Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win64 sirefefy


  • This topic is locked This topic is locked
26 replies to this topic

#1 deejen

deejen

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 July 2012 - 01:12 PM

I have win 7 64, mse. When I got up my mse was not working and the computer keeps saying its going to restart. I maggaged to reinstall mse but now it says I have win64 sirefefy and the computer needs to restart . I cant do anything because it wont stop restarting does the same thing in safemode with and without network.

Edited by Budapest, 09 July 2012 - 03:57 AM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:15 AM

Posted 09 July 2012 - 02:28 AM

Hello deejen and welcome to the forums!

Please Note: I've asked a moderator to move this thread over to the Malware Removal forum.

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running FRST

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

NEXT:




Running Search in FRST
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. FRST.txt log file.
3. Search.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 08:29 AM

Hi can I save Fabar to a disk

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:15 AM

Posted 12 July 2012 - 08:42 AM

Hi!

It'd be best to put it on a USB drive and use it that way.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 01:00 PM

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 12-07-2012 12:37:55
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [HPADVISOR] [x]
HKU\Dolores\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Services (Whitelisted) ======

2 aftservice; C:\Program Files (x86)\Automated Feedback Tool\v6.1.608.0\aftservice.exe [249448 2012-05-14] (Synovate)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2009-08-14] (Alcatel-Lucent)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]

========================== Drivers (Whitelisted) =============

3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339744 2009-07-30] (NVIDIA Corporation)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 PcdrNdisuio; C:\Windows\SysWow64\drivers\pcdrndisuio.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-12 12:37 - 2012-07-12 12:37 - 00000000 ____D C:\FRST
2012-07-12 04:59 - 2012-07-12 04:59 - 00000000 ____D C:\Users\Dolores\AppData\Local\{89C01355-669A-45E6-ADD5-37EB3AA3E925}
2012-07-12 04:58 - 2012-07-12 04:59 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DC6C9906-C377-4D20-970F-113127B64152}
2012-07-12 04:08 - 2012-07-12 04:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-11 16:58 - 2012-07-11 16:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E43EEC50-040E-4E95-99F0-E4EA907E3890}
2012-07-11 16:58 - 2012-07-11 16:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5D123FE2-E30B-4D2E-BA17-933EB533232E}
2012-07-11 09:27 - 2012-07-12 09:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 04:58 - 2012-07-11 04:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{54CA94BD-3CD9-4CA0-AD8B-6C922F72E657}
2012-07-11 04:57 - 2012-07-11 04:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{22CEDE57-CDE9-41DA-B383-285B4BA9D595}
2012-07-11 04:42 - 2012-07-11 04:42 - 00001119 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 04:41 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-11 04:09 - 2012-07-11 04:09 - 00142658 ____A C:\ComboFix.txt
2012-07-11 03:10 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-11 03:09 - 2012-07-11 03:09 - 04576342 ____R (Swearware) C:\Users\Dolores\Desktop\ComboFix.exe
2012-07-11 00:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 00:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 17:05 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:05 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:05 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:05 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:05 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:05 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:05 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:05 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:05 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 17:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 17:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 11:53 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-10 11:53 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-10 11:53 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-10 11:53 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-10 11:53 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-10 11:53 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-10 11:53 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-10 11:53 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-10 11:53 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-07-10 09:04 - 2012-07-10 14:49 - 00000000 ____D C:\Users\Dolores\AppData\Local\{453001B5-CAB1-11E1-8270-B8AC6F996F26}
2012-07-10 08:44 - 2012-07-10 08:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{EC085E28-66A1-4CE0-B48E-D61D09ADC12A}
2012-07-10 08:43 - 2012-07-10 08:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{94984A08-A113-4259-974E-D2B334977186}
2012-07-09 20:43 - 2012-07-09 20:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5D6B519F-AB79-407E-BF71-AA30671CDD4C}
2012-07-09 20:43 - 2012-07-09 20:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{212B0DEB-8C5C-497B-9730-9652FA81F116}
2012-07-09 08:43 - 2012-07-09 08:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7847B41F-8D25-4688-A7D7-E65508B715AF}
2012-07-09 08:42 - 2012-07-09 08:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{FE6E66DF-4769-4FB9-9E02-A39F40104A11}
2012-07-08 19:56 - 2012-07-08 19:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E648137D-0A75-4731-A9BE-ACF2084B3C25}
2012-07-08 19:56 - 2012-07-08 19:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{BA03A402-8A46-488E-8008-8F66CF2FF90B}
2012-07-08 18:33 - 2012-07-11 04:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-08 18:33 - 2012-07-08 18:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-08 07:55 - 2012-07-08 07:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E06EE812-2F8E-477E-B986-CD68E78A0888}
2012-07-08 07:55 - 2012-07-08 07:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{CA58F3D3-A803-4074-BA57-F8D53BC0C299}
2012-07-07 19:44 - 2012-07-07 19:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E6E1CFA6-50A6-4121-9339-494D41955713}
2012-07-07 19:44 - 2012-07-07 19:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{D15AE9EC-0318-4DDA-A896-5561675B2B45}
2012-07-07 07:44 - 2012-07-07 07:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F2692DB6-40AD-4720-9B7B-2A8D0AE62B7C}
2012-07-07 07:44 - 2012-07-07 07:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{0EBE17DC-2D35-4B8F-B1C4-BC8C18FD5551}
2012-07-06 15:20 - 2012-07-06 15:20 - 00000000 ____D C:\Users\Dolores\AppData\Local\{13EB8B60-4EFE-431F-A590-FAC1D9A55EB8}
2012-07-06 15:20 - 2012-07-06 15:20 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1301F28E-3B8B-478E-937D-DE2FB0899610}
2012-07-06 03:19 - 2012-07-06 03:19 - 00000000 ____D C:\Users\Dolores\AppData\Local\{FA704D62-4EA8-4A6B-8CC3-00DB076418EC}
2012-07-06 03:19 - 2012-07-06 03:19 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E327E7D5-85DA-4670-AE52-1C67CE20BDD4}
2012-07-05 15:09 - 2012-07-05 15:10 - 00000000 ____D C:\Users\Dolores\AppData\Local\{70B2CB55-C097-4783-9ACB-834371DE453E}
2012-07-05 15:09 - 2012-07-05 15:09 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1FE677D1-A6A5-4513-B71D-E20CC8E848E8}
2012-07-05 03:09 - 2012-07-05 03:09 - 00000000 ____D C:\Users\Dolores\AppData\Local\{9DCAB10C-88CD-4C8C-83CE-7CD837023648}
2012-07-05 03:09 - 2012-07-05 03:09 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7E3828F8-38ED-4235-84E8-5FBC420B74D3}
2012-07-04 12:31 - 2012-07-04 12:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C97DD7C9-1B5F-491F-84CE-499302CDA0EE}
2012-07-03 20:53 - 2012-07-03 20:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{AF193250-1700-4300-B13A-F3D757C360FA}
2012-07-03 20:53 - 2012-07-03 20:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DB3668DA-6549-4C7E-B982-A781777BFA9E}
2012-07-03 08:53 - 2012-07-03 08:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F13D2260-70B0-4F6D-9EE9-E2290DC71EEC}
2012-07-03 08:53 - 2012-07-03 08:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8047A304-85ED-4D97-AA5D-A8FA9BDC5DC2}
2012-07-02 20:53 - 2012-07-02 20:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8A836E64-2A74-4714-8469-5A3FD1C1093A}
2012-07-02 20:52 - 2012-07-02 20:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C4091BE5-9D5D-453A-B5AB-37290E5C195A}
2012-07-02 08:52 - 2012-07-02 08:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F8577C77-AFE9-45CA-B083-4D723272ED00}
2012-07-02 08:52 - 2012-07-02 08:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{940ABEBF-2783-4415-8DEA-AA293D3B25A4}
2012-07-01 20:52 - 2012-07-01 20:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{722077B4-0C2D-4ACE-8644-22D352CB2257}
2012-07-01 20:51 - 2012-07-01 20:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{B4E16095-1C33-445D-8A07-A7A5BE5ABBA1}
2012-07-01 08:51 - 2012-07-01 08:51 - 00000000 ____D C:\Users\Dolores\AppData\Local\{513DEE3B-BEAB-4D6C-A54A-F58D4DD58686}
