Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Issue


  • This topic is locked This topic is locked
17 replies to this topic

#1 Daanmakus

Daanmakus

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 21 June 2012 - 06:58 AM

Hi,

I am posting here because someone already tried to help me but I still have this issue.

Basically when I open google chrome and search (a variety of sites) in this case Aion (a game I play) and click on the website I get redirected to this site that says Partner19.mydomainadvisor.com.

I just tried searching and I got to my website so I am not sure anymore because it does not happen all the time but it always seems to come back.

BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 21 June 2012 - 01:40 PM

Hi Daanmakus,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 21 June 2012 - 01:50 PM

Hi Daanmakus,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Basically when I open google chrome and search (a variety of sites) in this case Aion (a game I play) and click on the website I get redirected to this site that says Partner19.mydomainadvisor.com.

Do you have the same redirects when surfing with Internet Explorer or Firefox?
I would like you follow the next steps to get an overview from your machine. Thank you. :)





Step 1
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized





Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Step 3
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Step 4
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Close to close the tool.
    Note: We don't want to fix anything here, but just get an overview of your computer!
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.





What you should post with your next answer:
  • both logfiles from OTL,
  • the logfile from aswMBR,
  • the logfile from TDSS Killer,
  • an answer to my questions and any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#4 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 21 June 2012 - 06:25 PM

Hi,

Thanks for trying to help. Yes I do get redirected when using internet explorer and I tried Mozilla as well.



extra log


OTL Extras logfile created on: 21/06/2012 5:10:09 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.28% Memory free
15.96 Gb Paging File | 14.01 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 255.60 Gb Free Space | 68.61% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 435.57 Gb Free Space | 46.76% Space Free | Partition Type: NTFS
Drive F: | 7.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7AEEF9-B1A9-4DAE-82AB-9B88EC17F4D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EBF60CD-D9D2-42AF-BE77-2ACCA5C1A2DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{223139E1-C0CE-430B-A5E0-B607C2934BF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A9EF909-E732-48DB-ABFD-927C0EB72B69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B0B6142-C147-4478-A88C-E3FC4D3AD49F}" = lport=137 | protocol=17 | dir=in | app=system |
"{4D2DF68C-1557-4E7D-BD2E-E8883A041F0D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5329DEB8-9B63-4BBB-AEF8-18A42A6475A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{541BEF14-0E36-4514-B64A-4B817CB857D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{634A3AAF-9B94-438D-B81C-C33149795935}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D2D409C-791D-4C0B-B5FD-279BBDEEBD04}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F25E5A3-0E1C-44F4-8FB2-02533A94EFA9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92309E1B-4305-4689-8465-90DA3566BC8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97A621EE-503D-413C-95BD-356431FA545E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A797AB5A-27D6-474C-95BC-0C289944A8E3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AB990229-671D-47AF-A3F3-675F4B6F3C3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFC25DDE-FE73-4058-B68F-7AE8D0FF1F7D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C65635C8-3265-4502-A407-8CB6E2F692C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C67EF58F-2AF7-4C88-BA82-57FB539FF19C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C697C2B5-A1A1-4FB8-AB43-4D928B468B98}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CD5C9747-5C16-4AC0-9866-F36E5712CA46}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2F5DE8A-6F13-4C22-8361-3079496CBE38}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DEE7A1A6-4486-457C-879E-9188A752AAA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{E7CC90C6-32F1-4266-9686-06E90FF427D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3B4CB0E-616F-4410-B263-90037F390BCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAF275ED-9CC0-40AA-81E4-B458F2F587E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FB512FC9-3890-429E-B0A6-DFDC743EC78B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028DD6F1-5D41-4769-A59F-40BDC44595E7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{06B31D7A-B13D-41BA-A90D-F4F665E9FC55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09F4D592-E7F4-44EE-9658-97BB25FF4A4B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0B438EA0-0CC4-4A28-B38A-9ED7A26B201F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10754835-8F34-4055-A588-29C550E3DE99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{122EAFE9-9293-4B2D-B6F6-FB43D0D18354}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{15DDC375-EAF0-44B8-B717-6CAD7FB48E83}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresultstb\dtuser.exe |
"{1642A445-7E0A-45EE-AADE-91B754980D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{167EBF7B-7830-4848-8749-6CE7601730CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1AFB71AF-C351-47C1-9B37-802582C0B848}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{1D5DB57F-E029-49F0-872A-551037A3F1F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2046B579-1DD6-410C-B92E-B78C2E1B6D14}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{23C8DF86-33AA-4D09-85CB-121BDC7A0EB5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{26D1CD04-0468-4FEA-BFBE-730A6244244A}" = protocol=17 | dir=in | app=c:\program files (x86)\facesmoochtb\dtuser.exe |
"{286FAEF2-32A9-4FEC-813D-B2D9259B7767}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{298EEE54-8FD9-4ABD-97BD-6245FEE2F346}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F7724B6-EDE0-4FE8-837F-1B7C6194CCF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33DEA476-B7B0-4E85-B055-E42D175495F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34260573-2F63-471A-9D2B-BB7450F4342D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{36CA2F52-B168-4B42-92CE-64233920049E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3D3FF9C0-B2E1-49F6-9003-265DDDFB44EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{403E3E4C-FF90-4A21-A15D-0283724E9120}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43F978FE-B8F4-4717-81F5-A0FE6664B867}" = protocol=6 | dir=out | app=system |
"{451AA683-3047-467C-8A4E-1C57F2DEDB71}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresultstb\dtuser.exe |
"{4A4C32E4-9E1E-4C2A-95E9-BADCD8F52D80}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AC4131A-A33E-4F8F-8F47-42AEC6B53530}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4B4CED1A-9471-4CD8-91C9-088C892082B8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{4E685625-4133-4470-BF0C-DCF51BB6EAC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{59438183-48A2-4C38-8DC4-91F0C9E6772A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62027C6B-901E-4B59-97BE-4052B3E80944}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6492CFC7-8B29-4D05-BA17-227C4B9EE064}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6BDED089-1E92-4A1A-BA42-E5B2F4C42273}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7BA9C1C8-830D-4461-B6E0-F5E7D0FC6E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7E0EBB3E-9A3E-43FD-BE32-C1AA10AE9646}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7E590BC0-F58E-4CA5-A785-3D83769060BF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{7EE86563-AA90-42E4-8ADA-82F70D135BED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82CD0824-41E4-4961-9837-74B4E792EF1F}" = dir=in | app=c:\program files (x86)\finaltorrent\finaltorrent.exe |
"{85FE071A-C89F-4A22-97BF-B8DA232694A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96F9924F-85F5-4C28-82F3-92FD99A18D60}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A066D4B3-811F-4FCC-A2E4-7F0FEE813118}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A0957D5F-2A0C-4BEA-9661-4D442D4E40B4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{A4249B9B-CCEA-4BA7-B1D8-934366337FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A68E9BF8-A1C6-48FA-BD9B-86DE672CD767}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B30FC7AB-3354-41BB-9707-EF67DD51BD09}" = protocol=6 | dir=in | app=c:\program files (x86)\facesmoochtb\dtuser.exe |
"{C68CFE55-F560-4A60-A795-2D4838AB4485}" = protocol=6 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"{D8D323D4-7BFF-4FCD-A5A2-3EDFF3FC9B59}" = protocol=17 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"{D8DAB0EB-7DD3-44F4-9934-3C125515C91E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{DA17BA90-8F82-4222-ADBD-BB839F779E3A}" = dir=in | app=c:\program files (x86)\finaltorrent\ftcheckforupdates.exe |
"{DA9299DD-4694-4424-9344-DA938F78D04C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1832D1E-82CF-4DAE-AB26-1AACF8763B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{E6A8A04A-C4CD-439D-8FB0-CAB9A134DD01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EABDE232-5E81-422D-BF11-8624C0A1D519}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF1AB026-920B-4649-8369-CA24F4CFF4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F0749FD5-D0C8-4320-9134-0046C26EC338}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F3CF2384-862B-4FE6-BB85-1E965946AB4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{07FBA0BD-5997-4B47-94F7-9BE5F1D3B33B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{0EAC15CB-705B-418E-A74B-D022801AE7C7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{30087B67-3ECE-4C19-BD7F-9F6DB390E4DA}C:\users\andrew\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\andrew\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{946E40B2-6A0F-4E52-999E-8949FAAE5F3B}C:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{ECEE716B-9D9A-4DD3-9C08-9B0CA3999107}C:\program files (x86)\ncsoft\lineage ii\system\l2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\ncsoft\lineage ii\system\l2.bin |
"UDP Query User{011AD22D-9229-4D6C-AA59-F8AE908C2914}C:\users\andrew\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\andrew\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{7BE5BDE9-81A9-4568-B802-2B418ED65442}C:\program files (x86)\ncsoft\lineage ii\system\l2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\ncsoft\lineage ii\system\l2.bin |
"UDP Query User{9805B9B8-436B-4438-A539-C65786E2264D}C:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A2D9FCAC-B91F-412A-B78D-C8961EC1F74E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D78DC3BB-7125-4735-B340-275218F48C8B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java™ 6 Update 23 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"12F527950110F3A0ED9D3C7345CA709A850925DE" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (07/07/2011 1.2.24.0)
"2A4E9D6EC744A01BCB9400D5787DE45123764DE8" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/18/2011 6.0.1.6482)
"88CB7AA478955801F99FBF6D2BCF739BEB87A7F3" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"C1C79A197796B6CF3EA8F97EFEDA849F2DE0B52C" = Windows Driver Package - NVIDIA (nvlddmkm) Display (05/15/2012 8.17.13.0142)
"E855F98789D51B470CD6AA7B23BC1768738E0811" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (08/30/2011 6.0.1.6449)
"EBDCDAEB98C3CEE4C1FE2250AF5C64880A0E8D87" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/25/2011 6.0.1.6299)
"ECAE5096C8C4FF3AFC4A8C37A2A64C64B3AEB695" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/18/2012 1.3.16.0)
"FA4601809F7D1B1385FEB4BE26FF5ECD1D44149F" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/13/2011 6.0.1.6526)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROSetDX" = Intel® Network Connections 15.7.176.0
"SMBus" = Intel® SMBus

