02-09 22:18 - 2012-03-13 17:54 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 17:54 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 17:54 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 17:54 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 17:54 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 17:54 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 17:54 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 17:54 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 17:54 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 17:54 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-09 01:02 - 2012-02-09 01:02 - 0000000 ____D C:\Users\Christian\AppData\Roaming\dvdcss
2012-02-08 17:45 - 2012-02-08 17:44 - 0000000 ____D C:\Users\Christian\AppData\Local\Facebook
2012-02-08 17:44 - 2012-02-08 17:44 - 0493520 ____A (Facebook Inc.) C:\Users\Christian\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-02-07 16:26 - 2012-02-07 16:23 - 6304009 ____A C:\Users\Christian\Downloads\Lil_B_-_Cocaine_Digitaldripped.com.mp3
2012-02-06 19:54 - 2012-02-06 19:54 - 0000000 ____D C:\Users\Christian\AppData\Local\{143AE85A-21D7-449E-A315-F87C19E29BB7}
2012-02-06 19:54 - 2011-10-30 10:36 - 0000000 ____D C:\Users\Christian\AppData\Local\Windows Live
2012-02-06 19:53 - 2012-02-06 19:52 - 0000000 ____D C:\Users\Christian\AppData\Local\{59B673F4-0CDE-432D-A3A2-6DB3C30FF49B}
2012-02-06 19:37 - 2012-02-06 19:36 - 0000000 ____D C:\Users\Christian\AppData\Local\{E180D1E1-00C6-45F0-995E-44AE831BDB3B}
2012-02-06 12:47 - 2012-02-06 12:47 - 2297628 ____A C:\Users\Christian\Downloads\19-50 Cent - Emotional.mp3
2012-02-05 16:48 - 2012-02-05 16:44 - 140542336 ____A ( ) C:\Users\Christian\Downloads\HP-CNB.3922_HP15C11_YUC110512-01_Normal.exe
2012-02-05 15:11 - 2012-02-05 15:11 - 5563951 ____A C:\Users\Christian\Downloads\05-twista-lavish_(feat._pharell).mp3
2012-02-04 15:36 - 2009-07-13 21:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-03 08:40 - 2012-02-03 08:40 - 8347294 ____A C:\Users\Christian\Downloads\Know_Why_(Mastered).mp3
2012-02-02 20:16 - 2012-03-13 17:54 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 12:28 - 2012-02-02 12:28 - 0011824 ____A C:\Users\Christian\Downloads\x-Demonoid.me-x_ASAP_Rocky_LiveLoveA_AP_8983040.3818.torrent
2012-02-02 12:27 - 2012-02-02 12:27 - 0011824 ____A C:\Users\Christian\Downloads\((Demonoid.me))-ASAP_Rocky_LiveLoveA_AP_8983040.3818.torrent
2012-02-02 12:04 - 2012-02-02 12:02 - 72598446 ____A C:\Users\Christian\Downloads\Cris Cab - Echo Boom (2012).zip
2012-02-01 18:50 - 2012-02-01 18:49 - 88364298 ____A C:\Users\Christian\Downloads\Lil B White Flame - HotNewHipHop.zip
2012-01-30 14:44 - 2012-01-30 14:44 - 5068475 ____A C:\Users\Christian\Downloads\Lil+B+-+B.O.R.+(Birth+of+Rap)_Digitaldripped.com.mp3
2012-01-30 14:19 - 2012-01-30 14:19 - 6430010 ____A C:\Users\Christian\Desktop\09 Just for Now.m4a
2012-01-30 01:20 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-01-30 01:19 - 2012-01-26 16:44 - 0000000 ____D C:\Users\Christian\AppData\Local\SanctionedMedia
2012-01-30 01:19 - 2011-11-07 20:26 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-01-30 01:19 - 2011-11-07 20:26 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-01-30 01:19 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-01-30 01:18 - 2011-06-22 10:41 - 0000000 ____D C:\Users\Public\CyberLink
2012-01-30 01:18 - 2011-04-26 18:33 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-30 01:18 - 2011-04-26 18:33 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-30 01:10 - 2012-01-26 16:45 - 0000000 ____D C:\Users\Christian\AppData\Roaming\1EA2C
2012-01-30 01:10 - 2012-01-26 16:44 - 0000000 ____D C:\Users\Christian\AppData\Roaming\86F1E
2012-01-27 17:40 - 2012-01-27 17:40 - 0075147 ____A C:\Users\April\Downloads\TaxReturn(1).pdf
2012-01-27 17:38 - 2012-01-27 17:38 - 0073153 ____A C:\Users\April\Downloads\TaxReturn.pdf
2012-01-24 22:27 - 2012-03-13 17:54 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 17:54 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 17:54 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3183.6 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3169.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:450.82 GB) (Free:354.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:844.27 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 450 GB 200 MB
Partition 3 Primary 14 GB 451 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 450 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FreeAgent G NTFS Partition 931 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-08 23:31

======================= End Of Log ==========================

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:54 PM

Posted 24 April 2012 - 12:41 AM

Hi!

Im going to try it again but in the mean time can you tell me if this laptop has been hacked or anything? because Ive seen music downloaded into itunes of a song which I never paid for and a notice of a movie that was supposedly downloaded which I never did.

Yes, this infection does have the potential to gain access to your login information. If you haven't done so already, I'd change your passwords on another computer that you know to be clean.

I provided you with the following warning in my first response to you:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



P2P Warning!

uTorrent

I understand that downloading music and other files may be important to you; however, the P2P programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., copyrighted material, pirated software, and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

An often unanticipated and unintended consequence of using p2p programs is that you may be leaving your computer open to access by others without either your knowledge or consent. This is how you can uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    uTorrent

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

If you wish to keep them, you MUST NOT use them until your computer is clean.


NEXT:


Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
2012-02-15 00:24 - 2011-06-23 18:35 - 0000174 ___SH C:\Users\Christian\Start Menu\Programs\Startup\desktop.ini
2012-02-15 00:24 - 2011-06-23 18:35 - 0000174 ___SH C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-30 01:10 - 2012-01-26 16:45 - 0000000 ____D C:\Users\Christian\AppData\Roaming\1EA2C
2012-01-30 01:10 - 2012-01-26 16:44 - 0000000 ____D C:\Users\Christian\AppData\Roaming\86F1E

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:


After running the above fix, please boot back up into Normal mode, and run a new scan with ComboFix again. It will most likely prompt you to update your copy to the latest version, please allow it to do so.

Let me know how the above goes.

~ST.

Edited by SweetTech, 24 April 2012 - 12:45 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 25 April 2012 - 02:17 PM

Just so I'm right am I running Frst64 through the command prompt again when I go to system recovery options?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users