2012-07-01 08:51 - 2012-07-01 08:51 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1BB92FF3-9CEE-4CA1-8684-B3A58664845E}
2012-06-30 20:50 - 2012-06-30 20:50 - 00000000 ____D C:\Users\Dolores\AppData\Local\{D2F3DBDF-6703-40F2-91ED-7145FC29A6D9}
2012-06-30 20:50 - 2012-06-30 20:50 - 00000000 ____D C:\Users\Dolores\AppData\Local\{A00DF1C9-971D-45E8-A4BF-21FC926C79AA}
2012-06-30 07:21 - 2012-06-30 07:21 - 00000000 ____D C:\Users\Dolores\AppData\Local\{3C9A833E-80DC-4FA0-9CD7-B54DF3CDAA1F}
2012-06-30 07:20 - 2012-06-30 07:21 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8A29C7C4-AFB5-4AE5-9DC4-3320BDE5C81C}
2012-06-29 14:55 - 2012-06-29 14:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{B0170F2F-5FC0-4F7C-A2D4-D23A4A68BEDA}
2012-06-29 14:54 - 2012-06-29 14:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{75998695-5B73-4842-B3B2-A9B538A8A4DC}
2012-06-29 02:54 - 2012-06-29 02:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E8E5CDA6-765E-4418-8227-6FC319616B5A}
2012-06-29 02:54 - 2012-06-29 02:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5E591856-5460-439C-9086-B7C8F467ABD1}
2012-06-28 09:55 - 2012-06-28 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2FBD5222-AA7C-4222-AF8E-8F89D9C48202}
2012-06-28 09:55 - 2012-06-28 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2DF77957-8961-4CAB-BDEA-E5076C151941}
2012-06-27 21:54 - 2012-06-27 21:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{9D8A7CBD-5B1E-41B0-A270-A6D2637273B6}
2012-06-27 21:54 - 2012-06-27 21:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{A71E1280-AACD-4695-8591-8649A55EE54A}
2012-06-27 09:54 - 2012-06-27 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C1AE873C-F74C-4EFD-8AD6-A791238D63B2}
2012-06-27 09:54 - 2012-06-27 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{064224EE-8A66-4108-9043-E139E6D30039}
2012-06-26 21:53 - 2012-06-26 21:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{41ED55EB-D228-44F5-AA62-B339357D100F}
2012-06-26 21:53 - 2012-06-26 21:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2C134AA5-5818-434B-8A28-75E3D4454C76}
2012-06-26 09:56 - 2012-06-26 09:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F15AF3ED-FF05-4720-988D-3415049B9697}
2012-06-25 21:56 - 2012-06-25 21:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{69242CB0-AF04-48E7-BB79-9DDFC2DFBA94}
2012-06-25 21:56 - 2012-06-25 21:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{24270D4E-098B-41A2-A579-5211EAB34F83}
2012-06-25 09:55 - 2012-06-25 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{475D02CB-828B-4FB8-BCEA-5BE48E6598A0}
2012-06-25 09:55 - 2012-06-25 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{277F058C-FCDD-4626-8EC3-A58A6CFB3071}
2012-06-24 21:55 - 2012-06-24 21:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DD2E66E0-47C7-4723-BC55-3185AC5D38E2}
2012-06-24 21:54 - 2012-06-24 21:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C70C0225-434C-4CF2-BA76-CA9B74DA04E8}
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7BC5C629-A6FE-4DC7-8CA2-27EDEDA76400}
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{77CB71F0-05EC-4BC9-AAA0-5163BD69AD03}
2012-06-23 21:54 - 2012-06-23 21:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{535C38BA-BF2C-47F3-862D-DC04D5480786}
2012-06-23 21:53 - 2012-06-23 21:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{79AA9A6B-0330-4101-B4B6-8F1EA8076FAB}
2012-06-23 09:53 - 2012-06-23 09:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C8E401F8-A699-4DE6-81D9-25C4BEFBB511}
2012-06-23 09:53 - 2012-06-23 09:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{728EB7FA-B8D7-4234-94C1-9F692A69BB38}
2012-06-22 20:39 - 2012-06-22 20:39 - 00000000 ____D C:\Users\Dolores\AppData\Local\{CAEB4545-232E-487E-873E-F55B6F3DA4D6}
2012-06-22 20:39 - 2012-06-22 20:39 - 00000000 ____D C:\Users\Dolores\AppData\Local\{416812D5-3613-4909-8EB4-A661E3FB5345}
2012-06-22 08:31 - 2012-06-22 08:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{9B4191ED-6A67-4814-8149-D9D1AD27CC02}
2012-06-22 08:31 - 2012-06-22 08:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{50D57F47-54E6-49C3-9D86-AA4C2A139C36}
2012-06-21 20:31 - 2012-06-21 20:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{BAB14641-2D22-4D3B-9BA5-17DEE3DE2174}
2012-06-21 20:30 - 2012-06-21 20:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{81EF028D-677F-4EAD-9762-21B2C72E2C7C}
2012-06-21 08:30 - 2012-06-21 08:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F3AA26CD-11A0-4582-AB39-D57AA86E6A3C}
2012-06-21 08:30 - 2012-06-21 08:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2EBF7613-9AC6-40CC-8CEC-BAA330F2DC42}
2012-06-20 20:30 - 2012-06-20 20:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E07FE22E-F2CC-4691-AC16-D1B469333478}
2012-06-20 20:29 - 2012-06-20 20:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{4F11A0EE-AC87-4B9B-81E4-ECA57C8A212C}
2012-06-20 08:29 - 2012-06-20 08:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{6AF76532-3187-4994-B26E-33FAE34B430E}
2012-06-20 08:29 - 2012-06-20 08:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{08057CB5-4093-47AD-81A1-F4276296A0BF}
2012-06-19 20:29 - 2012-06-19 20:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{A2BDECBE-6CF3-487E-B55E-E9E17C49A180}
2012-06-19 20:28 - 2012-06-19 20:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C59D83E3-4698-43E5-8A18-BFB64C9835C7}
2012-06-19 08:28 - 2012-06-19 08:28 - 00000000 ____D C:\Users\Dolores\AppData\Local\{882D0750-A163-46B9-8C74-A9BF2C1E402B}
2012-06-19 08:28 - 2012-06-19 08:28 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5294B141-9B79-4029-8A44-084D8E268CEF}
2012-06-18 20:27 - 2012-06-18 20:28 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7A7A9C6B-3CC4-457D-9B1E-43282337F577}
2012-06-18 20:27 - 2012-06-18 20:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1BBE4A8A-9481-4A0A-A045-13EAA41D8B29}
2012-06-18 08:27 - 2012-06-18 08:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2CD70979-21ED-479B-9104-6DF425C17B05}
2012-06-17 20:27 - 2012-06-17 20:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C7EDE23F-8C94-4011-854B-884F15BED48E}
2012-06-17 08:26 - 2012-06-17 08:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{CE32A416-1E9B-48F8-A57C-1BFFB21E3527}
2012-06-16 20:26 - 2012-06-16 20:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{BF7F6152-897E-4D08-BF5F-393577274655}
2012-06-16 08:26 - 2012-06-16 08:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8FC30F6A-8C72-421E-ABCC-8ED9DFC53597}
2012-06-15 20:26 - 2012-06-15 20:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C711A42D-9321-4AC3-B385-B600A7F729C0}
2012-06-15 08:26 - 2012-06-15 08:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{0553D990-2BA8-4AE2-9E29-2AE60F38F053}
2012-06-14 20:25 - 2012-06-14 20:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{525D38E0-9BA8-4E6E-BDA4-ED40EF346671}
2012-06-14 13:19 - 2012-06-14 13:14 - 00004592 ____A C:\Users\Dolores\Documents\cc_20120614_161436.reg
2012-06-14 13:19 - 2012-06-03 08:12 - 00017972 ____A C:\Users\Dolores\Documents\cc_20120603_111219.reg
2012-06-14 08:25 - 2012-06-14 08:25 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DF23AFF2-370C-4286-8ED3-11E1623D450A}
2012-06-14 08:25 - 2012-06-14 08:25 - 00000000 ____D C:\Users\Dolores\AppData\Local\{93427D10-ACB5-4F0C-B311-6483CC24AC00}
2012-06-13 20:24 - 2012-06-13 20:25 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C7580241-BBDC-49CA-A069-C12022C6AED1}
2012-06-13 20:24 - 2012-06-13 20:24 - 00000000 ____D C:\Users\Dolores\AppData\Local\{FEC154A6-5C30-4EEF-89ED-52EF2F450AD0}
2012-06-13 19:20 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 19:20 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 19:20 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 19:20 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 19:20 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 19:20 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 19:20 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 19:20 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 19:20 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 19:20 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 19:20 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 19:20 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 19:20 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 19:20 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 19:20 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 19:20 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 19:10 - 2012-06-13 19:11 - 00292456 ____A C:\Windows\Minidump\061312-18782-01.dmp
2012-06-13 08:24 - 2012-06-13 08:24 - 00000000 ____D C:\Users\Dolores\AppData\Local\{34E62A2B-37DA-4509-B6A9-1D3AA31703E6}
2012-06-13 08:23 - 2012-06-13 08:24 - 00000000 ____D C:\Users\Dolores\AppData\Local\{B7005AF1-7F31-4550-A30D-A7A36D13A0D5}
2012-06-12 20:23 - 2012-06-12 20:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{EC3E9938-7FFC-4EFB-B7F2-9A8550E904C9}
2012-06-12 20:23 - 2012-06-12 20:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{4D7D6FD2-9A3F-413D-8995-CA34E5FD9C78}
2012-06-12 08:23 - 2012-06-12 08:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E4B6B689-4555-4D8B-8E55-50B76DF7FEAA}
2012-06-12 08:23 - 2012-06-12 08:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C7E1A91A-07B6-4231-B3C5-D10ED50AA5A5}