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216010F0}" = Java™ 6 Update 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass« Client
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6266D258-41E8-40B6-BD72-872786DDE36E}" = Intel® Desktop Utilities
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68952AED-F3C8-83FE-928E-3336D8CFCC65}" = Picaboo X
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Browser Defender_is1" = Browser Guard 4.0
"CA PC Tune-Up_is1" = CA PC Tune-Up 3.0.0.2
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"ESET Online Scanner" = ESET Online Scanner v3
"FinalTorrent_is1" = FinalTorrent 2011
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6266D258-41E8-40B6-BD72-872786DDE36E}" = Intel® Desktop Utilities
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MP3 Rocket" = MP3 Rocket
"MP3Rocket FileBulldog Toolbar" = MP3Rocket FileBulldog Toolbar
"MUSHclient" = MUSHclient (remove only)
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"searchresultstb" = Search-Results Toolbar
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus
"Trusted Software Assistant_is1" = File Type Assistant
"ULTIMATER" = Microsoft Office Ultimate 2007
"VTechDownloadManager" = Learning Lodge Navigator
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"NCsoft-Aion" = Aion
"NCsoft-Lineage2" = Lineage II

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/06/2012 4:34:04 PM | Computer Name = Andrew-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.149:5353 16 Andrew-PC.local.
AAAA FE80:0000:0000:0000:F045:2C4F:9C5A:6726

Error - 20/06/2012 4:34:04 PM | Computer Name = Andrew-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Andrew-PC.local.
AAAA FE80:0000:0000:0000:1D95:C6A0:0806:144B

Error - 20/06/2012 4:34:04 PM | Computer Name = Andrew-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Andrew-PC.local already in use; will try Andrew-PC-2.local
instead

Error - 20/06/2012 5:31:31 PM | Computer Name = Andrew-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Andrew\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 20/06/2012 5:34:16 PM | Computer Name = Andrew-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.149:5353 4 Andrew-PC.local.
Addr 192.168.2.149

Error - 20/06/2012 5:34:16 PM | Computer Name = Andrew-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Andrew-PC.local.
Addr 192.168.2.85

Error - 20/06/2012 5:34:16 PM | Computer Name = Andrew-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Andrew-PC.local already in use; will try Andrew-PC-2.local
instead

Error - 20/06/2012 7:51:11 PM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iptray.exe, version: 3.1.2.22, time stamp:
0x2a425e19 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000028 Fault offset: 0x0009087d Faulting process id:
0x95c Faulting application start time: 0x01cd4f2c7448c0aa Faulting application path:
C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: cf98cdf6-bb32-11e1-82cf-7071bcdcd885

Error - 20/06/2012 10:41:03 PM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iptray.exe, version: 3.1.2.22, time stamp:
0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0x00000000 Fault offset: 0x00000000 Faulting process id: 0xe30 Faulting application
start time: 0x01cd4f5394ed9e9c Faulting application path: C:\Program Files (x86)\Intel\Intel
Desktop Utilities\iptray.exe Faulting module path: unknown Report Id: 8a919a73-bb4a-11e1-9838-7071bcdcd885

Error - 20/06/2012 10:42:29 PM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iptray.exe, version: 3.1.2.22, time stamp:
0x2a425e19 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0004195b Faulting process id:
0xe30 Faulting application start time: 0x01cd4f5394ed9e9c Faulting application path:
C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: bdab19de-bb4a-11e1-9838-7071bcdcd885

[ System Events ]
Error - 21/07/2011 3:17:31 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%1747

Error - 06/08/2011 1:07:15 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 09/08/2011 11:40:53 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:40:03 PM on ?09/?08/?2011 was unexpected.

Error - 09/08/2011 11:44:07 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:42:42 PM on ?09/?08/?2011 was unexpected.

Error - 14/08/2011 5:45:29 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:43:20 PM on ?14/?08/?2011 was unexpected.

Error - 24/08/2011 9:31:17 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:29:53 PM on ?24/?08/?2011 was unexpected.

Error - 25/08/2011 7:49:59 AM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:32:06 PM on ?24/?08/?2011 was unexpected.

Error - 01/09/2011 8:41:58 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description = The Bandoo Coordinator service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 03/09/2011 11:02:21 AM | Computer Name = Andrew-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based
Systems.

Error - 06/09/2011 10:06:19 PM | Computer Name = Andrew-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based
Systems.


< End of report >

OTL report
OTL logfile created on: 21/06/2012 5:10:09 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.28% Memory free
15.96 Gb Paging File | 14.01 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 255.60 Gb Free Space | 68.61% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 435.57 Gb Free Space | 46.76% Space Free | Partition Type: NTFS
Drive F: | 7.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 17:09:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
PRC - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/16 19:51:06 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\Andrew\Forefront UAG Remote Access Agent\wwwmyhdsbca\uag1\uagqecsvc.exe
PRC - [2011/06/14 14:22:00 | 000,231,592 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe
PRC - [2011/05/13 05:41:45 | 000,326,560 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2010/12/15 22:26:12 | 000,131,272 | ---- | M] (Intel® Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2007/12/12 12:58:30 | 000,163,840 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\n52te\razerhid.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:34:33 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/06/14 03:30:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:30:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/10 03:35:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/10 03:33:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:33:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 03:33:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:33:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:33:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:33:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/13 05:41:45 | 000,326,560 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/02 00:38:06 | 009,837,568 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/25 22:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/11 10:07:14 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/16 19:51:06 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\Andrew\Forefront UAG Remote Access Agent\wwwmyhdsbca\uag1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2011/03/28 15:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/12/15 22:26:12 | 000,131,272 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel®
SRV - [2010/12/15 22:25:42 | 000,057,344 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe -- (Intel® Desktop Boards FSC Application Service) Intel®
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/29 13:56:22 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\CA\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/05/11 10:07:16 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2012/05/11 10:07:16 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2012/05/08 18:21:48 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/04/18 14:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/14 16:37:45 | 000,017,176 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\osaio.sys -- (osaio)
DRV:64bit: - [2010/12/15 22:25:44 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV:64bit: - [2010/11/25 22:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 08:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/17 05:02:24 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/11/11 19:10:50 | 000,048,448 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Capt905c.sys -- (SQTECH905C)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/09/29 02:21:58 | 000,013,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
DRV:64bit: - [2007/09/29 02:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2011/12/19 22:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes,DefaultScope = {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes\{17FF0626-DB34-4E40-8140-AE4C22F1855A}: "URL" = http://igb.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/16 16:26:47 | 000,000,000 | ---D | M]

[2012/04/01 14:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/19 20:28:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll ()
O2 - BHO: (Updater For FaceSmooch Toolbar) - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files (x86)\facesmoochtb\auxi\facesmoochAu.dll (Visicom Media)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search-Results Toolbar) - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} - C:\Program Files (x86)\searchresultstb\searchresultsDx.dll ()
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} - C:\Program Files (x86)\searchresultstb\searchresultsDx.dll ()
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FaceSmooch Toolbar Antiphishing] C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe (Intel® Corporation)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-1593980679-2667034067-426507978-1000..\Run: [PlayNC Launcher] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u10-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (VersionControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58282DAF-6328-4AAE-B8FA-A5971AB4CB06}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66D830F-548E-4CB4-8890-84B525570210}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 22:18:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/20 19:25:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/20 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/20 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/20 16:09:25 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\94157775.sys
[2012/06/19 20:28:43 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/06/19 19:13:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Mozilla
[2012/06/19 19:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/19 19:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/19 19:08:09 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\10246391.sys
[2012/06/19 18:49:20 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/06/19 18:49:20 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/06/19 18:49:20 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/06/19 18:49:20 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/06/19 18:49:20 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/06/19 18:49:20 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/06/19 18:49:20 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/06/19 18:49:19 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/06/19 18:49:19 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/06/19 18:49:19 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/06/19 18:49:19 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/06/19 18:49:19 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/06/19 18:49:19 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/06/19 18:49:19 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/06/19 18:49:19 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/06/19 18:49:19 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/06/19 18:49:19 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/06/19 18:49:18 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/06/19 18:49:18 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/06/19 18:49:18 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/06/19 18:49:18 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/06/19 18:47:01 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/06/19 18:47:01 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/06/19 18:47:01 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/06/19 18:46:14 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/06/19 18:46:14 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/06/19 18:46:14 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/06/19 18:46:14 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/06/19 18:46:14 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/06/19 18:46:10 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/06/19 18:46:10 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2012/06/19 18:46:10 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/06/19 18:46:10 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/06/19 18:46:10 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2012/06/19 18:46:09 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/06/19 18:46:09 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012/06/19 18:46:08 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/06/19 18:46:08 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012/06/19 18:46:08 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/06/19 18:46:08 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/06/19 18:46:08 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/06/19 18:46:08 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012/06/19 18:46:07 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/06/19 18:46:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/06/19 18:46:07 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012/06/19 18:46:07 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/06/19 18:46:06 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/06/19 18:46:04 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/06/19 18:46:04 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012/06/19 18:46:04 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012/06/19 18:46:04 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012/06/19 11:23:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2012/06/18 20:52:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Temp
[2012/06/18 20:52:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/18 20:32:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\SpeedyPC Software
[2012/06/18 20:32:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DriverCure
[2012/06/18 20:32:33 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/06/18 20:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/18 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/06/18 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/06/17 16:02:01 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 16:02:01 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 15:39:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/17 14:56:42 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\37983166.sys
[2012/06/16 16:56:30 | 000,706,776 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/06/16 16:56:30 | 000,065,664 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/06/16 16:56:30 | 000,041,968 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/06/16 16:26:41 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/16 16:26:39 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/16 16:26:39 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/16 16:26:39 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/16 16:26:15 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/16 16:26:15 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/16 16:26:12 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/06/16 16:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/16 16:26:08 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/16 16:21:37 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/16 16:21:37 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/16 16:21:36 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/16 16:21:35 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/16 16:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/14 03:00:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 03:00:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 03:00:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 03:00:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 03:00:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 03:00:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 03:00:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 03:00:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 03:00:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 03:00:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 03:00:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 03:00:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 03:00:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 08:58:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 08:58:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 08:58:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 08:58:29 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 08:58:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 08:58:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 08:58:22 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 08:58:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 08:58:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/01 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Lily and Annie
[2012/06/01 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Aion

========== Files - Modified Within 30 Days ==========

[2012/06/21 17:09:59 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2012/06/21 17:09:40 | 000,001,416 | ---- | M] () -- C:\Users\Andrew\Desktop\OTL - Shortcut.lnk
[2012/06/21 17:06:52 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000UA.job
[2012/06/21 17:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 07:51:58 | 000,025,432 | ---- | M] () -- C:\Users\Andrew\Desktop\DDS.scr
[2012/06/21 07:49:12 | 000,013,160 | ---- | M] () -- C:\Users\Andrew\Desktop\dds - Shortcut.lnk
[2012/06/21 07:41:11 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\defogger_reenable
[2012/06/20 22:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000Core.job
[2012/06/20 22:21:30 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 22:21:30 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 22:18:21 | 000,002,318 | ---- | M] () -- C:\Users\Andrew\Desktop\Google Chrome.lnk
[2012/06/20 22:13:50 | 2131,709,951 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 22:12:28 | 000,001,254 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 19:25:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 16:09:25 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\94157775.sys
[2012/06/19 20:36:42 | 000,013,358 | ---- | M] () -- C:\Users\Andrew\Desktop\tdsskiller - Shortcut.lnk
[2012/06/19 20:36:16 | 000,001,476 | ---- | M] () -- C:\Users\Andrew\Desktop\GooredFix - Shortcut.lnk
[2012/06/19 20:30:40 | 002,098,799 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/19 20:28:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/19 20:27:17 | 000,001,416 | ---- | M] () -- C:\Users\Andrew\Desktop\OTM - Shortcut.lnk
[2012/06/19 19:08:09 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\10246391.sys
[2012/06/18 20:32:49 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/18 20:32:33 | 000,001,195 | ---- | M] () -- C:\Users\Andrew\Desktop\SpeedyPC Pro.lnk
[2012/06/18 20:32:33 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/18 20:32:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/17 16:01:42 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 16:01:42 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 16:01:42 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 16:01:42 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/17 16:01:42 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/17 15:45:45 | 000,737,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 15:45:45 | 000,636,100 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 15:45:45 | 000,113,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/17 14:56:42 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\37983166.sys
[2012/06/16 19:56:32 | 000,001,021 | ---- | M] () -- C:\Users\Andrew\Desktop\Dropbox.lnk
[2012/06/16 16:55:28 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/06/14 03:27:36 | 000,464,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/01 08:20:49 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk

========== Files Created - No Company Name ==========

[2012/06/21 17:09:40 | 000,001,416 | ---- | C] () -- C:\Users\Andrew\Desktop\OTL - Shortcut.lnk
[2012/06/21 07:51:58 | 000,025,432 | ---- | C] () -- C:\Users\Andrew\Desktop\DDS.scr
[2012/06/21 07:49:12 | 000,013,160 | ---- | C] () -- C:\Users\Andrew\Desktop\dds - Shortcut.lnk
[2012/06/21 07:41:11 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\defogger_reenable
[2012/06/20 22:18:20 | 000,002,318 | ---- | C] () -- C:\Users\Andrew\Desktop\Google Chrome.lnk
[2012/06/20 22:17:41 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000UA.job
[2012/06/20 22:17:40 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000Core.job
[2012/06/20 19:25:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/19 20:36:42 | 000,013,358 | ---- | C] () -- C:\Users\Andrew\Desktop\tdsskiller - Shortcut.lnk
[2012/06/19 20:34:49 | 000,001,476 | ---- | C] () -- C:\Users\Andrew\Desktop\GooredFix - Shortcut.lnk
[2012/06/19 20:27:17 | 000,001,416 | ---- | C] () -- C:\Users\Andrew\Desktop\OTM - Shortcut.lnk
[2012/06/19 18:50:38 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/06/19 18:49:20 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/06/19 18:46:08 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/06/18 20:32:49 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/18 20:32:33 | 000,001,195 | ---- | C] () -- C:\Users\Andrew\Desktop\SpeedyPC Pro.lnk
[2012/06/18 20:32:33 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/18 20:32:33 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/16 16:55:28 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/06/16 16:26:40 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/06/16 16:26:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/06/16 16:26:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/06/16 16:26:39 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/06/16 16:26:39 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/16 16:21:38 | 002,098,799 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/04 19:52:48 | 000,214,312 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/09 17:23:31 | 000,000,582 | ---- | C] () -- C:\Users\Andrew\AppData\Local\cookies.ini
[2011/02/28 18:19:15 | 000,002,424 | ---- | C] () -- C:\Windows\SysWow64\BattleP.ini
[2011/02/28 18:19:15 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\BattlePOff.ini
[2011/01/16 22:05:07 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/16 20:06:38 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/01/15 17:48:28 | 000,007,606 | ---- | C] () -- C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
[2011/01/15 17:29:07 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/01/15 17:28:41 | 000,743,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/14 17:19:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/14 16:40:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/09/17 19:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