============ 3 Months Modified Files ========================

2012-07-12 09:25 - 2009-09-15 19:42 - 01139972 ____A C:\Windows\WindowsUpdate.log
2012-07-12 09:18 - 2009-07-13 21:13 - 00745260 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 09:12 - 2012-07-11 09:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 05:21 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 05:21 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 05:14 - 2012-04-14 13:25 - 00001680 ____A C:\Windows\setupact.log
2012-07-12 05:14 - 2011-08-26 19:48 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-12 05:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 05:13 - 2012-05-08 11:46 - 00006722 ____A C:\Windows\PFRO.log
2012-07-12 03:14 - 2011-11-09 10:08 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-12 03:14 - 2009-12-26 19:11 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-11 10:25 - 2012-04-30 03:35 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 10:25 - 2011-11-03 16:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 04:42 - 2012-07-11 04:42 - 00001119 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 04:09 - 2012-07-11 04:09 - 00142658 ____A C:\ComboFix.txt
2012-07-11 03:30 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-11 03:09 - 2012-07-11 03:09 - 04576342 ____R (Swearware) C:\Users\Dolores\Desktop\ComboFix.exe
2012-07-11 00:24 - 2009-07-13 20:45 - 00330728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:23 - 2011-02-02 10:25 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForDolores.job
2012-07-11 00:02 - 2009-12-19 14:38 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-17 09:04 - 2011-01-27 05:52 - 00002086 ____A C:\Windows\epplauncher.mif
2012-06-17 07:46 - 2009-12-19 14:45 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-06-14 13:14 - 2012-06-14 13:19 - 00004592 ____A C:\Users\Dolores\Documents\cc_20120614_161436.reg
2012-06-13 19:11 - 2012-06-13 19:10 - 00292456 ____A C:\Windows\Minidump\061312-18782-01.dmp
2012-06-13 19:10 - 2012-06-07 13:29 - 309000998 ____A C:\Windows\MEMORY.DMP
2012-06-11 19:08 - 2012-07-11 00:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 17:05 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 17:05 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 09:50 - 2012-06-08 09:50 - 00000250 ____A C:\user.js
2012-06-07 13:29 - 2012-06-07 13:29 - 00292512 ____A C:\Windows\Minidump\060712-26364-01.dmp
2012-06-05 22:06 - 2012-07-10 17:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 17:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 17:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 17:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 17:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 17:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 08:12 - 2012-06-14 13:19 - 00017972 ____A C:\Users\Dolores\Documents\cc_20120603_111219.reg
2012-06-02 14:19 - 2012-07-10 11:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-10 11:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-10 11:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-10 11:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-10 11:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-07-10 11:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-10 11:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-07-10 11:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-07-10 11:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 00:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 00:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 17:05 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 17:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 17:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 17:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 17:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 17:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 17:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 17:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-23 04:42 - 2011-01-27 05:52 - 00758918 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-17 19:57 - 2009-07-13 18:34 - 60555264 ____A C:\Windows\System32\config\software.bak
2012-05-17 19:57 - 2009-07-13 18:34 - 15204352 ____A C:\Windows\System32\config\system.bak
2012-05-17 19:57 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-05-17 19:57 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-05-17 19:57 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\default.bak
2012-05-13 19:39 - 2012-05-13 19:39 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\64029051.sys
2012-05-12 15:47 - 2012-05-12 15:47 - 00607260 ____A (Swearware) C:\Users\Dolores\Downloads\dds.scr
2012-05-07 05:09 - 2012-05-07 05:09 - 00017408 ____A C:\Users\Dolores\AppData\Local\WebpageIcons.db
2012-05-04 03:06 - 2012-06-13 19:20 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 19:20 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 19:20 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 19:20 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 10:25 - 2012-04-30 10:25 - 00001839 ____A C:\Users\Public\Desktop\Opera.lnk
2012-04-29 17:02 - 2012-04-29 17:02 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-04-29 16:45 - 2012-04-29 16:46 - 00772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-29 16:45 - 2012-04-29 16:46 - 00227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-29 16:45 - 2012-04-29 16:45 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-04-29 16:45 - 2012-04-29 16:45 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-04-29 16:45 - 2010-08-20 20:56 - 00687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-27 19:55 - 2012-06-13 19:20 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 19:20 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 19:20 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 19:20 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 19:20 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 19:20 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 19:20 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 19:20 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 19:20 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 19:20 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 18:17 - 2010-01-24 18:38 - 00002412 ____A C:\Users\Dolores\AppData\Roaming\wklnhst.dat
2012-04-21 18:03 - 2012-04-21 18:03 - 00009728 ____A C:\Users\Dolores\Desktop\JennyBucchiResume.wps
2012-04-14 13:25 - 2012-04-14 13:25 - 00000000 ____A C:\Windows\setuperr.log
2012-04-14 08:33 - 2012-04-14 08:33 - 00000382 ____A C:\Windows\DirectX.log


ZeroAccess:
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\00000004.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\1afb2d56
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\201d3dde
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\00000004.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\00000008.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\000000cb.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000000.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000032.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000064.@

ZeroAccess:
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\@
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\L
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 2942.49 MB
Available physical RAM: 2248.68 MB
Total Pagefile: 2940.64 MB
Available Pagefile: 2240.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:406.29 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (Kodak) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 454 GB 101 MB
Partition 3 Primary 10 GB 454 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C COMPAQ NTFS Partition 454 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Kodak FAT Removable 1911 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 21:17

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 12:46:16
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\ERDNT\cache64\services.exe
[2012-05-08 11:50] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#6 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 01:02 PM

Well my antivirus has a big red x but its not restarting now

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:15 AM

Posted 12 July 2012 - 01:15 PM

Hi!

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [HPADVISOR] [x]
2012-07-12 04:59 - 2012-07-12 04:59 - 00000000 ____D C:\Users\Dolores\AppData\Local\{89C01355-669A-45E6-ADD5-37EB3AA3E925}
2012-07-12 04:58 - 2012-07-12 04:59 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DC6C9906-C377-4D20-970F-113127B64152}
2012-07-12 04:08 - 2012-07-12 04:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-11 16:58 - 2012-07-11 16:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E43EEC50-040E-4E95-99F0-E4EA907E3890}
2012-07-11 16:58 - 2012-07-11 16:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5D123FE2-E30B-4D2E-BA17-933EB533232E}
2012-07-11 04:58 - 2012-07-11 04:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{54CA94BD-3CD9-4CA0-AD8B-6C922F72E657}
2012-07-11 04:57 - 2012-07-11 04:58 - 00000000 ____D C:\Users\Dolores\AppData\Local\{22CEDE57-CDE9-41DA-B383-285B4BA9D595}
2012-07-10 09:04 - 2012-07-10 14:49 - 00000000 ____D C:\Users\Dolores\AppData\Local\{453001B5-CAB1-11E1-8270-B8AC6F996F26}
2012-07-10 08:44 - 2012-07-10 08:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{EC085E28-66A1-4CE0-B48E-D61D09ADC12A}
2012-07-10 08:43 - 2012-07-10 08:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{94984A08-A113-4259-974E-D2B334977186}
2012-07-09 20:43 - 2012-07-09 20:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5D6B519F-AB79-407E-BF71-AA30671CDD4C}
2012-07-09 20:43 - 2012-07-09 20:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{212B0DEB-8C5C-497B-9730-9652FA81F116}
2012-07-09 08:43 - 2012-07-09 08:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7847B41F-8D25-4688-A7D7-E65508B715AF}
2012-07-09 08:42 - 2012-07-09 08:43 - 00000000 ____D C:\Users\Dolores\AppData\Local\{FE6E66DF-4769-4FB9-9E02-A39F40104A11}
2012-07-08 19:56 - 2012-07-08 19:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E648137D-0A75-4731-A9BE-ACF2084B3C25}
2012-07-08 19:56 - 2012-07-08 19:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{BA03A402-8A46-488E-8008-8F66CF2FF90B}
2012-07-08 07:55 - 2012-07-08 07:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E06EE812-2F8E-477E-B986-CD68E78A0888}
2012-07-08 07:55 - 2012-07-08 07:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{CA58F3D3-A803-4074-BA57-F8D53BC0C299}
2012-07-07 19:44 - 2012-07-07 19:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E6E1CFA6-50A6-4121-9339-494D41955713}
2012-07-07 19:44 - 2012-07-07 19:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{D15AE9EC-0318-4DDA-A896-5561675B2B45}
2012-07-07 07:44 - 2012-07-07 07:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F2692DB6-40AD-4720-9B7B-2A8D0AE62B7C}
2012-07-07 07:44 - 2012-07-07 07:44 - 00000000 ____D C:\Users\Dolores\AppData\Local\{0EBE17DC-2D35-4B8F-B1C4-BC8C18FD5551}
2012-07-06 15:20 - 2012-07-06 15:20 - 00000000 ____D C:\Users\Dolores\AppData\Local\{13EB8B60-4EFE-431F-A590-FAC1D9A55EB8}
2012-07-06 15:20 - 2012-07-06 15:20 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1301F28E-3B8B-478E-937D-DE2FB0899610}
2012-07-06 03:19 - 2012-07-06 03:19 - 00000000 ____D C:\Users\Dolores\AppData\Local\{FA704D62-4EA8-4A6B-8CC3-00DB076418EC}
2012-07-06 03:19 - 2012-07-06 03:19 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E327E7D5-85DA-4670-AE52-1C67CE20BDD4}
2012-07-05 15:09 - 2012-07-05 15:10 - 00000000 ____D C:\Users\Dolores\AppData\Local\{70B2CB55-C097-4783-9ACB-834371DE453E}
2012-07-05 15:09 - 2012-07-05 15:09 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1FE677D1-A6A5-4513-B71D-E20CC8E848E8}
2012-07-05 03:09 - 2012-07-05 03:09 - 00000000 ____D C:\Users\Dolores\AppData\Local\{9DCAB10C-88CD-4C8C-83CE-7CD837023648}
2012-07-05 03:09 - 2012-07-05 03:09 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7E3828F8-38ED-4235-84E8-5FBC420B74D3}
2012-07-04 12:31 - 2012-07-04 12:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C97DD7C9-1B5F-491F-84CE-499302CDA0EE}
2012-07-03 20:53 - 2012-07-03 20:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{AF193250-1700-4300-B13A-F3D757C360FA}
2012-07-03 20:53 - 2012-07-03 20:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DB3668DA-6549-4C7E-B982-A781777BFA9E}
2012-07-03 08:53 - 2012-07-03 08:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F13D2260-70B0-4F6D-9EE9-E2290DC71EEC}
2012-07-03 08:53 - 2012-07-03 08:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8047A304-85ED-4D97-AA5D-A8FA9BDC5DC2}
2012-07-02 20:53 - 2012-07-02 20:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8A836E64-2A74-4714-8469-5A3FD1C1093A}
2012-07-02 20:52 - 2012-07-02 20:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C4091BE5-9D5D-453A-B5AB-37290E5C195A}
2012-07-02 08:52 - 2012-07-02 08:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F8577C77-AFE9-45CA-B083-4D723272ED00}
2012-07-02 08:52 - 2012-07-02 08:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{940ABEBF-2783-4415-8DEA-AA293D3B25A4}
2012-07-01 20:52 - 2012-07-01 20:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{722077B4-0C2D-4ACE-8644-22D352CB2257}
2012-07-01 20:51 - 2012-07-01 20:52 - 00000000 ____D C:\Users\Dolores\AppData\Local\{B4E16095-1C33-445D-8A07-A7A5BE5ABBA1}
2012-07-01 08:51 - 2012-07-01 08:51 - 00000000 ____D C:\Users\Dolores\AppData\Local\{513DEE3B-BEAB-4D6C-A54A-F58D4DD58686}
2012-07-01 08:51 - 2012-07-01 08:51 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1BB92FF3-9CEE-4CA1-8684-B3A58664845E}
2012-06-30 20:50 - 2012-06-30 20:50 - 00000000 ____D C:\Users\Dolores\AppData\Local\{D2F3DBDF-6703-40F2-91ED-7145FC29A6D9}
2012-06-30 20:50 - 2012-06-30 20:50 - 00000000 ____D C:\Users\Dolores\AppData\Local\{A00DF1C9-971D-45E8-A4BF-21FC926C79AA}
2012-06-30 07:21 - 2012-06-30 07:21 - 00000000 ____D C:\Users\Dolores\AppData\Local\{3C9A833E-80DC-4FA0-9CD7-B54DF3CDAA1F}
2012-06-30 07:20 - 2012-06-30 07:21 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8A29C7C4-AFB5-4AE5-9DC4-3320BDE5C81C}
2012-06-29 14:55 - 2012-06-29 14:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{B0170F2F-5FC0-4F7C-A2D4-D23A4A68BEDA}
2012-06-29 14:54 - 2012-06-29 14:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{75998695-5B73-4842-B3B2-A9B538A8A4DC}
2012-06-29 02:54 - 2012-06-29 02:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E8E5CDA6-765E-4418-8227-6FC319616B5A}
2012-06-29 02:54 - 2012-06-29 02:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5E591856-5460-439C-9086-B7C8F467ABD1}
2012-06-28 09:55 - 2012-06-28 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2FBD5222-AA7C-4222-AF8E-8F89D9C48202}
2012-06-28 09:55 - 2012-06-28 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2DF77957-8961-4CAB-BDEA-E5076C151941}
2012-06-27 21:54 - 2012-06-27 21:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{9D8A7CBD-5B1E-41B0-A270-A6D2637273B6}
2012-06-27 21:54 - 2012-06-27 21:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{A71E1280-AACD-4695-8591-8649A55EE54A}
2012-06-27 09:54 - 2012-06-27 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C1AE873C-F74C-4EFD-8AD6-A791238D63B2}
2012-06-27 09:54 - 2012-06-27 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{064224EE-8A66-4108-9043-E139E6D30039}
2012-06-26 21:53 - 2012-06-26 21:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{41ED55EB-D228-44F5-AA62-B339357D100F}
2012-06-26 21:53 - 2012-06-26 21:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2C134AA5-5818-434B-8A28-75E3D4454C76}
2012-06-26 09:56 - 2012-06-26 09:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F15AF3ED-FF05-4720-988D-3415049B9697}
2012-06-25 21:56 - 2012-06-25 21:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{69242CB0-AF04-48E7-BB79-9DDFC2DFBA94}
2012-06-25 21:56 - 2012-06-25 21:56 - 00000000 ____D C:\Users\Dolores\AppData\Local\{24270D4E-098B-41A2-A579-5211EAB34F83}
2012-06-25 09:55 - 2012-06-25 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{475D02CB-828B-4FB8-BCEA-5BE48E6598A0}
2012-06-25 09:55 - 2012-06-25 09:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{277F058C-FCDD-4626-8EC3-A58A6CFB3071}
2012-06-24 21:55 - 2012-06-24 21:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DD2E66E0-47C7-4723-BC55-3185AC5D38E2}
2012-06-24 21:54 - 2012-06-24 21:55 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C70C0225-434C-4CF2-BA76-CA9B74DA04E8}
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7BC5C629-A6FE-4DC7-8CA2-27EDEDA76400}
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{77CB71F0-05EC-4BC9-AAA0-5163BD69AD03}
2012-06-23 21:54 - 2012-06-23 21:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{535C38BA-BF2C-47F3-862D-DC04D5480786}
2012-06-23 21:53 - 2012-06-23 21:54 - 00000000 ____D C:\Users\Dolores\AppData\Local\{79AA9A6B-0330-4101-B4B6-8F1EA8076FAB}
2012-06-23 09:53 - 2012-06-23 09:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C8E401F8-A699-4DE6-81D9-25C4BEFBB511}
2012-06-23 09:53 - 2012-06-23 09:53 - 00000000 ____D C:\Users\Dolores\AppData\Local\{728EB7FA-B8D7-4234-94C1-9F692A69BB38}
2012-06-22 20:39 - 2012-06-22 20:39 - 00000000 ____D C:\Users\Dolores\AppData\Local\{CAEB4545-232E-487E-873E-F55B6F3DA4D6}
2012-06-22 20:39 - 2012-06-22 20:39 - 00000000 ____D C:\Users\Dolores\AppData\Local\{416812D5-3613-4909-8EB4-A661E3FB5345}
2012-06-22 08:31 - 2012-06-22 08:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{9B4191ED-6A67-4814-8149-D9D1AD27CC02}
2012-06-22 08:31 - 2012-06-22 08:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{50D57F47-54E6-49C3-9D86-AA4C2A139C36}
2012-06-21 20:31 - 2012-06-21 20:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{BAB14641-2D22-4D3B-9BA5-17DEE3DE2174}
2012-06-21 20:30 - 2012-06-21 20:31 - 00000000 ____D C:\Users\Dolores\AppData\Local\{81EF028D-677F-4EAD-9762-21B2C72E2C7C}
2012-06-21 08:30 - 2012-06-21 08:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{F3AA26CD-11A0-4582-AB39-D57AA86E6A3C}
2012-06-21 08:30 - 2012-06-21 08:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2EBF7613-9AC6-40CC-8CEC-BAA330F2DC42}
2012-06-20 20:30 - 2012-06-20 20:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E07FE22E-F2CC-4691-AC16-D1B469333478}
2012-06-20 20:29 - 2012-06-20 20:30 - 00000000 ____D C:\Users\Dolores\AppData\Local\{4F11A0EE-AC87-4B9B-81E4-ECA57C8A212C}
2012-06-20 08:29 - 2012-06-20 08:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{6AF76532-3187-4994-B26E-33FAE34B430E}
2012-06-20 08:29 - 2012-06-20 08:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{08057CB5-4093-47AD-81A1-F4276296A0BF}
2012-06-19 20:29 - 2012-06-19 20:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{A2BDECBE-6CF3-487E-B55E-E9E17C49A180}
2012-06-19 20:28 - 2012-06-19 20:29 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C59D83E3-4698-43E5-8A18-BFB64C9835C7}
2012-06-19 08:28 - 2012-06-19 08:28 - 00000000 ____D C:\Users\Dolores\AppData\Local\{882D0750-A163-46B9-8C74-A9BF2C1E402B}
2012-06-19 08:28 - 2012-06-19 08:28 - 00000000 ____D C:\Users\Dolores\AppData\Local\{5294B141-9B79-4029-8A44-084D8E268CEF}
2012-06-18 20:27 - 2012-06-18 20:28 - 00000000 ____D C:\Users\Dolores\AppData\Local\{7A7A9C6B-3CC4-457D-9B1E-43282337F577}
2012-06-18 20:27 - 2012-06-18 20:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{1BBE4A8A-9481-4A0A-A045-13EAA41D8B29}
2012-06-18 08:27 - 2012-06-18 08:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{2CD70979-21ED-479B-9104-6DF425C17B05}
2012-06-17 20:27 - 2012-06-17 20:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C7EDE23F-8C94-4011-854B-884F15BED48E}
2012-06-17 08:26 - 2012-06-17 08:27 - 00000000 ____D C:\Users\Dolores\AppData\Local\{CE32A416-1E9B-48F8-A57C-1BFFB21E3527}
2012-06-16 20:26 - 2012-06-16 20:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{BF7F6152-897E-4D08-BF5F-393577274655}
2012-06-16 08:26 - 2012-06-16 08:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{8FC30F6A-8C72-421E-ABCC-8ED9DFC53597}
2012-06-15 20:26 - 2012-06-15 20:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C711A42D-9321-4AC3-B385-B600A7F729C0}
2012-06-15 08:26 - 2012-06-15 08:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{0553D990-2BA8-4AE2-9E29-2AE60F38F053}
2012-06-14 20:25 - 2012-06-14 20:26 - 00000000 ____D C:\Users\Dolores\AppData\Local\{525D38E0-9BA8-4E6E-BDA4-ED40EF346671}
2012-06-14 08:25 - 2012-06-14 08:25 - 00000000 ____D C:\Users\Dolores\AppData\Local\{DF23AFF2-370C-4286-8ED3-11E1623D450A}
2012-06-14 08:25 - 2012-06-14 08:25 - 00000000 ____D C:\Users\Dolores\AppData\Local\{93427D10-ACB5-4F0C-B311-6483CC24AC00}
2012-06-13 20:24 - 2012-06-13 20:25 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C7580241-BBDC-49CA-A069-C12022C6AED1}
2012-06-13 20:24 - 2012-06-13 20:24 - 00000000 ____D C:\Users\Dolores\AppData\Local\{FEC154A6-5C30-4EEF-89ED-52EF2F450AD0}
2012-06-13 08:24 - 2012-06-13 08:24 - 00000000 ____D C:\Users\Dolores\AppData\Local\{34E62A2B-37DA-4509-B6A9-1D3AA31703E6}
2012-06-13 08:23 - 2012-06-13 08:24 - 00000000 ____D C:\Users\Dolores\AppData\Local\{B7005AF1-7F31-4550-A30D-A7A36D13A0D5}
2012-06-12 20:23 - 2012-06-12 20:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{EC3E9938-7FFC-4EFB-B7F2-9A8550E904C9}
2012-06-12 20:23 - 2012-06-12 20:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{4D7D6FD2-9A3F-413D-8995-CA34E5FD9C78}
2012-06-12 08:23 - 2012-06-12 08:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{E4B6B689-4555-4D8B-8E55-50B76DF7FEAA}
2012-06-12 08:23 - 2012-06-12 08:23 - 00000000 ____D C:\Users\Dolores\AppData\Local\{C7E1A91A-07B6-4231-B3C5-D10ED50AA5A5}
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\00000004.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\1afb2d56
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\201d3dde
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\00000004.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\00000008.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\000000cb.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000000.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000032.@
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000064.@
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\@
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\L
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