TDSS killer log

19:18:42.0854 5292 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:18:43.0103 5292 ============================================================
19:18:43.0103 5292 Current date / time: 2012/06/21 19:18:43.0103
19:18:43.0103 5292 SystemInfo:
19:18:43.0103 5292
19:18:43.0103 5292 OS Version: 6.1.7601 ServicePack: 1.0
19:18:43.0103 5292 Product type: Workstation
19:18:43.0103 5292 ComputerName: ANDREW-PC
19:18:43.0103 5292 UserName: Andrew
19:18:43.0103 5292 Windows directory: C:\Windows
19:18:43.0103 5292 System windows directory: C:\Windows
19:18:43.0103 5292 Running under WOW64
19:18:43.0103 5292 Processor architecture: Intel x64
19:18:43.0103 5292 Number of processors: 8
19:18:43.0103 5292 Page size: 0x1000
19:18:43.0103 5292 Boot type: Normal boot
19:18:43.0103 5292 ============================================================
19:18:43.0462 5292 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:18:43.0478 5292 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:18:43.0493 5292 ============================================================
19:18:43.0493 5292 \Device\Harddisk0\DR0:
19:18:43.0493 5292 MBR partitions:
19:18:43.0493 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:18:43.0493 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2E906000
19:18:43.0493 5292 \Device\Harddisk1\DR1:
19:18:43.0493 5292 MBR partitions:
19:18:43.0493 5292 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:18:43.0493 5292 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:18:43.0493 5292 ============================================================
19:18:43.0525 5292 C: <-> \Device\Harddisk0\DR0\Partition1
19:18:43.0525 5292 D: <-> \Device\Harddisk1\DR1\Partition0
19:18:43.0540 5292 E: <-> \Device\Harddisk1\DR1\Partition1
19:18:43.0540 5292 ============================================================
19:18:43.0540 5292 Initialize success
19:18:43.0540 5292 ============================================================
19:18:48.0548 2176 ============================================================
19:18:48.0548 2176 Scan started
19:18:48.0548 2176 Mode: Manual; SigCheck; TDLFS;
19:18:48.0548 2176 ============================================================
19:18:49.0031 2176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:18:49.0265 2176 1394ohci - ok
19:18:49.0312 2176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:18:49.0328 2176 ACPI - ok
19:18:49.0359 2176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:18:49.0453 2176 AcpiPmi - ok
19:18:49.0546 2176 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:18:49.0546 2176 AdobeARMservice - ok
19:18:49.0609 2176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:18:49.0640 2176 adp94xx - ok
19:18:49.0671 2176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:18:49.0702 2176 adpahci - ok
19:18:49.0718 2176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:18:49.0733 2176 adpu320 - ok
19:18:49.0765 2176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:18:49.0889 2176 AeLookupSvc - ok
19:18:49.0952 2176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:18:49.0999 2176 AFD - ok
19:18:50.0045 2176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:18:50.0061 2176 agp440 - ok
19:18:50.0139 2176 AIDA64Driver - ok
19:18:50.0155 2176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:18:50.0201 2176 ALG - ok
19:18:50.0233 2176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:18:50.0248 2176 aliide - ok
19:18:50.0279 2176 ALSysIO - ok
19:18:50.0326 2176 AMD External Events Utility (dceee24e57e8176115207312f827c130) C:\Windows\system32\atiesrxx.exe
19:18:50.0404 2176 AMD External Events Utility - ok
19:18:50.0435 2176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:18:50.0451 2176 amdide - ok
19:18:50.0482 2176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:18:50.0529 2176 AmdK8 - ok
19:18:50.0545 2176 amdkmdag - ok
19:18:50.0576 2176 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
19:18:50.0607 2176 amdkmdap - ok
19:18:50.0638 2176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:18:50.0669 2176 AmdPPM - ok
19:18:50.0716 2176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:18:50.0732 2176 amdsata - ok
19:18:50.0763 2176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:18:50.0779 2176 amdsbs - ok
19:18:50.0794 2176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:18:50.0810 2176 amdxata - ok
19:18:50.0825 2176 anzsvmwy - ok
19:18:50.0857 2176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:18:50.0997 2176 AppID - ok
19:18:51.0028 2176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:18:51.0091 2176 AppIDSvc - ok
19:18:51.0153 2176 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:18:51.0215 2176 Appinfo - ok
19:18:51.0293 2176 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:18:51.0309 2176 Apple Mobile Device - ok
19:18:51.0356 2176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:18:51.0371 2176 arc - ok
19:18:51.0403 2176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:18:51.0418 2176 arcsas - ok
19:18:51.0434 2176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:51.0481 2176 AsyncMac - ok
19:18:51.0512 2176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:18:51.0527 2176 atapi - ok
19:18:51.0574 2176 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:18:51.0590 2176 AtiHDAudioService - ok
19:18:51.0668 2176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:18:51.0730 2176 AudioEndpointBuilder - ok
19:18:51.0746 2176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:18:51.0761 2176 AudioSrv - ok
19:18:51.0824 2176 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:18:51.0871 2176 AxInstSV - ok
19:18:51.0933 2176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:18:51.0980 2176 b06bdrv - ok
19:18:52.0027 2176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:18:52.0073 2176 b57nd60a - ok
19:18:52.0120 2176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:18:52.0167 2176 BDESVC - ok
19:18:52.0183 2176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:18:52.0229 2176 Beep - ok
19:18:52.0292 2176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:18:52.0339 2176 BFE - ok
19:18:52.0385 2176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:18:52.0432 2176 BITS - ok
19:18:52.0526 2176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:18:52.0541 2176 blbdrive - ok
19:18:52.0635 2176 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:18:52.0651 2176 Bonjour Service - ok
19:18:52.0682 2176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:18:52.0697 2176 bowser - ok
19:18:52.0713 2176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:18:52.0775 2176 BrFiltLo - ok
19:18:52.0775 2176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:18:52.0791 2176 BrFiltUp - ok
19:18:52.0822 2176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:18:52.0853 2176 BridgeMP - ok
19:18:52.0885 2176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:18:52.0931 2176 Browser - ok
19:18:53.0056 2176 Browser Defender Update Service (7229b58039d5a9338ad633e8ab60619c) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
19:18:53.0072 2176 Browser Defender Update Service - ok
19:18:53.0103 2176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:18:53.0150 2176 Brserid - ok
19:18:53.0181 2176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:18:53.0212 2176 BrSerWdm - ok
19:18:53.0228 2176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:18:53.0290 2176 BrUsbMdm - ok
19:18:53.0306 2176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:18:53.0321 2176 BrUsbSer - ok
19:18:53.0353 2176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:18:53.0384 2176 BTHMODEM - ok
19:18:53.0431 2176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:18:53.0477 2176 bthserv - ok
19:18:53.0509 2176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:18:53.0555 2176 cdfs - ok
19:18:53.0602 2176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:18:53.0649 2176 cdrom - ok
19:18:53.0696 2176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:18:53.0743 2176 CertPropSvc - ok
19:18:53.0789 2176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:18:53.0805 2176 circlass - ok
19:18:53.0867 2176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:18:53.0899 2176 CLFS - ok
19:18:53.0945 2176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:53.0961 2176 clr_optimization_v2.0.50727_32 - ok
19:18:53.0992 2176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:18:54.0008 2176 clr_optimization_v2.0.50727_64 - ok
19:18:54.0055 2176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:18:54.0070 2176 clr_optimization_v4.0.30319_32 - ok
19:18:54.0101 2176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:18:54.0117 2176 clr_optimization_v4.0.30319_64 - ok
19:18:54.0133 2176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:54.0164 2176 CmBatt - ok
19:18:54.0179 2176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:18:54.0195 2176 cmdide - ok
19:18:54.0257 2176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:18:54.0304 2176 CNG - ok
19:18:54.0335 2176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:18:54.0351 2176 Compbatt - ok
19:18:54.0382 2176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:18:54.0460 2176 CompositeBus - ok
19:18:54.0476 2176 COMSysApp - ok
19:18:54.0538 2176 cpuz130 - ok
19:18:54.0554 2176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:18:54.0569 2176 crcdisk - ok
19:18:54.0601 2176 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:18:54.0679 2176 CryptSvc - ok
19:18:54.0725 2176 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
19:18:54.0725 2176 dc3d - ok
19:18:54.0803 2176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:18:54.0866 2176 DcomLaunch - ok
19:18:54.0897 2176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:18:54.0944 2176 defragsvc - ok
19:18:54.0975 2176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:18:55.0037 2176 DfsC - ok
19:18:55.0084 2176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:18:55.0162 2176 Dhcp - ok
19:18:55.0178 2176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:18:55.0256 2176 discache - ok
19:18:55.0287 2176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:18:55.0303 2176 Disk - ok
19:18:55.0334 2176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:18:55.0381 2176 Dnscache - ok
19:18:55.0412 2176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:18:55.0474 2176 dot3svc - ok
19:18:55.0505 2176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:18:55.0552 2176 DPS - ok
19:18:55.0583 2176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:18:55.0615 2176 drmkaud - ok
19:18:55.0739 2176 dump_wmimmc - ok
19:18:55.0802 2176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:18:55.0833 2176 DXGKrnl - ok
19:18:55.0880 2176 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
19:18:55.0911 2176 e1cexpress - ok
19:18:55.0927 2176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:18:55.0973 2176 EapHost - ok
19:18:56.0129 2176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:18:56.0207 2176 ebdrv - ok
19:18:56.0317 2176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:18:56.0363 2176 EFS - ok
19:18:56.0441 2176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:18:56.0488 2176 ehRecvr - ok
19:18:56.0504 2176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:18:56.0519 2176 ehSched - ok
19:18:56.0597 2176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:18:56.0629 2176 elxstor - ok
19:18:56.0644 2176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:18:56.0675 2176 ErrDev - ok
19:18:56.0722 2176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:18:56.0785 2176 EventSystem - ok
19:18:56.0816 2176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:18:56.0878 2176 exfat - ok
19:18:56.0894 2176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:18:56.0925 2176 fastfat - ok
19:18:57.0003 2176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:18:57.0050 2176 Fax - ok
19:18:57.0081 2176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:18:57.0112 2176 fdc - ok
19:18:57.0143 2176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:18:57.0206 2176 fdPHost - ok
19:18:57.0221 2176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:18:57.0268 2176 FDResPub - ok
19:18:57.0284 2176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:18:57.0299 2176 FileInfo - ok
19:18:57.0299 2176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:18:57.0346 2176 Filetrace - ok
19:18:57.0377 2176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:18:57.0393 2176 flpydisk - ok
19:18:57.0440 2176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:18:57.0455 2176 FltMgr - ok
19:18:57.0643 2176 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:18:57.0689 2176 FontCache - ok
19:18:57.0752 2176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:18:57.0752 2176 FontCache3.0.0.0 - ok
19:18:57.0799 2176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:18:57.0814 2176 FsDepends - ok
19:18:57.0861 2176 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:18:57.0861 2176 fssfltr - ok
19:18:57.0970 2176 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:18:58.0017 2176 fsssvc - ok
19:18:58.0111 2176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:18:58.0126 2176 Fs_Rec - ok
19:18:58.0157 2176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:18:58.0189 2176 fvevol - ok
19:18:58.0204 2176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:18:58.0204 2176 gagp30kx - ok
19:18:58.0251 2176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:18:58.0251 2176 GEARAspiWDM - ok
19:18:58.0329 2176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:18:58.0391 2176 gpsvc - ok
19:18:58.0438 2176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:18:58.0469 2176 hcw85cir - ok
19:18:58.0547 2176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:18:58.0579 2176 HdAudAddService - ok
19:18:58.0594 2176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:18:58.0625 2176 HDAudBus - ok
19:18:58.0641 2176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:18:58.0672 2176 HidBatt - ok
19:18:58.0703 2176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:18:58.0735 2176 HidBth - ok
19:18:58.0750 2176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:18:58.0781 2176 HidIr - ok
19:18:58.0813 2176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:18:58.0859 2176 hidserv - ok
19:18:58.0906 2176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:18:58.0937 2176 HidUsb - ok
19:18:58.0984 2176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:18:59.0047 2176 hkmsvc - ok
19:18:59.0093 2176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:18:59.0140 2176 HomeGroupListener - ok
19:18:59.0187 2176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:18:59.0218 2176 HomeGroupProvider - ok
19:18:59.0265 2176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:18:59.0281 2176 HpSAMD - ok
19:18:59.0343 2176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:18:59.0405 2176 HTTP - ok
19:18:59.0437 2176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:18:59.0437 2176 hwpolicy - ok
19:18:59.0483 2176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:18:59.0499 2176 i8042prt - ok
19:18:59.0546 2176 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
19:18:59.0561 2176 iaStor - ok
19:18:59.0608 2176 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:18:59.0624 2176 IAStorDataMgrSvc - ok
19:18:59.0686 2176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:18:59.0702 2176 iaStorV - ok
19:18:59.0811 2176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:18:59.0842 2176 idsvc - ok
19:18:59.0920 2176 IduService (1166c49d951fbca8a8856f4177465bc7) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
19:18:59.0936 2176 IduService - ok
19:19:00.0014 2176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:19:00.0029 2176 iirsp - ok
19:19:00.0092 2176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:19:00.0170 2176 IKEEXT - ok
19:19:00.0373 2176 IntcAzAudAddService (5f6a3ea5bd7ca861863a3a06cecc115c) C:\Windows\system32\drivers\RTKVHD64.sys
19:19:00.0435 2176 IntcAzAudAddService - ok