--------------

Then run the following scans:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. FRST fix log.
3. TDSSKiller log.
4. Farbar Service Scanner log.
5. OTL.txt & Extras.txt logs.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 02:09 PM

how do i copy to same folder as frst64

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:15 AM

Posted 12 July 2012 - 02:21 PM

You'll want to place it on the USB device where the FRST utility is stored, and then run the fix.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 02:43 PM

1st step

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 14:29:25 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelliPoint Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\hpsysdrv Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdatePRCShortCut Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Microsoft Default Manager Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware Value deleted successfully.
HKEY_USERS\Default\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR Value deleted successfully.
HKEY_USERS\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR Value not found.
HKEY_USERS\Dolores\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\DhcpNameServer Value deleted successfully.
C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk moved successfully.
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe moved successfully.
aftservice service deleted successfully.
MBAMService service deleted successfully.
McciCMService64 service deleted successfully.
NisSrv service deleted successfully.
nosGetPlusHelper service deleted successfully.
cpudrv64 service deleted successfully.
MBAMProtector service deleted successfully.
NVNET service deleted successfully.
MREMP50a64 service deleted successfully.
MREMPR5 service deleted successfully.
MRENDIS5 service deleted successfully.
MRESP50a64 service deleted successfully.
PcdrNdisuio service deleted successfully.
Could not move C:\FRST.
C:\Users\Dolores\AppData\Local\{89C01355-669A-45E6-ADD5-37EB3AA3E925} moved successfully.
C:\Users\Dolores\AppData\Local\{DC6C9906-C377-4D20-970F-113127B64152} moved successfully.
C:\Windows\SysWOW64\%APPDATA% moved successfully.
C:\Users\Dolores\AppData\Local\{E43EEC50-040E-4E95-99F0-E4EA907E3890} moved successfully.
C:\Users\Dolores\AppData\Local\{5D123FE2-E30B-4D2E-BA17-933EB533232E} moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\Dolores\AppData\Local\{54CA94BD-3CD9-4CA0-AD8B-6C922F72E657} moved successfully.
C:\Users\Dolores\AppData\Local\{22CEDE57-CDE9-41DA-B383-285B4BA9D595} moved successfully.
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk moved successfully.
C:\Windows\System32\Drivers\mbam.sys moved successfully.
C:\ComboFix.txt moved successfully.
C:\Windows\NIRCMD.exe moved successfully.
C:\Users\Dolores\Desktop\ComboFix.exe moved successfully.
C:\Windows\System32\win32k.sys moved successfully.
C:\Windows\System32\mshtml.dll moved successfully.
C:\Windows\System32\ieframe.dll moved successfully.
C:\Windows\System32\jscript9.dll moved successfully.
C:\Windows\System32\wininet.dll moved successfully.
C:\Windows\System32\urlmon.dll moved successfully.
C:\Windows\System32\inetcpl.cpl moved successfully.
C:\Windows\System32\url.dll moved successfully.
C:\Windows\System32\jsproxy.dll moved successfully.
C:\Windows\System32\ieUnatt.exe moved successfully.
C:\Windows\System32\jscript.dll moved successfully.
C:\Windows\System32\iertutil.dll moved successfully.
C:\Windows\System32\mshtml.tlb moved successfully.
C:\Windows\System32\mshtmled.dll moved successfully.
C:\Windows\System32\ieui.dll moved successfully.
C:\Windows\SysWOW64\mshtml.dll moved successfully.
C:\Windows\SysWOW64\ieframe.dll moved successfully.
C:\Windows\SysWOW64\jscript9.dll moved successfully.
C:\Windows\SysWOW64\urlmon.dll moved successfully.
C:\Windows\SysWOW64\inetcpl.cpl moved successfully.
C:\Windows\SysWOW64\wininet.dll moved successfully.
C:\Windows\SysWOW64\url.dll moved successfully.
C:\Windows\SysWOW64\jsproxy.dll moved successfully.
C:\Windows\SysWOW64\ieUnatt.exe moved successfully.
C:\Windows\SysWOW64\iertutil.dll moved successfully.
C:\Windows\SysWOW64\jscript.dll moved successfully.
C:\Windows\SysWOW64\mshtmled.dll moved successfully.
C:\Windows\SysWOW64\mshtml.tlb moved successfully.
C:\Windows\SysWOW64\ieui.dll moved successfully.
C:\Windows\System32\shell32.dll moved successfully.
C:\Windows\SysWOW64\shell32.dll moved successfully.
C:\Windows\System32\msxml6.dll moved successfully.
C:\Windows\System32\msxml3.dll moved successfully.
C:\Windows\SysWOW64\msxml6.dll moved successfully.
C:\Windows\SysWOW64\msxml3.dll moved successfully.
C:\Windows\System32\Drivers\cng.sys moved successfully.
C:\Windows\System32\msxml3r.dll moved successfully.
C:\Windows\SysWOW64\msxml3r.dll moved successfully.
C:\Windows\System32\cdosys.dll moved successfully.
C:\Windows\SysWOW64\cdosys.dll moved successfully.
C:\Windows\System32\Drivers\ksecpkg.sys moved successfully.
C:\Windows\System32\Drivers\ksecdd.sys moved successfully.
C:\Windows\System32\schannel.dll moved successfully.
C:\Windows\System32\ncrypt.dll moved successfully.
C:\Windows\SysWOW64\schannel.dll moved successfully.
C:\Windows\SysWOW64\secur32.dll moved successfully.
C:\Windows\SysWOW64\ncrypt.dll moved successfully.
C:\Windows\SysWOW64\sspicli.dll moved successfully.
C:\Windows\System32\wuaueng.dll moved successfully.
C:\Windows\System32\wuapi.dll moved successfully.
C:\Windows\System32\wuauclt.exe moved successfully.
C:\Windows\System32\wups2.dll moved successfully.
C:\Windows\System32\wups.dll moved successfully.
C:\Windows\System32\wucltux.dll moved successfully.
C:\Windows\System32\wudriver.dll moved successfully.
C:\Windows\System32\wuwebv.dll moved successfully.
C:\Windows\System32\wuapp.exe moved successfully.
C:\Users\Dolores\AppData\Local\{453001B5-CAB1-11E1-8270-B8AC6F996F26} moved successfully.
C:\Users\Dolores\AppData\Local\{EC085E28-66A1-4CE0-B48E-D61D09ADC12A} moved successfully.
C:\Users\Dolores\AppData\Local\{94984A08-A113-4259-974E-D2B334977186} moved successfully.
C:\Users\Dolores\AppData\Local\{5D6B519F-AB79-407E-BF71-AA30671CDD4C} moved successfully.
C:\Users\Dolores\AppData\Local\{212B0DEB-8C5C-497B-9730-9652FA81F116} moved successfully.
C:\Users\Dolores\AppData\Local\{7847B41F-8D25-4688-A7D7-E65508B715AF} moved successfully.
C:\Users\Dolores\AppData\Local\{FE6E66DF-4769-4FB9-9E02-A39F40104A11} moved successfully.
C:\Users\Dolores\AppData\Local\{E648137D-0A75-4731-A9BE-ACF2084B3C25} moved successfully.
C:\Users\Dolores\AppData\Local\{BA03A402-8A46-488E-8008-8F66CF2FF90B} moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware moved successfully.
C:\Users\All Users\Malwarebytes moved successfully.
C:\Users\Dolores\AppData\Local\{E06EE812-2F8E-477E-B986-CD68E78A0888} moved successfully.
C:\Users\Dolores\AppData\Local\{CA58F3D3-A803-4074-BA57-F8D53BC0C299} moved successfully.
C:\Users\Dolores\AppData\Local\{E6E1CFA6-50A6-4121-9339-494D41955713} moved successfully.
C:\Users\Dolores\AppData\Local\{D15AE9EC-0318-4DDA-A896-5561675B2B45} moved successfully.
C:\Users\Dolores\AppData\Local\{F2692DB6-40AD-4720-9B7B-2A8D0AE62B7C} moved successfully.
C:\Users\Dolores\AppData\Local\{0EBE17DC-2D35-4B8F-B1C4-BC8C18FD5551} moved successfully.
C:\Users\Dolores\AppData\Local\{13EB8B60-4EFE-431F-A590-FAC1D9A55EB8} moved successfully.
C:\Users\Dolores\AppData\Local\{1301F28E-3B8B-478E-937D-DE2FB0899610} moved successfully.
C:\Users\Dolores\AppData\Local\{FA704D62-4EA8-4A6B-8CC3-00DB076418EC} moved successfully.
C:\Users\Dolores\AppData\Local\{E327E7D5-85DA-4670-AE52-1C67CE20BDD4} moved successfully.
C:\Users\Dolores\AppData\Local\{70B2CB55-C097-4783-9ACB-834371DE453E} moved successfully.
C:\Users\Dolores\AppData\Local\{1FE677D1-A6A5-4513-B71D-E20CC8E848E8} moved successfully.
C:\Users\Dolores\AppData\Local\{9DCAB10C-88CD-4C8C-83CE-7CD837023648} moved successfully.
C:\Users\Dolores\AppData\Local\{7E3828F8-38ED-4235-84E8-5FBC420B74D3} moved successfully.
C:\Users\Dolores\AppData\Local\{C97DD7C9-1B5F-491F-84CE-499302CDA0EE} moved successfully.
C:\Users\Dolores\AppData\Local\{AF193250-1700-4300-B13A-F3D757C360FA} moved successfully.
C:\Users\Dolores\AppData\Local\{DB3668DA-6549-4C7E-B982-A781777BFA9E} moved successfully.
C:\Users\Dolores\AppData\Local\{F13D2260-70B0-4F6D-9EE9-E2290DC71EEC} moved successfully.
C:\Users\Dolores\AppData\Local\{8047A304-85ED-4D97-AA5D-A8FA9BDC5DC2} moved successfully.
C:\Users\Dolores\AppData\Local\{8A836E64-2A74-4714-8469-5A3FD1C1093A} moved successfully.
C:\Users\Dolores\AppData\Local\{C4091BE5-9D5D-453A-B5AB-37290E5C195A} moved successfully.
C:\Users\Dolores\AppData\Local\{F8577C77-AFE9-45CA-B083-4D723272ED00} moved successfully.
C:\Users\Dolores\AppData\Local\{940ABEBF-2783-4415-8DEA-AA293D3B25A4} moved successfully.
C:\Users\Dolores\AppData\Local\{722077B4-0C2D-4ACE-8644-22D352CB2257} moved successfully.
C:\Users\Dolores\AppData\Local\{B4E16095-1C33-445D-8A07-A7A5BE5ABBA1} moved successfully.
C:\Users\Dolores\AppData\Local\{513DEE3B-BEAB-4D6C-A54A-F58D4DD58686} moved successfully.
C:\Users\Dolores\AppData\Local\{1BB92FF3-9CEE-4CA1-8684-B3A58664845E} moved successfully.
C:\Users\Dolores\AppData\Local\{D2F3DBDF-6703-40F2-91ED-7145FC29A6D9} moved successfully.
C:\Users\Dolores\AppData\Local\{A00DF1C9-971D-45E8-A4BF-21FC926C79AA} moved successfully.
C:\Users\Dolores\AppData\Local\{3C9A833E-80DC-4FA0-9CD7-B54DF3CDAA1F} moved successfully.
C:\Users\Dolores\AppData\Local\{8A29C7C4-AFB5-4AE5-9DC4-3320BDE5C81C} moved successfully.
C:\Users\Dolores\AppData\Local\{B0170F2F-5FC0-4F7C-A2D4-D23A4A68BEDA} moved successfully.
C:\Users\Dolores\AppData\Local\{75998695-5B73-4842-B3B2-A9B538A8A4DC} moved successfully.
C:\Users\Dolores\AppData\Local\{E8E5CDA6-765E-4418-8227-6FC319616B5A} moved successfully.
C:\Users\Dolores\AppData\Local\{5E591856-5460-439C-9086-B7C8F467ABD1} moved successfully.
C:\Users\Dolores\AppData\Local\{2FBD5222-AA7C-4222-AF8E-8F89D9C48202} moved successfully.
C:\Users\Dolores\AppData\Local\{2DF77957-8961-4CAB-BDEA-E5076C151941} moved successfully.
C:\Users\Dolores\AppData\Local\{9D8A7CBD-5B1E-41B0-A270-A6D2637273B6} moved successfully.
C:\Users\Dolores\AppData\Local\{A71E1280-AACD-4695-8591-8649A55EE54A} moved successfully.
C:\Users\Dolores\AppData\Local\{C1AE873C-F74C-4EFD-8AD6-A791238D63B2} moved successfully.
C:\Users\Dolores\AppData\Local\{064224EE-8A66-4108-9043-E139E6D30039} moved successfully.
C:\Users\Dolores\AppData\Local\{41ED55EB-D228-44F5-AA62-B339357D100F} moved successfully.
C:\Users\Dolores\AppData\Local\{2C134AA5-5818-434B-8A28-75E3D4454C76} moved successfully.
C:\Users\Dolores\AppData\Local\{F15AF3ED-FF05-4720-988D-3415049B9697} moved successfully.
C:\Users\Dolores\AppData\Local\{69242CB0-AF04-48E7-BB79-9DDFC2DFBA94} moved successfully.
C:\Users\Dolores\AppData\Local\{24270D4E-098B-41A2-A579-5211EAB34F83} moved successfully.
C:\Users\Dolores\AppData\Local\{475D02CB-828B-4FB8-BCEA-5BE48E6598A0} moved successfully.
C:\Users\Dolores\AppData\Local\{277F058C-FCDD-4626-8EC3-A58A6CFB3071} moved successfully.
C:\Users\Dolores\AppData\Local\{DD2E66E0-47C7-4723-BC55-3185AC5D38E2} moved successfully.
C:\Users\Dolores\AppData\Local\{C70C0225-434C-4CF2-BA76-CA9B74DA04E8} moved successfully.
C:\Users\Dolores\AppData\Local\{7BC5C629-A6FE-4DC7-8CA2-27EDEDA76400} moved successfully.
C:\Users\Dolores\AppData\Local\{77CB71F0-05EC-4BC9-AAA0-5163BD69AD03} moved successfully.
C:\Users\Dolores\AppData\Local\{535C38BA-BF2C-47F3-862D-DC04D5480786} moved successfully.
C:\Users\Dolores\AppData\Local\{79AA9A6B-0330-4101-B4B6-8F1EA8076FAB} moved successfully.
C:\Users\Dolores\AppData\Local\{C8E401F8-A699-4DE6-81D9-25C4BEFBB511} moved successfully.
C:\Users\Dolores\AppData\Local\{728EB7FA-B8D7-4234-94C1-9F692A69BB38} moved successfully.
C:\Users\Dolores\AppData\Local\{CAEB4545-232E-487E-873E-F55B6F3DA4D6} moved successfully.
C:\Users\Dolores\AppData\Local\{416812D5-3613-4909-8EB4-A661E3FB5345} moved successfully.
C:\Users\Dolores\AppData\Local\{9B4191ED-6A67-4814-8149-D9D1AD27CC02} moved successfully.
C:\Users\Dolores\AppData\Local\{50D57F47-54E6-49C3-9D86-AA4C2A139C36} moved successfully.
C:\Users\Dolores\AppData\Local\{BAB14641-2D22-4D3B-9BA5-17DEE3DE2174} moved successfully.
C:\Users\Dolores\AppData\Local\{81EF028D-677F-4EAD-9762-21B2C72E2C7C} moved successfully.
C:\Users\Dolores\AppData\Local\{F3AA26CD-11A0-4582-AB39-D57AA86E6A3C} moved successfully.
C:\Users\Dolores\AppData\Local\{2EBF7613-9AC6-40CC-8CEC-BAA330F2DC42} moved successfully.
C:\Users\Dolores\AppData\Local\{E07FE22E-F2CC-4691-AC16-D1B469333478} moved successfully.
C:\Users\Dolores\AppData\Local\{4F11A0EE-AC87-4B9B-81E4-ECA57C8A212C} moved successfully.
C:\Users\Dolores\AppData\Local\{6AF76532-3187-4994-B26E-33FAE34B430E} moved successfully.
C:\Users\Dolores\AppData\Local\{08057CB5-4093-47AD-81A1-F4276296A0BF} moved successfully.
C:\Users\Dolores\AppData\Local\{A2BDECBE-6CF3-487E-B55E-E9E17C49A180} moved successfully.
C:\Users\Dolores\AppData\Local\{C59D83E3-4698-43E5-8A18-BFB64C9835C7} moved successfully.
C:\Users\Dolores\AppData\Local\{882D0750-A163-46B9-8C74-A9BF2C1E402B} moved successfully.
C:\Users\Dolores\AppData\Local\{5294B141-9B79-4029-8A44-084D8E268CEF} moved successfully.
C:\Users\Dolores\AppData\Local\{7A7A9C6B-3CC4-457D-9B1E-43282337F577} moved successfully.
C:\Users\Dolores\AppData\Local\{1BBE4A8A-9481-4A0A-A045-13EAA41D8B29} moved successfully.
C:\Users\Dolores\AppData\Local\{2CD70979-21ED-479B-9104-6DF425C17B05} moved successfully.
C:\Users\Dolores\AppData\Local\{C7EDE23F-8C94-4011-854B-884F15BED48E} moved successfully.
C:\Users\Dolores\AppData\Local\{CE32A416-1E9B-48F8-A57C-1BFFB21E3527} moved successfully.
C:\Users\Dolores\AppData\Local\{BF7F6152-897E-4D08-BF5F-393577274655} moved successfully.
C:\Users\Dolores\AppData\Local\{8FC30F6A-8C72-421E-ABCC-8ED9DFC53597} moved successfully.
C:\Users\Dolores\AppData\Local\{C711A42D-9321-4AC3-B385-B600A7F729C0} moved successfully.
C:\Users\Dolores\AppData\Local\{0553D990-2BA8-4AE2-9E29-2AE60F38F053} moved successfully.
C:\Users\Dolores\AppData\Local\{525D38E0-9BA8-4E6E-BDA4-ED40EF346671} moved successfully.
C:\Users\Dolores\Documents\cc_20120614_161436.reg moved successfully.
C:\Users\Dolores\Documents\cc_20120603_111219.reg moved successfully.
C:\Users\Dolores\AppData\Local\{DF23AFF2-370C-4286-8ED3-11E1623D450A} moved successfully.
C:\Users\Dolores\AppData\Local\{93427D10-ACB5-4F0C-B311-6483CC24AC00} moved successfully.
C:\Users\Dolores\AppData\Local\{C7580241-BBDC-49CA-A069-C12022C6AED1} moved successfully.
C:\Users\Dolores\AppData\Local\{FEC154A6-5C30-4EEF-89ED-52EF2F450AD0} moved successfully.
C:\Windows\System32\ntoskrnl.exe moved successfully.
C:\Windows\SysWOW64\ntkrnlpa.exe moved successfully.
C:\Windows\SysWOW64\ntoskrnl.exe moved successfully.
C:\Windows\System32\profsvc.dll moved successfully.
C:\Windows\System32\Drivers\rdpwd.sys moved successfully.
C:\Windows\System32\rdpcorekmts.dll moved successfully.
C:\Windows\System32\rdpwsx.dll moved successfully.
C:\Windows\System32\rdrmemptylst.exe moved successfully.
C:\Windows\System32\crypt32.dll moved successfully.
C:\Windows\System32\cryptsvc.dll moved successfully.
C:\Windows\System32\cryptnet.dll moved successfully.
C:\Windows\SysWOW64\crypt32.dll moved successfully.
C:\Windows\SysWOW64\cryptsvc.dll moved successfully.
C:\Windows\SysWOW64\cryptnet.dll moved successfully.
C:\Windows\System32\msi.dll moved successfully.
C:\Windows\SysWOW64\msi.dll moved successfully.
C:\Windows\Minidump\061312-18782-01.dmp moved successfully.
C:\Users\Dolores\AppData\Local\{34E62A2B-37DA-4509-B6A9-1D3AA31703E6} moved successfully.
C:\Users\Dolores\AppData\Local\{B7005AF1-7F31-4550-A30D-A7A36D13A0D5} moved successfully.
C:\Users\Dolores\AppData\Local\{EC3E9938-7FFC-4EFB-B7F2-9A8550E904C9} moved successfully.
C:\Users\Dolores\AppData\Local\{4D7D6FD2-9A3F-413D-8995-CA34E5FD9C78} moved successfully.
C:\Users\Dolores\AppData\Local\{E4B6B689-4555-4D8B-8E55-50B76DF7FEAA} moved successfully.
C:\Users\Dolores\AppData\Local\{C7E1A91A-07B6-4231-B3C5-D10ED50AA5A5} moved successfully.
C:\Windows\WindowsUpdate.log moved successfully.
C:\Windows\System32\PerfStringBackup.INI moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job not found.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\setupact.log moved successfully.
C:\Users\All Users\ntuser.pol moved successfully.
C:\Windows\Tasks\SA.DAT moved successfully.
C:\Windows\PFRO.log moved successfully.
C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt moved successfully.
C:\Windows\SysWOW64\DOErrors.log moved successfully.
C:\Windows\SysWOW64\FlashPlayerApp.exe moved successfully.
C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl moved successfully.
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk not found.
C:\ComboFix.txt not found.
C:\Windows\system.ini moved successfully.
C:\Users\Dolores\Desktop\ComboFix.exe not found.
C:\Windows\System32\FNTCACHE.DAT moved successfully.
C:\Windows\Tasks\HPCeeScheduleForDolores.job moved successfully.
C:\Windows\System32\MRT.exe moved successfully.
C:\Windows\epplauncher.mif moved successfully.
C:\Windows\Tasks\PCDRScheduledMaintenance.job moved successfully.
C:\Users\Dolores\Documents\cc_20120614_161436.reg not found.
C:\Windows\Minidump\061312-18782-01.dmp not found.
C:\Windows\MEMORY.DMP moved successfully.
C:\Windows\System32\win32k.sys not found.
C:\Windows\System32\shell32.dll not found.
C:\Windows\SysWOW64\shell32.dll not found.
C:\user.js moved successfully.
C:\Windows\Minidump\060712-26364-01.dmp moved successfully.
C:\Windows\System32\msxml6.dll not found.
C:\Windows\System32\msxml3.dll not found.
C:\Windows\System32\cdosys.dll not found.
C:\Windows\SysWOW64\msxml6.dll not found.
C:\Windows\SysWOW64\msxml3.dll not found.
C:\Windows\SysWOW64\cdosys.dll not found.
C:\Users\Dolores\Documents\cc_20120603_111219.reg not found.
C:\Windows\System32\wuaueng.dll not found.
C:\Windows\System32\wuapi.dll not found.
C:\Windows\System32\wuauclt.exe not found.
C:\Windows\System32\wups2.dll not found.
C:\Windows\System32\wups.dll not found.
C:\Windows\System32\wucltux.dll not found.
C:\Windows\System32\wudriver.dll not found.
C:\Windows\System32\wuwebv.dll not found.
C:\Windows\System32\wuapp.exe not found.
C:\Windows\System32\mshtml.dll not found.
C:\Windows\System32\ieframe.dll not found.
C:\Windows\System32\jscript9.dll not found.
C:\Windows\System32\wininet.dll not found.
C:\Windows\System32\urlmon.dll not found.
C:\Windows\System32\inetcpl.cpl not found.
C:\Windows\System32\url.dll not found.
C:\Windows\System32\jsproxy.dll not found.
C:\Windows\System32\ieUnatt.exe not found.
C:\Windows\System32\jscript.dll not found.
C:\Windows\System32\iertutil.dll not found.
C:\Windows\System32\mshtml.tlb not found.
C:\Windows\System32\mshtmled.dll not found.
C:\Windows\System32\ieui.dll not found.
C:\Windows\SysWOW64\mshtml.dll not found.
C:\Windows\SysWOW64\ieframe.dll not found.
C:\Windows\SysWOW64\jscript9.dll not found.
C:\Windows\SysWOW64\urlmon.dll not found.
C:\Windows\SysWOW64\inetcpl.cpl not found.
C:\Windows\SysWOW64\wininet.dll not found.
C:\Windows\SysWOW64\url.dll not found.
C:\Windows\SysWOW64\jsproxy.dll not found.
C:\Windows\SysWOW64\ieUnatt.exe not found.
C:\Windows\SysWOW64\iertutil.dll not found.
C:\Windows\SysWOW64\jscript.dll not found.
C:\Windows\SysWOW64\mshtmled.dll not found.
C:\Windows\SysWOW64\mshtml.tlb not found.
C:\Windows\SysWOW64\ieui.dll not found.
C:\Windows\System32\Drivers\cng.sys not found.
C:\Windows\System32\Drivers\ksecpkg.sys not found.
C:\Windows\System32\Drivers\ksecdd.sys not found.
C:\Windows\System32\schannel.dll not found.
C:\Windows\System32\ncrypt.dll not found.
C:\Windows\SysWOW64\schannel.dll not found.
C:\Windows\SysWOW64\secur32.dll not found.
C:\Windows\SysWOW64\ncrypt.dll not found.
C:\Windows\SysWOW64\sspicli.dll not found.
C:\Windows\SysWOW64\PerfStringBackup.INI moved successfully.
C:\Windows\System32\config\software.bak moved successfully.
C:\Windows\System32\config\system.bak moved successfully.
C:\Windows\System32\config\security.bak moved successfully.
C:\Windows\System32\config\sam.bak moved successfully.
C:\Windows\System32\config\default.bak moved successfully.
C:\Windows\System32\Drivers\64029051.sys moved successfully.
C:\Users\Dolores\Downloads\dds.scr moved successfully.
C:\Users\Dolores\AppData\Local\WebpageIcons.db moved successfully.
C:\Windows\System32\ntoskrnl.exe not found.
C:\Windows\SysWOW64\ntkrnlpa.exe not found.
C:\Windows\SysWOW64\ntoskrnl.exe not found.
C:\Windows\System32\profsvc.dll not found.
C:\Users\Public\Desktop\Opera.lnk moved successfully.
C:\Windows\SysWOW64\AK083E209605E394C.lie moved successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
C:\Windows\SysWOW64\javaws.exe moved successfully.
C:\Windows\SysWOW64\javaw.exe moved successfully.
C:\Windows\SysWOW64\java.exe moved successfully.
C:\Windows\SysWOW64\deployJava1.dll moved successfully.
C:\Windows\System32\Drivers\rdpwd.sys not found.
C:\Windows\System32\rdpcorekmts.dll not found.
C:\Windows\System32\rdpwsx.dll not found.
C:\Windows\System32\rdrmemptylst.exe not found.
C:\Windows\System32\crypt32.dll not found.
C:\Windows\System32\cryptsvc.dll not found.
C:\Windows\System32\cryptnet.dll not found.
C:\Windows\SysWOW64\crypt32.dll not found.
C:\Windows\SysWOW64\cryptsvc.dll not found.
C:\Windows\SysWOW64\cryptnet.dll not found.
C:\Users\Dolores\AppData\Roaming\wklnhst.dat moved successfully.
C:\Users\Dolores\Desktop\JennyBucchiResume.wps moved successfully.
C:\Windows\setuperr.log moved successfully.
C:\Windows\DirectX.log moved successfully.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a} moved successfully.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\00000004.@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\1afb2d56 not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\L\201d3dde not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\00000004.@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\00000008.@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\000000cb.@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000000.@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000032.@ not found.
C:\Windows\Installer\{1ba78f58-800d-c392-6b42-d2394481388a}\U\80000064.@ not found.
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a} moved successfully.
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\@ not found.
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\L not found.
C:\Users\Dolores\AppData\Local\{1ba78f58-800d-c392-6b42-d2394481388a}\U not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\winlogon.exe => MD5 is legit not found.
C:\Windows\System32\wininit.exe => MD5 is legit not found.
C:\Windows\SysWOW64\wininit.exe => MD5 is legit not found.
C:\Windows\explorer.exe => MD5 is legit not found.
C:\Windows\SysWOW64\explorer.exe => MD5 is legit not found.
C:\Windows\System32\svchost.exe => MD5 is legit not found.
C:\Windows\SysWOW64\svchost.exe => MD5 is legit not found.
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. not found.
C:\Windows\System32\User32.dll => MD5 is legit not found.
C:\Windows\SysWOW64\User32.dll => MD5 is legit not found.
C:\Windows\System32\userinit.exe => MD5 is legit not found.
C:\Windows\SysWOW64\userinit.exe => MD5 is legit not found.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\Default value was restored successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\\Default value was restored successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\Default value was restored successfully .