19:19:00.0497 2176 Intel® Desktop Boards FSC Application Service (e819a56a50b454a422a870a769dcee81) C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
19:19:00.0513 2176 Intel® Desktop Boards FSC Application Service ( UnsignedFile.Multi.Generic ) - warning
19:19:00.0513 2176 Intel® Desktop Boards FSC Application Service - detected UnsignedFile.Multi.Generic (1)
19:19:00.0622 2176 Intel® PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
19:19:00.0638 2176 Intel® PROSet Monitoring Service - ok
19:19:00.0685 2176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:19:00.0700 2176 intelide - ok
19:19:00.0747 2176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:19:00.0763 2176 intelppm - ok
19:19:00.0810 2176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:19:00.0856 2176 IPBusEnum - ok
19:19:00.0903 2176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:19:00.0950 2176 IpFilterDriver - ok
19:19:01.0012 2176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:19:01.0075 2176 iphlpsvc - ok
19:19:01.0106 2176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:19:01.0122 2176 IPMIDRV - ok
19:19:01.0184 2176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:19:01.0231 2176 IPNAT - ok
19:19:01.0356 2176 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
19:19:01.0387 2176 iPod Service - ok
19:19:01.0402 2176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:19:01.0434 2176 IRENUM - ok
19:19:01.0465 2176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:19:01.0465 2176 isapnp - ok
19:19:01.0512 2176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:19:01.0527 2176 iScsiPrt - ok
19:19:01.0574 2176 JmtFltr (112809ce3919156c484c5bbe61eeee25) C:\Windows\system32\drivers\JmtFltr.sys
19:19:01.0605 2176 JmtFltr - ok
19:19:01.0636 2176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:19:01.0636 2176 kbdclass - ok
19:19:01.0683 2176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:19:01.0699 2176 kbdhid - ok
19:19:01.0746 2176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:19:01.0761 2176 KeyIso - ok
19:19:01.0777 2176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:19:01.0792 2176 KSecDD - ok
19:19:01.0808 2176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:19:01.0824 2176 KSecPkg - ok
19:19:01.0855 2176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:19:01.0917 2176 ksthunk - ok
19:19:01.0948 2176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:19:01.0995 2176 KtmRm - ok
19:19:02.0058 2176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:19:02.0120 2176 LanmanServer - ok
19:19:02.0167 2176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:19:02.0214 2176 LanmanWorkstation - ok
19:19:02.0260 2176 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys
19:19:02.0292 2176 libusb0 - ok
19:19:02.0338 2176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:19:02.0385 2176 lltdio - ok
19:19:02.0416 2176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:19:02.0463 2176 lltdsvc - ok
19:19:02.0479 2176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:19:02.0510 2176 lmhosts - ok
19:19:02.0635 2176 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:19:02.0666 2176 LMS - ok
19:19:02.0697 2176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:19:02.0713 2176 LSI_FC - ok
19:19:02.0728 2176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:19:02.0744 2176 LSI_SAS - ok
19:19:02.0775 2176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:19:02.0791 2176 LSI_SAS2 - ok
19:19:02.0791 2176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:19:02.0806 2176 LSI_SCSI - ok
19:19:02.0838 2176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:19:02.0900 2176 luafv - ok
19:19:02.0962 2176 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:19:02.0978 2176 MBAMProtector - ok
19:19:03.0025 2176 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:19:03.0040 2176 MBAMService - ok
19:19:03.0072 2176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:19:03.0103 2176 Mcx2Svc - ok
19:19:03.0134 2176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:19:03.0150 2176 megasas - ok
19:19:03.0212 2176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:19:03.0228 2176 MegaSR - ok
19:19:03.0274 2176 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
19:19:03.0274 2176 MEIx64 - ok
19:19:03.0352 2176 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:19:03.0368 2176 Microsoft Office Groove Audit Service - ok
19:19:03.0399 2176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:19:03.0446 2176 MMCSS - ok
19:19:03.0477 2176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:19:03.0508 2176 Modem - ok
19:19:03.0540 2176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:19:03.0571 2176 monitor - ok
19:19:03.0618 2176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:19:03.0633 2176 mouclass - ok
19:19:03.0649 2176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:19:03.0664 2176 mouhid - ok
19:19:03.0727 2176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:19:03.0742 2176 mountmgr - ok
19:19:03.0774 2176 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:19:03.0805 2176 MpFilter - ok
19:19:03.0836 2176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:19:03.0852 2176 mpio - ok
19:19:03.0867 2176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:19:03.0914 2176 mpsdrv - ok
19:19:03.0992 2176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:19:04.0070 2176 MpsSvc - ok
19:19:04.0101 2176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:19:04.0132 2176 MRxDAV - ok
19:19:04.0164 2176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:19:04.0210 2176 mrxsmb - ok
19:19:04.0257 2176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:19:04.0273 2176 mrxsmb10 - ok
19:19:04.0304 2176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:19:04.0320 2176 mrxsmb20 - ok
19:19:04.0351 2176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:19:04.0351 2176 msahci - ok
19:19:04.0382 2176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:19:04.0398 2176 msdsm - ok
19:19:04.0429 2176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:19:04.0460 2176 MSDTC - ok
19:19:04.0491 2176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:19:04.0522 2176 Msfs - ok
19:19:04.0554 2176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:19:04.0585 2176 mshidkmdf - ok
19:19:04.0616 2176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:19:04.0632 2176 msisadrv - ok
19:19:04.0663 2176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:19:04.0710 2176 MSiSCSI - ok
19:19:04.0710 2176 msiserver - ok
19:19:04.0741 2176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:19:04.0788 2176 MSKSSRV - ok
19:19:04.0866 2176 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:19:04.0881 2176 MsMpSvc - ok
19:19:04.0897 2176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:19:04.0928 2176 MSPCLOCK - ok
19:19:04.0959 2176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:19:05.0006 2176 MSPQM - ok
19:19:05.0037 2176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:19:05.0068 2176 MsRPC - ok
19:19:05.0100 2176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:19:05.0115 2176 mssmbios - ok
19:19:05.0115 2176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:19:05.0146 2176 MSTEE - ok
19:19:05.0162 2176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:19:05.0193 2176 MTConfig - ok
19:19:05.0193 2176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:19:05.0209 2176 Mup - ok
19:19:05.0256 2176 NAL (e4d623555c20fab03fc952b23811d0d8) C:\Windows\system32\Drivers\iqvw64e.sys
19:19:05.0256 2176 NAL - ok
19:19:05.0302 2176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:19:05.0365 2176 napagent - ok
19:19:05.0412 2176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:19:05.0458 2176 NativeWifiP - ok
19:19:05.0505 2176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:19:05.0536 2176 NDIS - ok
19:19:05.0552 2176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:19:05.0599 2176 NdisCap - ok
19:19:05.0614 2176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:19:05.0646 2176 NdisTapi - ok
19:19:05.0677 2176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:19:05.0724 2176 Ndisuio - ok
19:19:05.0755 2176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:19:05.0786 2176 NdisWan - ok
19:19:05.0833 2176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:19:05.0848 2176 NDProxy - ok
19:19:05.0880 2176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:19:05.0926 2176 NetBIOS - ok
19:19:05.0958 2176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:19:06.0020 2176 NetBT - ok
19:19:06.0067 2176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:19:06.0082 2176 Netlogon - ok
19:19:06.0145 2176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:19:06.0192 2176 Netman - ok
19:19:06.0223 2176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:19:06.0254 2176 netprofm - ok
19:19:06.0332 2176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:19:06.0348 2176 NetTcpPortSharing - ok
19:19:06.0379 2176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:19:06.0394 2176 nfrd960 - ok
19:19:06.0426 2176 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:19:06.0441 2176 NisDrv - ok
19:19:06.0504 2176 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
19:19:06.0535 2176 NisSrv - ok
19:19:06.0566 2176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:19:06.0628 2176 NlaSvc - ok
19:19:06.0644 2176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:19:06.0675 2176 Npfs - ok
19:19:06.0691 2176 npggsvc - ok
19:19:06.0691 2176 NPPTNT2 - ok
19:19:06.0706 2176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:19:06.0753 2176 nsi - ok
19:19:06.0769 2176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:19:06.0800 2176 nsiproxy - ok
19:19:06.0894 2176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:19:06.0940 2176 Ntfs - ok
19:19:07.0065 2176 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:19:07.0081 2176 NuidFltr - ok
19:19:07.0096 2176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:19:07.0128 2176 Null - ok
19:19:07.0174 2176 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:19:07.0206 2176 nusb3hub - ok
19:19:07.0221 2176 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:19:07.0252 2176 nusb3xhc - ok
19:19:07.0284 2176 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
19:19:07.0299 2176 NVHDA - ok
19:19:07.0939 2176 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:19:08.0313 2176 nvlddmkm - ok
19:19:08.0422 2176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:19:08.0438 2176 nvraid - ok
19:19:08.0469 2176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:19:08.0485 2176 nvstor - ok
19:19:08.0547 2176 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
19:19:08.0578 2176 NVSvc - ok
19:19:08.0610 2176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:19:08.0625 2176 nv_agp - ok
19:19:08.0719 2176 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:19:08.0734 2176 odserv - ok
19:19:08.0750 2176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:19:08.0766 2176 ohci1394 - ok
19:19:08.0797 2176 osaio (5cbce1c10d7830946599011296689f6f) C:\Windows\system32\drivers\osaio.sys
19:19:08.0812 2176 osaio - ok
19:19:08.0859 2176 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:19:08.0875 2176 ose - ok
19:19:08.0922 2176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:19:08.0968 2176 p2pimsvc - ok
19:19:09.0000 2176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:19:09.0031 2176 p2psvc - ok
19:19:09.0062 2176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:19:09.0078 2176 Parport - ok
19:19:09.0109 2176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:19:09.0124 2176 partmgr - ok
19:19:09.0140 2176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:19:09.0171 2176 PcaSvc - ok
19:19:09.0202 2176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:19:09.0218 2176 pci - ok
19:19:09.0249 2176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:19:09.0265 2176 pciide - ok
19:19:09.0280 2176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:19:09.0312 2176 pcmcia - ok
19:19:09.0358 2176 PCPitstop Scheduling (4afdda6adeb0df8a1aa0268ffb838649) C:\Program Files (x86)\CA\PCPitstopScheduleService.exe
19:19:09.0374 2176 PCPitstop Scheduling - ok
19:19:09.0405 2176 PCTBD (8fe3547a6a4669817bd01abd46f0cee5) C:\Windows\system32\Drivers\PCTBD64.sys
19:19:09.0421 2176 PCTBD - ok
19:19:09.0468 2176 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
19:19:09.0499 2176 PCTCore - ok
19:19:09.0546 2176 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
19:19:09.0561 2176 pctDS - ok
19:19:09.0624 2176 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
19:19:09.0655 2176 pctEFA - ok
19:19:09.0717 2176 pctgntdi (814acba180fb7ad3856d5ccaa857c97d) C:\Windows\System32\drivers\pctgntdi64.sys
19:19:09.0733 2176 pctgntdi - ok
19:19:09.0764 2176 pctplsg (abc87b90c4d20b0f76da00ff24b8826a) C:\Windows\System32\drivers\pctplsg64.sys
19:19:09.0764 2176 pctplsg - ok
19:19:09.0811 2176 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
19:19:09.0842 2176 PCTSD - ok
19:19:09.0858 2176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:19:09.0873 2176 pcw - ok
19:19:09.0920 2176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:19:09.0951 2176 PEAUTH - ok
19:19:10.0045 2176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:19:10.0060 2176 PerfHost - ok
19:19:10.0201 2176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:19:10.0263 2176 pla - ok
19:19:10.0326 2176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:19:10.0372 2176 PlugPlay - ok
19:19:10.0404 2176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:19:10.0419 2176 PNRPAutoReg - ok
19:19:10.0450 2176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:19:10.0466 2176 PNRPsvc - ok
19:19:10.0528 2176 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
19:19:10.0544 2176 Point64 - ok
19:19:10.0591 2176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:19:10.0653 2176 PolicyAgent - ok
19:19:10.0684 2176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:19:10.0747 2176 Power - ok
19:19:10.0778 2176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:19:10.0840 2176 PptpMiniport - ok
19:19:10.0872 2176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:19:10.0887 2176 Processor - ok
19:19:10.0934 2176 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:19:10.0965 2176 ProfSvc - ok
19:19:10.0996 2176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:19:11.0012 2176 ProtectedStorage - ok
19:19:11.0043 2176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:19:11.0106 2176 Psched - ok
19:19:11.0199 2176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:19:11.0246 2176 ql2300 - ok
19:19:11.0340 2176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:19:11.0355 2176 ql40xx - ok
19:19:11.0386 2176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:19:11.0402 2176 QWAVE - ok
19:19:11.0402 2176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:19:11.0433 2176 QWAVEdrv - ok
19:19:11.0449 2176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:19:11.0496 2176 RasAcd - ok
19:19:11.0527 2176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:19:11.0558 2176 RasAgileVpn - ok
19:19:11.0574 2176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:19:11.0620 2176 RasAuto - ok
19:19:11.0652 2176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:19:11.0698 2176 Rasl2tp - ok
19:19:11.0730 2176 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:19:11.0761 2176 RasMan - ok
19:19:11.0808 2176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:19:11.0854 2176 RasPppoe - ok
19:19:11.0870 2176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:19:11.0932 2176 RasSstp - ok
19:19:11.0964 2176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:19:11.0995 2176 rdbss - ok
19:19:12.0026 2176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:19:12.0042 2176 rdpbus - ok
19:19:12.0073 2176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:19:12.0088 2176 RDPCDD - ok
19:19:12.0120 2176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:19:12.0166 2176 RDPENCDD - ok