========================= Total Pagefile: 2940.64 MB ========================

====== End Of File: ======

========================= Available Pagefile: 2240.7 MB ========================

====== End Of File: ======
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#11 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 02:44 PM

computer wont restart its running start up repair

#12 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 02:55 PM

never mind it started

#13 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 03:01 PM

step 2


14:56:14.0766 3808 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:56:15.0312 3808 ============================================================
14:56:15.0312 3808 Current date / time: 2012/07/12 14:56:15.0312
14:56:15.0312 3808 SystemInfo:
14:56:15.0312 3808
14:56:15.0312 3808 OS Version: 6.1.7601 ServicePack: 1.0
14:56:15.0312 3808 Product type: Workstation
14:56:15.0312 3808 ComputerName: DOLORES-PC
14:56:15.0312 3808 UserName: Dolores
14:56:15.0312 3808 Windows directory: C:\Windows
14:56:15.0312 3808 System windows directory: C:\Windows
14:56:15.0312 3808 Running under WOW64
14:56:15.0312 3808 Processor architecture: Intel x64
14:56:15.0312 3808 Number of processors: 2
14:56:15.0312 3808 Page size: 0x1000
14:56:15.0312 3808 Boot type: Normal boot
14:56:15.0312 3808 ============================================================
14:56:17.0168 3808 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:56:17.0168 3808 ============================================================
14:56:17.0168 3808 \Device\Harddisk0\DR0:
14:56:17.0168 3808 MBR partitions:
14:56:17.0168 3808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:56:17.0168 3808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D84000
14:56:17.0168 3808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38DB6800, BlocksNum 0x15CF000
14:56:17.0168 3808 ============================================================
14:56:17.0184 3808 C: <-> \Device\Harddisk0\DR0\Partition1
14:56:17.0340 3808 D: <-> \Device\Harddisk0\DR0\Partition2
14:56:17.0340 3808 ============================================================
14:56:17.0340 3808 Initialize success
14:56:17.0340 3808 ============================================================
14:57:02.0065 3276 ============================================================
14:57:02.0065 3276 Scan started
14:57:02.0065 3276 Mode: Manual; SigCheck; TDLFS;
14:57:02.0065 3276 ============================================================
14:57:03.0079 3276 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:57:03.0220 3276 1394ohci - ok
14:57:03.0251 3276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:57:03.0298 3276 ACPI - ok
14:57:03.0298 3276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:57:03.0360 3276 AcpiPmi - ok
14:57:03.0454 3276 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:57:03.0469 3276 AdobeARMservice - ok
14:57:03.0625 3276 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:57:03.0656 3276 AdobeFlashPlayerUpdateSvc - ok
14:57:03.0719 3276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:57:03.0734 3276 adp94xx - ok
14:57:03.0812 3276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:57:03.0828 3276 adpahci - ok
14:57:03.0859 3276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:57:03.0875 3276 adpu320 - ok
14:57:03.0890 3276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:57:04.0046 3276 AeLookupSvc - ok
14:57:04.0078 3276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:57:04.0124 3276 AFD - ok
14:57:04.0218 3276 aftservice (7df84a76f37fcd2fec4bc2fbb2b884b2) C:\Program Files (x86)\Automated Feedback Tool\v6.1.608.0\aftservice.exe
14:57:04.0234 3276 aftservice - ok
14:57:04.0296 3276 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
14:57:04.0390 3276 AgereModemAudio - ok
14:57:04.0468 3276 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
14:57:04.0546 3276 AgereSoftModem - ok
14:57:04.0608 3276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:57:04.0639 3276 agp440 - ok
14:57:04.0686 3276 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:57:04.0748 3276 ALG - ok
14:57:04.0795 3276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:57:04.0811 3276 aliide - ok
14:57:04.0826 3276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:57:04.0826 3276 amdide - ok
14:57:04.0858 3276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:57:04.0920 3276 AmdK8 - ok
14:57:04.0936 3276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:57:04.0982 3276 AmdPPM - ok
14:57:05.0014 3276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:57:05.0029 3276 amdsata - ok
14:57:05.0060 3276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:57:05.0076 3276 amdsbs - ok
14:57:05.0076 3276 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:57:05.0092 3276 amdxata - ok
14:57:05.0123 3276 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:57:05.0263 3276 AppID - ok
14:57:05.0279 3276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:57:05.0341 3276 AppIDSvc - ok
14:57:05.0388 3276 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:57:05.0482 3276 Appinfo - ok
14:57:05.0513 3276 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:57:05.0528 3276 arc - ok
14:57:05.0544 3276 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:57:05.0560 3276 arcsas - ok
14:57:05.0591 3276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:57:05.0653 3276 AsyncMac - ok
14:57:05.0700 3276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:57:05.0700 3276 atapi - ok
14:57:05.0794 3276 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:57:05.0840 3276 AudioEndpointBuilder - ok
14:57:05.0856 3276 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:57:05.0903 3276 AudioSrv - ok
14:57:05.0950 3276 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:57:06.0028 3276 AxInstSV - ok
14:57:06.0059 3276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:57:06.0121 3276 b06bdrv - ok
14:57:06.0152 3276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:57:06.0199 3276 b57nd60a - ok
14:57:06.0215 3276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:57:06.0277 3276 BDESVC - ok
14:57:06.0293 3276 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:57:06.0355 3276 Beep - ok
14:57:06.0433 3276 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:57:06.0511 3276 BFE - ok
14:57:06.0574 3276 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:57:06.0636 3276 BITS - ok
14:57:06.0698 3276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:57:06.0761 3276 blbdrive - ok
14:57:06.0792 3276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:57:06.0823 3276 bowser - ok
14:57:06.0839 3276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:57:06.0932 3276 BrFiltLo - ok
14:57:06.0948 3276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:57:06.0979 3276 BrFiltUp - ok
14:57:07.0010 3276 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:57:07.0073 3276 BridgeMP - ok
14:57:07.0104 3276 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:57:07.0135 3276 Browser - ok
14:57:07.0166 3276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:57:07.0198 3276 Brserid - ok
14:57:07.0229 3276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:57:07.0260 3276 BrSerWdm - ok
14:57:07.0276 3276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:57:07.0322 3276 BrUsbMdm - ok
14:57:07.0338 3276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:57:07.0369 3276 BrUsbSer - ok
14:57:07.0400 3276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:57:07.0432 3276 BTHMODEM - ok
14:57:07.0463 3276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:57:07.0525 3276 bthserv - ok
14:57:07.0572 3276 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:57:07.0603 3276 cdfs - ok
14:57:07.0650 3276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:57:07.0697 3276 cdrom - ok
14:57:07.0744 3276 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:57:07.0790 3276 CertPropSvc - ok
14:57:07.0822 3276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:57:07.0853 3276 circlass - ok
14:57:07.0868 3276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:57:07.0884 3276 CLFS - ok
14:57:07.0931 3276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:57:07.0962 3276 clr_optimization_v2.0.50727_32 - ok
14:57:08.0024 3276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:57:08.0056 3276 clr_optimization_v2.0.50727_64 - ok
14:57:08.0118 3276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:57:08.0165 3276 clr_optimization_v4.0.30319_32 - ok
14:57:08.0196 3276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:57:08.0212 3276 clr_optimization_v4.0.30319_64 - ok
14:57:08.0243 3276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:57:08.0274 3276 CmBatt - ok
14:57:08.0321 3276 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:57:08.0336 3276 cmdide - ok
14:57:08.0368 3276 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:57:08.0399 3276 CNG - ok
14:57:08.0399 3276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:57:08.0414 3276 Compbatt - ok
14:57:08.0461 3276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:57:08.0492 3276 CompositeBus - ok
14:57:08.0508 3276 COMSysApp - ok
14:57:08.0586 3276 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
14:57:08.0633 3276 cpudrv64 - ok
14:57:08.0664 3276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:57:08.0680 3276 crcdisk - ok
14:57:08.0711 3276 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:57:08.0742 3276 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
14:57:08.0742 3276 CryptSvc - detected UnsignedFile.Multi.Generic (1)
14:57:08.0820 3276 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:57:08.0898 3276 dc3d - ok
14:57:08.0992 3276 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:57:09.0116 3276 DcomLaunch - ok
14:57:09.0148 3276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:57:09.0210 3276 defragsvc - ok
14:57:09.0241 3276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:57:09.0288 3276 DfsC - ok
14:57:09.0350 3276 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:57:09.0413 3276 Dhcp - ok
14:57:09.0428 3276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:57:09.0491 3276 discache - ok
14:57:09.0506 3276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:57:09.0522 3276 Disk - ok
14:57:09.0553 3276 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:57:09.0584 3276 Dnscache - ok
14:57:09.0631 3276 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:57:09.0694 3276 dot3svc - ok
14:57:09.0709 3276 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:57:09.0772 3276 DPS - ok
14:57:09.0803 3276 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:57:09.0834 3276 drmkaud - ok
14:57:09.0896 3276 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:57:09.0912 3276 DXGKrnl - ok
14:57:09.0943 3276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:57:09.0990 3276 EapHost - ok
14:57:10.0099 3276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:57:10.0177 3276 ebdrv - ok
14:57:10.0271 3276 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:57:10.0364 3276 EFS - ok
14:57:10.0427 3276 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:57:10.0505 3276 ehRecvr - ok
14:57:10.0567 3276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:57:10.0676 3276 ehSched - ok
14:57:10.0801 3276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:57:10.0832 3276 elxstor - ok
14:57:10.0864 3276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:57:10.0895 3276 ErrDev - ok
14:57:10.0957 3276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:57:11.0020 3276 EventSystem - ok
14:57:11.0051 3276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:57:11.0113 3276 exfat - ok
14:57:11.0129 3276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:57:11.0176 3276 fastfat - ok
14:57:11.0238 3276 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:57:11.0300 3276 Fax - ok
14:57:11.0316 3276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:57:11.0363 3276 fdc - ok
14:57:11.0378 3276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:57:11.0425 3276 fdPHost - ok
14:57:11.0441 3276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:57:11.0488 3276 FDResPub - ok
14:57:11.0519 3276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:57:11.0519 3276 FileInfo - ok
14:57:11.0534 3276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:57:11.0597 3276 Filetrace - ok
14:57:11.0612 3276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:57:11.0644 3276 flpydisk - ok
14:57:11.0722 3276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:57:11.0753 3276 FltMgr - ok
14:57:11.0909 3276 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:57:12.0018 3276 FontCache - ok
14:57:12.0080 3276 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:57:12.0112 3276 FontCache3.0.0.0 - ok
14:57:12.0127 3276 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:57:12.0143 3276 FsDepends - ok
14:57:12.0174 3276 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:57:12.0190 3276 Fs_Rec - ok
14:57:12.0221 3276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:57:12.0236 3276 fvevol - ok
14:57:12.0268 3276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:57:12.0283 3276 gagp30kx - ok
14:57:12.0330 3276 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:57:12.0346 3276 GameConsoleService - ok
14:57:12.0392 3276 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:57:12.0455 3276 gpsvc - ok
14:57:12.0486 3276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:57:12.0533 3276 hcw85cir - ok
14:57:12.0580 3276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:57:12.0642 3276 HDAudBus - ok
14:57:12.0673 3276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:57:12.0720 3276 HidBatt - ok
14:57:12.0767 3276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:57:12.0798 3276 HidBth - ok
14:57:12.0814 3276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:57:12.0876 3276 HidIr - ok
14:57:12.0907 3276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:57:12.0985 3276 hidserv - ok
14:57:13.0032 3276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:57:13.0048 3276 HidUsb - ok
14:57:13.0063 3276 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:57:13.0126 3276 hkmsvc - ok
14:57:13.0157 3276 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:57:13.0204 3276 HomeGroupListener - ok
14:57:13.0250 3276 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:57:13.0266 3276 HomeGroupProvider - ok
14:57:13.0344 3276 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:57:13.0360 3276 HP Support Assistant Service - ok
14:57:13.0422 3276 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:57:13.0453 3276 HPDrvMntSvc.exe - ok
14:57:13.0484 3276 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:57:13.0516 3276 hpqwmiex - ok
14:57:13.0547 3276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:57:13.0562 3276 HpSAMD - ok
14:57:13.0609 3276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:57:13.0672 3276 HTTP - ok
14:57:13.0703 3276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:57:13.0703 3276 hwpolicy - ok
14:57:13.0750 3276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:57:13.0765 3276 i8042prt - ok
14:57:13.0812 3276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:57:13.0828 3276 iaStorV - ok
14:57:13.0968 3276 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:57:13.0999 3276 idsvc - ok
14:57:14.0030 3276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:57:14.0046 3276 iirsp - ok
14:57:14.0124 3276 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:57:14.0233 3276 IKEEXT - ok
14:57:14.0327 3276 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
14:57:14.0358 3276 IntcAzAudAddService - ok
14:57:14.0452 3276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:57:14.0483 3276 intelide - ok
14:57:14.0514 3276 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:57:14.0545 3276 intelppm - ok
14:57:14.0576 3276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:57:14.0623 3276 IPBusEnum - ok