19:19:12.0166 2176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:19:12.0182 2176 RDPREFMP - ok
19:19:12.0229 2176 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:19:12.0244 2176 RDPWD - ok
19:19:12.0307 2176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:19:12.0322 2176 rdyboost - ok
19:19:12.0338 2176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:19:12.0400 2176 RemoteAccess - ok
19:19:12.0447 2176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:19:12.0478 2176 RemoteRegistry - ok
19:19:12.0494 2176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:19:12.0525 2176 RpcEptMapper - ok
19:19:12.0525 2176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:19:12.0541 2176 RpcLocator - ok
19:19:12.0588 2176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:19:12.0634 2176 RpcSs - ok
19:19:12.0666 2176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:19:12.0712 2176 rspndr - ok
19:19:12.0744 2176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:19:12.0759 2176 SamSs - ok
19:19:12.0790 2176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:19:12.0790 2176 sbp2port - ok
19:19:12.0822 2176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:19:12.0853 2176 SCardSvr - ok
19:19:12.0884 2176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:19:12.0931 2176 scfilter - ok
19:19:13.0009 2176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:19:13.0056 2176 Schedule - ok
19:19:13.0087 2176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:19:13.0102 2176 SCPolicySvc - ok
19:19:13.0227 2176 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
19:19:13.0258 2176 sdAuxService - ok
19:19:13.0305 2176 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
19:19:13.0336 2176 sdCoreService - ok
19:19:13.0430 2176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:19:13.0477 2176 SDRSVC - ok
19:19:13.0508 2176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:19:13.0555 2176 secdrv - ok
19:19:13.0586 2176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:19:13.0633 2176 seclogon - ok
19:19:13.0664 2176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:19:13.0695 2176 SENS - ok
19:19:13.0711 2176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:19:13.0742 2176 SensrSvc - ok
19:19:13.0758 2176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:19:13.0789 2176 Serenum - ok
19:19:13.0820 2176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:19:13.0836 2176 Serial - ok
19:19:13.0867 2176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:19:13.0898 2176 sermouse - ok
19:19:13.0929 2176 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:19:13.0992 2176 SessionEnv - ok
19:19:14.0007 2176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:19:14.0023 2176 sffdisk - ok
19:19:14.0038 2176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:19:14.0054 2176 sffp_mmc - ok
19:19:14.0085 2176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:19:14.0116 2176 sffp_sd - ok
19:19:14.0148 2176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:19:14.0179 2176 sfloppy - ok
19:19:14.0226 2176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:19:14.0288 2176 SharedAccess - ok
19:19:14.0335 2176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:19:14.0382 2176 ShellHWDetection - ok
19:19:14.0413 2176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:19:14.0428 2176 SiSRaid2 - ok
19:19:14.0444 2176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:19:14.0444 2176 SiSRaid4 - ok
19:19:14.0475 2176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:19:14.0522 2176 Smb - ok
19:19:14.0553 2176 smbusp (3da591bbab178a3152b8685dc43b20cd) C:\Windows\system32\DRIVERS\intelsmb.sys
19:19:14.0569 2176 smbusp - ok
19:19:14.0600 2176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:19:14.0631 2176 SNMPTRAP - ok
19:19:14.0647 2176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:19:14.0662 2176 spldr - ok
19:19:14.0709 2176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:19:14.0772 2176 Spooler - ok
19:19:14.0943 2176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:19:15.0021 2176 sppsvc - ok
19:19:15.0115 2176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:19:15.0146 2176 sppuinotify - ok
19:19:15.0193 2176 SQTECH905C (ec8f6e941a8689d3472130a95a512bdf) C:\Windows\system32\Drivers\Capt905c.sys
19:19:15.0208 2176 SQTECH905C - ok
19:19:15.0255 2176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:19:15.0302 2176 srv - ok
19:19:15.0333 2176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:19:15.0349 2176 srv2 - ok
19:19:15.0364 2176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:19:15.0380 2176 srvnet - ok
19:19:15.0427 2176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:19:15.0474 2176 SSDPSRV - ok
19:19:15.0489 2176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:19:15.0505 2176 SstpSvc - ok
19:19:15.0536 2176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:19:15.0536 2176 stexstor - ok
19:19:15.0614 2176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:19:15.0661 2176 stisvc - ok
19:19:15.0676 2176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:19:15.0692 2176 swenum - ok
19:19:15.0739 2176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:19:15.0801 2176 swprv - ok
19:19:15.0895 2176 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:19:15.0957 2176 SysMain - ok
19:19:16.0051 2176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:19:16.0082 2176 TabletInputService - ok
19:19:16.0129 2176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:19:16.0191 2176 TapiSrv - ok
19:19:16.0222 2176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:19:16.0238 2176 TBS - ok
19:19:16.0378 2176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:19:16.0425 2176 Tcpip - ok
19:19:16.0706 2176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:19:16.0737 2176 TCPIP6 - ok
19:19:16.0831 2176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:19:16.0878 2176 tcpipreg - ok
19:19:16.0909 2176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:19:16.0940 2176 TDPIPE - ok
19:19:16.0971 2176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:19:17.0002 2176 TDTCP - ok
19:19:17.0034 2176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:19:17.0065 2176 tdx - ok
19:19:17.0096 2176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:19:17.0112 2176 TermDD - ok
19:19:17.0174 2176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:19:17.0205 2176 TermService - ok
19:19:17.0252 2176 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
19:19:17.0252 2176 TfFsMon - ok
19:19:17.0330 2176 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
19:19:17.0361 2176 TFSysMon - ok
19:19:17.0377 2176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:19:17.0408 2176 Themes - ok
19:19:17.0439 2176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:19:17.0455 2176 THREADORDER - ok
19:19:17.0533 2176 ThreatFire - ok
19:19:17.0548 2176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:19:17.0595 2176 TrkWks - ok
19:19:17.0642 2176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:19:17.0704 2176 TrustedInstaller - ok
19:19:17.0736 2176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:19:17.0782 2176 tssecsrv - ok
19:19:17.0829 2176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:19:17.0845 2176 TsUsbFlt - ok
19:19:17.0892 2176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:19:17.0954 2176 tunnel - ok
19:19:17.0985 2176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:19:18.0001 2176 uagp35 - ok
19:19:18.0063 2176 uagqecsvc (c49adf4fdcc2c1493197b2df528c9485) C:\Users\Andrew\Forefront UAG Remote Access Agent\wwwmyhdsbca\uag1\uagqecsvc.exe
19:19:18.0079 2176 uagqecsvc - ok
19:19:18.0126 2176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:19:18.0172 2176 udfs - ok
19:19:18.0204 2176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:19:18.0219 2176 UI0Detect - ok
19:19:18.0266 2176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:19:18.0282 2176 uliagpkx - ok
19:19:18.0297 2176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:19:18.0328 2176 umbus - ok
19:19:18.0360 2176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:19:18.0375 2176 UmPass - ok
19:19:18.0547 2176 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:19:18.0594 2176 UNS - ok
19:19:18.0703 2176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:19:18.0750 2176 upnphost - ok
19:19:18.0796 2176 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:19:18.0843 2176 USBAAPL64 - ok
19:19:18.0890 2176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:19:18.0906 2176 usbccgp - ok
19:19:18.0921 2176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:19:18.0952 2176 usbcir - ok
19:19:18.0968 2176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:19:18.0999 2176 usbehci - ok
19:19:19.0030 2176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:19:19.0077 2176 usbhub - ok
19:19:19.0093 2176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:19:19.0108 2176 usbohci - ok
19:19:19.0155 2176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:19:19.0186 2176 usbprint - ok
19:19:19.0218 2176 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:19:19.0264 2176 usbscan - ok
19:19:19.0280 2176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:19:19.0311 2176 USBSTOR - ok
19:19:19.0342 2176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:19:19.0358 2176 usbuhci - ok
19:19:19.0389 2176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:19:19.0436 2176 UxSms - ok
19:19:19.0467 2176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:19:19.0483 2176 VaultSvc - ok
19:19:19.0514 2176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:19:19.0514 2176 vdrvroot - ok
19:19:19.0561 2176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:19:19.0623 2176 vds - ok
19:19:19.0639 2176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:19:19.0654 2176 vga - ok
19:19:19.0670 2176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:19:19.0701 2176 VgaSave - ok
19:19:19.0732 2176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:19:19.0748 2176 vhdmp - ok
19:19:19.0779 2176 vhidmini (52290e2e0bfae61d622aa8b9b3a4cb4e) C:\Windows\system32\DRIVERS\vhidmini.sys
19:19:19.0810 2176 vhidmini - ok
19:19:19.0857 2176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:19:19.0873 2176 viaide - ok
19:19:19.0888 2176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:19:19.0904 2176 volmgr - ok
19:19:19.0951 2176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:19:19.0966 2176 volmgrx - ok
19:19:19.0998 2176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:19:20.0013 2176 volsnap - ok
19:19:20.0044 2176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:19:20.0060 2176 vsmraid - ok
19:19:20.0154 2176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:19:20.0216 2176 VSS - ok
19:19:20.0310 2176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:19:20.0356 2176 vwifibus - ok
19:19:20.0403 2176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:19:20.0450 2176 W32Time - ok
19:19:20.0450 2176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:19:20.0466 2176 WacomPen - ok
19:19:20.0528 2176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:19:20.0575 2176 WANARP - ok
19:19:20.0575 2176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:19:20.0606 2176 Wanarpv6 - ok
19:19:20.0700 2176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:19:20.0746 2176 WatAdminSvc - ok
19:19:20.0824 2176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:19:20.0887 2176 wbengine - ok
19:19:20.0980 2176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:19:21.0012 2176 WbioSrvc - ok
19:19:21.0058 2176 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:19:21.0121 2176 wcncsvc - ok
19:19:21.0136 2176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:19:21.0152 2176 WcsPlugInService - ok
19:19:21.0199 2176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:19:21.0214 2176 Wd - ok
19:19:21.0261 2176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:19:21.0292 2176 Wdf01000 - ok
19:19:21.0308 2176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:19:21.0339 2176 WdiServiceHost - ok
19:19:21.0339 2176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:19:21.0355 2176 WdiSystemHost - ok
19:19:21.0402 2176 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:19:21.0433 2176 WebClient - ok
19:19:21.0464 2176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:19:21.0511 2176 Wecsvc - ok
19:19:21.0526 2176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:19:21.0558 2176 wercplsupport - ok
19:19:21.0589 2176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:19:21.0604 2176 WerSvc - ok
19:19:21.0651 2176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:19:21.0682 2176 WfpLwf - ok
19:19:21.0698 2176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:19:21.0714 2176 WIMMount - ok
19:19:21.0729 2176 WinDefend - ok
19:19:21.0729 2176 WinHttpAutoProxySvc - ok
19:19:21.0776 2176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:19:21.0823 2176 Winmgmt - ok
19:19:21.0948 2176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:19:22.0010 2176 WinRM - ok
19:19:22.0135 2176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:19:22.0166 2176 WinUsb - ok
19:19:22.0244 2176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:19:22.0291 2176 Wlansvc - ok
19:19:22.0338 2176 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:19:22.0353 2176 wlcrasvc - ok
19:19:22.0478 2176 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:19:22.0525 2176 wlidsvc - ok
19:19:22.0618 2176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:19:22.0634 2176 WmiAcpi - ok
19:19:22.0696 2176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:19:22.0728 2176 wmiApSrv - ok
19:19:22.0774 2176 WMPNetworkSvc - ok
19:19:22.0806 2176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:19:22.0821 2176 WPCSvc - ok
19:19:22.0868 2176 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:19:22.0884 2176 WPDBusEnum - ok
19:19:22.0899 2176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:19:22.0946 2176 ws2ifsl - ok
19:19:22.0946 2176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:19:22.0977 2176 wscsvc - ok
19:19:22.0977 2176 WSearch - ok
19:19:23.0102 2176 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:19:23.0180 2176 wuauserv - ok
19:19:23.0289 2176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:19:23.0352 2176 WudfPf - ok
19:19:23.0383 2176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:19:23.0445 2176 WUDFRd - ok
19:19:23.0461 2176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:19:23.0508 2176 wudfsvc - ok
19:19:23.0539 2176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:19:23.0554 2176 WwanSvc - ok
19:19:23.0586 2176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:19:23.0804 2176 \Device\Harddisk0\DR0 - ok
19:19:23.0804 2176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:19:23.0960 2176 \Device\Harddisk1\DR1 - ok
19:19:23.0960 2176 Boot (0x1200) (9e9ad722c2a4b4326825cb64827c2e60) \Device\Harddisk0\DR0\Partition0
19:19:23.0960 2176 \Device\Harddisk0\DR0\Partition0 - ok
19:19:23.0976 2176 Boot (0x1200) (812ca80af59abdf43b36a4871bca3372) \Device\Harddisk0\DR0\Partition1
19:19:23.0976 2176 \Device\Harddisk0\DR0\Partition1 - ok
19:19:23.0976 2176 Boot (0x1200) (e10ac444b375c92b9d67946bb71b073a) \Device\Harddisk1\DR1\Partition0
19:19:23.0991 2176 \Device\Harddisk1\DR1\Partition0 - ok
19:19:23.0991 2176 Boot (0x1200) (3d6cdb40dec2de526b497afc4f59ef65) \Device\Harddisk1\DR1\Partition1
19:19:23.0991 2176 \Device\Harddisk1\DR1\Partition1 - ok
19:19:23.0991 2176 ============================================================
19:19:23.0991 2176 Scan finished
19:19:23.0991 2176 ============================================================
19:19:24.0007 6212 Detected object count: 1
19:19:24.0007 6212 Actual detected object count: 1
19:19:30.0075 6212 Intel® Desktop Boards FSC Application Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:30.0075 6212 Intel® Desktop Boards FSC Application Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:52.0207 2312 Deinitialize success


MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]

21/06/2012 5:16:35 PM
mbam-log-2012-06-21 (17-16-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 418670
Time elapsed: 35 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 23 June 2012 - 09:49 AM

Hi Daanmakus,



Before making some changes or starting a fix, I would like you to answer the following questions as exactly and detailed as you can:
Do you have installed these toolbars intentionally and/or do you use them?
  • Ask Toolbar
  • Search Results Toolbar
  • FaceSmooch Toolbar
  • Windows iLivid Toolbar
  • FileBulldog Toolbar
Those toolbars will be often installed without your notice. Most of them are classified as PUP (possible unwanted software) or Adware.
I do not recommend them being installed on your computer.





What you should post with your next answer:
  • an answer to my questions.

Regards,
M-K-D-B

#6 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 23 June 2012 - 02:50 PM

Hi,

No I did not intentionally install those add ons. I do not use them either.

I was looking around my computer and It seems that I have 2 profiles 1 which is as an administrator. The icon for chrome was not being run as an administrator so I changed it. For some reason I can now look up stuff without being redirected. I'm not sure if I still have the problem and have just bypassed it somehow.

#7 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 23 June 2012 - 09:28 PM

Well it seems the redirect problem is still on my computer.

Please advise what to do next.

Thanks.

#8 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 25 June 2012 - 07:32 AM

Hi Daanmakus,



Step 1
Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Ask Toolbar
Search Results Toolbar
FaceSmooch Toolbar
Windows iLivid Toolbar
FileBulldog Toolbar


Additional instructions can be found here if needed.





Step 2
Please download AdwCleaner onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.





What you should post with your next answer:
  • the logfile from AdwCleaner.

Regards,
M-K-D-B

#9 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 25 June 2012 - 11:11 AM

# AdwCleaner v1.609 - Logfile created 06/25/2012 at 12:08:53
# Updated 10/06/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Andrew\AppData\Local\Ilivid Player
Folder Found : C:\Users\Andrew\AppData\LocalLow\Bandoo
Folder Found : C:\Users\Andrew\AppData\LocalLow\searchquband
Folder Found : C:\Users\Andrew\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Andrew\AppData\Roaming\Ask.com
Folder Found : C:\Users\Andrew\AppData\Roaming\Bandoo
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\p01ptfa8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v19.0.1084.56

File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [11507 octets] - [25/06/2012 12:08:53]

########## EOF - C:\AdwCleaner[R1].txt - [11636 octets] ##########

#10 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 26 June 2012 - 02:09 AM

Hi Daanmakus,



Step 1
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.




Step 2
We need to create an OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened
  • Please post the content of that logfile with your next answer.





Step 3
I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Are you still being redirected to mydomainadvisor.com?





What you should post with your next answer:
  • the logfile from AdwCleaner,
  • the logfile from OTL,
  • an answer to my questions.

Regards,
M-K-D-B

#11 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 26 June 2012 - 08:37 AM

# AdwCleaner v1.609 - Logfile created 06/26/2012 at 09:04:37
# Updated 10/06/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Andrew\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Ask.com
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Bandoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\SOFTWARE\bandoo
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\p01ptfa8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v19.0.1084.56

File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [11540 octets] - [25/06/2012 12:08:53]
AdwCleaner[S1].txt - [8652 octets] - [26/06/2012 09:04:37]

########## EOF - C:\AdwCleaner[S1].txt - [8780 octets] ##########

OTL logfile created on: 26/06/2012 9:32:30 AM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Andrew\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.25% Memory free
15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 256.54 Gb Free Space | 68.87% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 436.32 Gb Free Space | 46.85% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 17:09:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/16 19:51:06 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\Andrew\Forefront UAG Remote Access Agent\wwwmyhdsbca\uag1\uagqecsvc.exe
PRC - [2011/05/13 05:41:45 | 000,326,560 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2010/12/15 22:26:12 | 000,131,272 | ---- | M] (Intel® Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
PRC - [2010/12/15 22:26:10 | 001,656,520 | ---- | M] (Intel® Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2007/12/12 12:58:30 | 000,163,840 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\n52te\razerhid.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:34:33 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/06/14 03:30:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:30:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/05/10 03:35:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/10 03:33:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:33:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 03:33:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:33:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:33:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:33:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/13 05:41:45 | 000,326,560 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/02 00:38:06 | 009,837,568 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/25 22:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/11 10:07:14 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/16 19:51:06 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\Andrew\Forefront UAG Remote Access Agent\wwwmyhdsbca\uag1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2011/03/28 15:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/12/15 22:26:12 | 000,131,272 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel®
SRV - [2010/12/15 22:25:42 | 000,057,344 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe -- (Intel® Desktop Boards FSC Application Service) Intel®
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/29 13:56:22 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\CA\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/05/11 10:07:16 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2012/05/11 10:07:16 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2012/05/08 18:21:48 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/04/18 14:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/14 16:37:45 | 000,017,176 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\osaio.sys -- (osaio)
DRV:64bit: - [2010/12/15 22:25:44 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV:64bit: - [2010/11/25 22:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 08:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/17 05:02:24 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/11/11 19:10:50 | 000,048,448 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Capt905c.sys -- (SQTECH905C)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/09/29 02:21:58 | 000,013,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
DRV:64bit: - [2007/09/29 02:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2011/12/19 22:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes,DefaultScope = {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes\{17FF0626-DB34-4E40-8140-AE4C22F1855A}: "URL" = http://igb.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/16 16:26:47 | 000,000,000 | ---D | M]

[2012/04/01 14:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/19 20:28:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll File not found
O2 - BHO: (Updater For FaceSmooch Toolbar) - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files (x86)\facesmoochtb\auxi\facesmoochAu.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe (Intel® Corporation)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-1593980679-2667034067-426507978-1000..\Run: [PlayNC Launcher] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u10-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (VersionControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58282DAF-6328-4AAE-B8FA-A5971AB4CB06}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66D830F-548E-4CB4-8890-84B525570210}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 09:10:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Lily's Violin
[2012/06/22 07:18:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 07:18:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 07:18:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 07:18:22 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 07:18:22 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 07:18:22 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 07:18:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 07:18:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 17:09:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2012/06/20 22:18:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/20 21:11:20 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2012/06/20 19:25:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/20 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/20 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/20 16:09:25 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\94157775.sys
[2012/06/19 20:34:25 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Andrew\Desktop\GooredFix.exe
[2012/06/19 20:28:43 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/06/19 20:27:04 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTM.exe
[2012/06/19 19:13:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Mozilla
[2012/06/19 19:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/19 19:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/19 19:08:09 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\10246391.sys
[2012/06/19 18:49:20 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/06/19 18:49:20 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/06/19 18:49:20 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/06/19 18:49:20 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/06/19 18:49:20 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/06/19 18:49:20 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/06/19 18:49:20 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/06/19 18:49:19 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/06/19 18:49:19 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/06/19 18:49:19 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/06/19 18:49:19 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/06/19 18:49:19 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/06/19 18:49:19 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/06/19 18:49:19 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/06/19 18:49:19 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/06/19 18:49:19 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/06/19 18:49:19 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/06/19 18:49:18 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/06/19 18:49:18 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/06/19 18:49:18 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/06/19 18:49:18 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/06/19 18:47:01 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/06/19 18:47:01 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/06/19 18:47:01 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/06/19 18:46:14 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/06/19 18:46:14 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/06/19 18:46:14 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/06/19 18:46:14 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/06/19 18:46:14 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/06/19 18:46:10 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/06/19 18:46:10 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2012/06/19 18:46:10 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/06/19 18:46:10 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/06/19 18:46:10 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2012/06/19 18:46:09 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/06/19 18:46:09 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012/06/19 18:46:08 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/06/19 18:46:08 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012/06/19 18:46:08 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/06/19 18:46:08 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/06/19 18:46:08 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/06/19 18:46:08 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012/06/19 18:46:07 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/06/19 18:46:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/06/19 18:46:07 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012/06/19 18:46:07 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/06/19 18:46:06 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/06/19 18:46:04 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/06/19 18:46:04 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012/06/19 18:46:04 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012/06/19 18:46:04 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012/06/19 11:23:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2012/06/18 20:52:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Temp
[2012/06/18 20:52:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/18 20:32:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\SpeedyPC Software
[2012/06/18 20:32:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DriverCure
[2012/06/18 20:32:33 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/06/18 20:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/18 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/06/18 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/06/17 16:02:01 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 16:02:01 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 15:39:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/17 14:56:42 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\37983166.sys
[2012/06/16 16:56:30 | 000,706,776 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/06/16 16:56:30 | 000,065,664 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/06/16 16:56:30 | 000,041,968 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/06/16 16:26:41 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/16 16:26:39 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/16 16:26:39 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/16 16:26:39 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/16 16:26:15 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/16 16:26:15 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/16 16:26:12 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/06/16 16:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/16 16:26:08 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/16 16:21:37 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/16 16:21:37 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/16 16:21:36 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/16 16:21:35 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/16 16:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/14 03:00:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 03:00:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 03:00:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 03:00:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 03:00:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 03:00:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 03:00:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 03:00:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 03:00:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 03:00:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 03:00:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 03:00:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 03:00:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 08:58:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 08:58:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 08:58:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 08:58:29 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 08:58:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 08:58:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 08:58:22 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 08:58:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 08:58:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/01 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Lily and Annie
[2012/06/01 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Aion

========== Files - Modified Within 30 Days ==========

[2012/06/26 09:22:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000UA.job
[2012/06/26 09:13:48 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 09:13:48 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 09:06:34 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2012/06/26 09:06:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 09:05:59 | 2131,709,951 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 22:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000Core.job
[2012/06/25 12:08:26 | 000,601,715 | ---- | M] () -- C:\Users\Andrew\Desktop\adwcleaner.exe
[2012/06/22 07:18:34 | 002,106,071 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/21 19:18:38 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2012/06/21 19:18:07 | 002,109,806 | ---- | M] () -- C:\Users\Andrew\Desktop\tdsskiller.zip
[2012/06/21 17:09:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2012/06/21 07:51:58 | 000,025,432 | ---- | M] () -- C:\Users\Andrew\Desktop\DDS.scr
[2012/06/21 07:41:11 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\defogger_reenable
[2012/06/21 07:40:46 | 000,050,477 | ---- | M] () -- C:\Users\Andrew\Desktop\Defogger.exe
[2012/06/20 22:18:21 | 000,002,318 | ---- | M] () -- C:\Users\Andrew\Desktop\Google Chrome.lnk
[2012/06/20 22:12:28 | 000,001,254 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 19:25:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 16:09:25 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\94157775.sys
[2012/06/19 20:34:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Andrew\Desktop\GooredFix.exe
[2012/06/19 20:28:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/19 20:27:06 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTM.exe
[2012/06/19 19:08:09 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\10246391.sys
[2012/06/18 20:32:49 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/18 20:32:33 | 000,001,195 | ---- | M] () -- C:\Users\Andrew\Desktop\SpeedyPC Pro.lnk
[2012/06/18 20:32:33 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/18 20:32:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/17 16:01:42 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 16:01:42 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 16:01:42 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 16:01:42 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/17 16:01:42 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/17 15:45:45 | 000,737,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 15:45:45 | 000,636,100 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 15:45:45 | 000,113,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/17 14:56:42 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\37983166.sys
[2012/06/16 19:56:32 | 000,001,021 | ---- | M] () -- C:\Users\Andrew\Desktop\Dropbox.lnk
[2012/06/16 16:55:28 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/06/14 03:27:36 | 000,464,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/01 08:20:49 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk

========== Files Created - No Company Name ==========

[2012/06/25 12:08:24 | 000,601,715 | ---- | C] () -- C:\Users\Andrew\Desktop\adwcleaner.exe
[2012/06/21 19:18:02 | 002,109,806 | ---- | C] () -- C:\Users\Andrew\Desktop\tdsskiller.zip
[2012/06/21 07:51:58 | 000,025,432 | ---- | C] () -- C:\Users\Andrew\Desktop\DDS.scr
[2012/06/21 07:41:11 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\defogger_reenable
[2012/06/21 07:40:45 | 000,050,477 | ---- | C] () -- C:\Users\Andrew\Desktop\Defogger.exe
[2012/06/20 22:18:20 | 000,002,318 | ---- | C] () -- C:\Users\Andrew\Desktop\Google Chrome.lnk
[2012/06/20 22:17:41 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000UA.job
[2012/06/20 22:17:40 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593980679-2667034067-426507978-1000Core.job
[2012/06/20 19:25:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/19 18:50:38 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/06/19 18:49:20 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/06/19 18:46:08 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/06/18 20:32:49 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/18 20:32:33 | 000,001,195 | ---- | C] () -- C:\Users\Andrew\Desktop\SpeedyPC Pro.lnk
[2012/06/18 20:32:33 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/18 20:32:33 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/16 16:55:28 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/06/16 16:26:40 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/06/16 16:26:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/06/16 16:26:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/06/16 16:26:39 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/06/16 16:26:39 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/16 16:21:38 | 002,106,071 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/04 19:52:48 | 000,214,312 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/09 17:23:31 | 000,000,582 | ---- | C] () -- C:\Users\Andrew\AppData\Local\cookies.ini
[2011/02/28 18:19:15 | 000,002,424 | ---- | C] () -- C:\Windows\SysWow64\BattleP.ini
[2011/02/28 18:19:15 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\BattlePOff.ini
[2011/01/16 22:05:07 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/16 20:06:38 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/01/15 17:48:28 | 000,007,606 | ---- | C] () -- C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
[2011/01/15 17:29:07 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/01/15 17:28:41 | 000,743,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/14 17:19:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/14 16:40:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/09/17 19:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#12 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 26 June 2012 - 08:40 AM

Hey,

Well I have opened and searched the usually problem on Chrome with success. I will try a few more times over the next day and let you know.

So far so good.

A

#13 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 26 June 2012 - 10:28 AM

Hi Daanmakus,


Step 1
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\S-1-5-21-1593980679-2667034067-426507978-1000\..\SearchScopes\{17FF0626-DB34-4E40-8140-AE4C22F1855A}: "URL" = http://igb.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
    O2 - BHO: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll File not found
    O2 - BHO: (Updater For FaceSmooch Toolbar) - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files (x86)\facesmoochtb\auxi\facesmoochAu.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
    O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - File not found
    O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
    
    :files
    C:\Program Files (x86)\WI3C8A~1
    C:\Program Files (x86)\facesmoochtb
    
    :commands
    [Emptytemp]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
    You can find the report under C:\_OTL\MovedFiles\ as well.





Step 2
  • Please start Malwarebytes' Anti-Malware.
  • Click on the Update tab and download the newest definitions updates.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.





Step 3
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!





Step 4
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





What you should post with your next answer:
  • the logfile from OTL,
  • the logfile from MBAM,
  • the logfile from ESET Online Scanner,
  • the logfile from SecurityCheck.

Regards,
M-K-D-B

#14 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 26 June 2012 - 01:08 PM

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1593980679-2667034067-426507978-1000\Software\Microsoft\Internet Explorer\SearchScopes\{17FF0626-DB34-4E40-8140-AE4C22F1855A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17FF0626-DB34-4E40-8140-AE4C22F1855A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c490bf5-4244-4310-b4a7-3361f288dac5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c490bf5-4244-4310-b4a7-3361f288dac5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41069220-f72a-40ea-a8f3-bcd5e1fbc8f0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41069220-f72a-40ea-a8f3-bcd5e1fbc8f0}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3c490bf5-4244-4310-b4a7-3361f288dac5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c490bf5-4244-4310-b4a7-3361f288dac5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\WI3C8A~1 not found.
File\Folder C:\Program Files (x86)\facesmoochtb not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 96490495 bytes
->Temporary Internet Files folder emptied: 143188952 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 309758686 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 3131 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76316 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 282353906 bytes

Total Files Cleaned = 793.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06262012_113720

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{983807DE-706C-40DC-8210-2F3C491146AA}.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]

Protection: Enabled

26/06/2012 11:42:07 AM
mbam-log-2012-06-26 (11-42-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210574
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0237e6c372ca3843be29afc67e685608
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 09:12:04
# local_time=2012-06-20 05:12:04 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 18825869 91767904 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=220677
# found=12
# cleaned=12
# scan_time=2270
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll probably a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll Win64/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll Win64/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngrUI.exe Win64/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\DnsBHO.dll Win64/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll Win64/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\FinalTorrent2011Setup.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\SoftonicDownloader_for_mp3-rocket.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0237e6c372ca3843be29afc67e685608
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-26 06:01:21
# local_time=2012-06-26 02:01:21 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 19332816 92274851 0 0
# compatibility_mode=8192 67108863 100 0 420779 420779 0 0
# scanned=216435
# found=0
# cleaned=0
# scan_time=2279


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
PC Tools Spyware Doctor with AntiVirus
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
PC Tools Spyware Doctor with AntiVirus
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 6 Update 10
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.1.102.62 Flash Player out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#15 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:33 AM

Posted 27 June 2012 - 09:02 AM

Hi Daanmakus,



I would like you to have a look at the following folder:

C:\Program Files (x86)\Windows iLivid Toolbar

If it's still present, delete it please.



If you have no more problems, then we're done here. Your computer is clean. :thumbup2:
Finally, we have to take a few steps to clean up and protect your computer.





Step 1
We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.





Step 2
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes





Step 3
I've seen that User Account Control (UAC) is disabled on your computer. This windows feature can help you to protect your computer against malware.
I recommend to enable it. Have a look here:
http://windows.microsoft.com/en-us/windows-vista/Turn-User-Account-Control-on-or-off





Step 4
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.





Step 5
Your version of Adobe Flash Player is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow the next steps to update your Adobe Flash components:
  • Please visit the following site from Adobe
  • Choose your operating system and your browser ("Internet Explorer" or "other" for Firefox for example)
  • Please download the latest version to your Desktop.
  • Double click the file to start the installation process.
Adobe Flash Player is up to date now!





Step 6
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.





Step 7
To protect your computer from similar infections in the future, I recommend a couple of useful programs, including a few tips:


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiMalware Program
A highly recommended and free Anti-Malware program is Malwarebytes' Anti-Malware.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiMalware program on a regular basis just as you would an antivirus software.


Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.





Step 8
Please give me a short notice, when you're done and have no more questions, so I can delete the topic from my subscriptions.
Regards,
M-K-D-B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users