14:57:14.0670 3276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:57:14.0717 3276 IpFilterDriver - ok
14:57:14.0764 3276 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:57:14.0810 3276 iphlpsvc - ok
14:57:14.0842 3276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:57:14.0873 3276 IPMIDRV - ok
14:57:14.0904 3276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:57:14.0951 3276 IPNAT - ok
14:57:14.0982 3276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:57:15.0076 3276 IRENUM - ok
14:57:15.0107 3276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:57:15.0122 3276 isapnp - ok
14:57:15.0138 3276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:57:15.0169 3276 iScsiPrt - ok
14:57:15.0185 3276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:57:15.0200 3276 kbdclass - ok
14:57:15.0216 3276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:57:15.0263 3276 kbdhid - ok
14:57:15.0294 3276 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:15.0310 3276 KeyIso - ok
14:57:15.0341 3276 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:57:15.0356 3276 KSecDD - ok
14:57:15.0388 3276 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:57:15.0388 3276 KSecPkg - ok
14:57:15.0419 3276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:57:15.0481 3276 ksthunk - ok
14:57:15.0512 3276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:57:15.0575 3276 KtmRm - ok
14:57:15.0715 3276 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:57:15.0793 3276 LanmanServer - ok
14:57:15.0840 3276 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:57:15.0980 3276 LanmanWorkstation - ok
14:57:16.0121 3276 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:57:16.0168 3276 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:57:16.0168 3276 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:57:16.0214 3276 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:57:16.0308 3276 lltdio - ok
14:57:16.0339 3276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:57:16.0402 3276 lltdsvc - ok
14:57:16.0402 3276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:57:16.0448 3276 lmhosts - ok
14:57:16.0480 3276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:57:16.0480 3276 LSI_FC - ok
14:57:16.0495 3276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:57:16.0511 3276 LSI_SAS - ok
14:57:16.0542 3276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:57:16.0558 3276 LSI_SAS2 - ok
14:57:16.0573 3276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:57:16.0589 3276 LSI_SCSI - ok
14:57:16.0620 3276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:57:16.0682 3276 luafv - ok
14:57:16.0714 3276 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:57:16.0729 3276 MBAMProtector - ok
14:57:16.0776 3276 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:57:16.0792 3276 MBAMService - ok
14:57:16.0885 3276 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
14:57:16.0932 3276 McciCMService ( UnsignedFile.Multi.Generic ) - warning
14:57:16.0932 3276 McciCMService - detected UnsignedFile.Multi.Generic (1)
14:57:17.0088 3276 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
14:57:17.0119 3276 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
14:57:17.0119 3276 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
14:57:17.0260 3276 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:57:17.0322 3276 Mcx2Svc - ok
14:57:17.0353 3276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:57:17.0384 3276 megasas - ok
14:57:17.0431 3276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:57:17.0447 3276 MegaSR - ok
14:57:17.0478 3276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:57:17.0540 3276 MMCSS - ok
14:57:17.0556 3276 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:57:17.0618 3276 Modem - ok
14:57:17.0650 3276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:57:17.0681 3276 monitor - ok
14:57:17.0696 3276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:57:17.0712 3276 mouclass - ok
14:57:17.0728 3276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:57:17.0759 3276 mouhid - ok
14:57:17.0790 3276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:57:17.0790 3276 mountmgr - ok
14:57:17.0852 3276 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:57:17.0884 3276 MpFilter - ok
14:57:17.0915 3276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:57:17.0930 3276 mpio - ok
14:57:17.0962 3276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:57:18.0008 3276 mpsdrv - ok
14:57:18.0071 3276 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:57:18.0149 3276 MpsSvc - ok
14:57:18.0274 3276 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
14:57:18.0367 3276 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
14:57:18.0367 3276 MREMP50 - detected UnsignedFile.Multi.Generic (1)
14:57:18.0414 3276 MREMP50a64 - ok
14:57:18.0430 3276 MREMPR5 - ok
14:57:18.0445 3276 MRENDIS5 - ok
14:57:18.0461 3276 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
14:57:18.0508 3276 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
14:57:18.0508 3276 MRESP50 - detected UnsignedFile.Multi.Generic (1)
14:57:18.0539 3276 MRESP50a64 - ok
14:57:18.0570 3276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:57:18.0601 3276 MRxDAV - ok
14:57:18.0632 3276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:57:18.0726 3276 mrxsmb - ok
14:57:18.0773 3276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:57:18.0820 3276 mrxsmb10 - ok
14:57:18.0835 3276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:57:18.0851 3276 mrxsmb20 - ok
14:57:18.0882 3276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:57:18.0898 3276 msahci - ok
14:57:18.0929 3276 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:57:18.0944 3276 msdsm - ok
14:57:18.0991 3276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:57:19.0038 3276 MSDTC - ok
14:57:19.0085 3276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:57:19.0116 3276 Msfs - ok
14:57:19.0163 3276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:57:19.0256 3276 mshidkmdf - ok
14:57:19.0303 3276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:57:19.0303 3276 msisadrv - ok
14:57:19.0334 3276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:57:19.0381 3276 MSiSCSI - ok
14:57:19.0381 3276 msiserver - ok
14:57:19.0428 3276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:57:19.0475 3276 MSKSSRV - ok
14:57:19.0537 3276 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:57:19.0568 3276 MsMpSvc - ok
14:57:19.0584 3276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:57:19.0646 3276 MSPCLOCK - ok
14:57:19.0662 3276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:57:19.0740 3276 MSPQM - ok
14:57:19.0771 3276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:57:19.0787 3276 MsRPC - ok
14:57:19.0802 3276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:57:19.0818 3276 mssmbios - ok
14:57:19.0849 3276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:57:19.0896 3276 MSTEE - ok
14:57:19.0927 3276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:57:19.0943 3276 MTConfig - ok
14:57:19.0958 3276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:57:19.0974 3276 Mup - ok
14:57:20.0021 3276 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:57:20.0068 3276 napagent - ok
14:57:20.0114 3276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:57:20.0130 3276 NativeWifiP - ok
14:57:20.0224 3276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:57:20.0270 3276 NDIS - ok
14:57:20.0286 3276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:57:20.0364 3276 NdisCap - ok
14:57:20.0380 3276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:57:20.0426 3276 NdisTapi - ok
14:57:20.0473 3276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:57:20.0567 3276 Ndisuio - ok
14:57:20.0598 3276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:57:20.0645 3276 NdisWan - ok
14:57:20.0676 3276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:57:20.0723 3276 NDProxy - ok
14:57:20.0738 3276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:57:20.0801 3276 NetBIOS - ok
14:57:20.0832 3276 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:57:20.0879 3276 NetBT - ok
14:57:20.0910 3276 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:20.0941 3276 Netlogon - ok
14:57:20.0972 3276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:57:21.0035 3276 Netman - ok
14:57:21.0050 3276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:57:21.0113 3276 netprofm - ok
14:57:21.0175 3276 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:57:21.0191 3276 NetTcpPortSharing - ok
14:57:21.0222 3276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:57:21.0238 3276 nfrd960 - ok
14:57:21.0440 3276 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:57:21.0472 3276 NisDrv - ok
14:57:21.0628 3276 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:57:21.0643 3276 NisSrv - ok
14:57:21.0690 3276 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:57:21.0752 3276 NlaSvc - ok
14:57:21.0784 3276 nosGetPlusHelper - ok
14:57:21.0799 3276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:57:21.0862 3276 Npfs - ok
14:57:21.0893 3276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:57:21.0940 3276 nsi - ok
14:57:21.0940 3276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:57:21.0986 3276 nsiproxy - ok
14:57:22.0080 3276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:57:22.0111 3276 Ntfs - ok
14:57:22.0205 3276 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:57:22.0283 3276 Null - ok
14:57:22.0579 3276 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:57:22.0735 3276 nvlddmkm - ok
14:57:22.0860 3276 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:57:22.0891 3276 NVNET - ok
14:57:22.0922 3276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:57:22.0938 3276 nvraid - ok
14:57:22.0938 3276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:57:22.0954 3276 nvstor - ok
14:57:22.0985 3276 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
14:57:22.0985 3276 nvstor64 - ok
14:57:23.0063 3276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:57:23.0094 3276 nv_agp - ok
14:57:23.0141 3276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:57:23.0219 3276 ohci1394 - ok
14:57:23.0250 3276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:57:23.0328 3276 p2pimsvc - ok
14:57:23.0344 3276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:57:23.0390 3276 p2psvc - ok
14:57:23.0422 3276 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:57:23.0453 3276 Parport - ok
14:57:23.0484 3276 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:57:23.0484 3276 partmgr - ok
14:57:23.0500 3276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:57:23.0546 3276 PcaSvc - ok
14:57:23.0593 3276 PcdrNdisuio - ok
14:57:23.0656 3276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:57:23.0687 3276 pci - ok
14:57:23.0687 3276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:57:23.0702 3276 pciide - ok
14:57:23.0718 3276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:57:23.0734 3276 pcmcia - ok
14:57:23.0749 3276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:57:23.0765 3276 pcw - ok
14:57:23.0796 3276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:57:23.0858 3276 PEAUTH - ok
14:57:23.0905 3276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:57:23.0983 3276 PerfHost - ok
14:57:24.0077 3276 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:57:24.0139 3276 pla - ok
14:57:24.0186 3276 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:57:24.0233 3276 PlugPlay - ok
14:57:24.0264 3276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:57:24.0295 3276 PNRPAutoReg - ok
14:57:24.0311 3276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:57:24.0342 3276 PNRPsvc - ok
14:57:24.0389 3276 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:57:24.0404 3276 Point64 - ok
14:57:24.0514 3276 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:57:24.0607 3276 PolicyAgent - ok
14:57:24.0670 3276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:57:24.0748 3276 Power - ok
14:57:24.0794 3276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:57:24.0888 3276 PptpMiniport - ok
14:57:24.0919 3276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:57:24.0950 3276 Processor - ok
14:57:24.0982 3276 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:57:25.0013 3276 ProfSvc ( UnsignedFile.Multi.Generic ) - warning
14:57:25.0013 3276 ProfSvc - detected UnsignedFile.Multi.Generic (1)
14:57:25.0028 3276 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:25.0060 3276 ProtectedStorage - ok
14:57:25.0091 3276 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:57:25.0153 3276 Psched - ok
14:57:25.0200 3276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:57:25.0231 3276 ql2300 - ok
14:57:25.0325 3276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:57:25.0356 3276 ql40xx - ok
14:57:25.0372 3276 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:57:25.0418 3276 QWAVE - ok
14:57:25.0450 3276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:57:25.0481 3276 QWAVEdrv - ok
14:57:25.0496 3276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:57:25.0543 3276 RasAcd - ok
14:57:25.0574 3276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:57:25.0606 3276 RasAgileVpn - ok
14:57:25.0621 3276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:57:25.0668 3276 RasAuto - ok
14:57:25.0715 3276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:57:25.0762 3276 Rasl2tp - ok
14:57:25.0808 3276 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:57:25.0840 3276 RasMan - ok
14:57:25.0855 3276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:57:25.0918 3276 RasPppoe - ok
14:57:25.0933 3276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:57:25.0980 3276 RasSstp - ok
14:57:26.0011 3276 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:57:26.0058 3276 rdbss - ok
14:57:26.0120 3276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:57:26.0167 3276 rdpbus - ok
14:57:26.0198 3276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:57:26.0245 3276 RDPCDD - ok
14:57:26.0276 3276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:57:26.0308 3276 RDPENCDD - ok
14:57:26.0323 3276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:57:26.0370 3276 RDPREFMP - ok
14:57:26.0417 3276 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:57:26.0464 3276 RDPWD ( UnsignedFile.Multi.Generic ) - warning
14:57:26.0464 3276 RDPWD - detected UnsignedFile.Multi.Generic (1)
14:57:26.0510 3276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:57:26.0542 3276 rdyboost - ok
14:57:26.0557 3276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:57:26.0620 3276 RemoteAccess - ok
14:57:26.0635 3276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:57:26.0682 3276 RemoteRegistry - ok
14:57:26.0713 3276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:57:26.0760 3276 RpcEptMapper - ok
14:57:26.0791 3276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:57:26.0822 3276 RpcLocator - ok
14:57:26.0869 3276 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:57:26.0900 3276 RpcSs - ok
14:57:26.0932 3276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:57:26.0963 3276 rspndr - ok
14:57:26.0994 3276 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:27.0025 3276 SamSs - ok
14:57:27.0056 3276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:57:27.0072 3276 sbp2port - ok
14:57:27.0103 3276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:57:27.0134 3276 SCardSvr - ok
14:57:27.0166 3276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:57:27.0228 3276 scfilter - ok
14:57:27.0322 3276 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:57:27.0431 3276 Schedule - ok
14:57:27.0446 3276 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:57:27.0493 3276 SCPolicySvc - ok
14:57:27.0524 3276 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:57:27.0571 3276 SDRSVC - ok
14:57:27.0618 3276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:57:27.0712 3276 secdrv - ok
14:57:27.0743 3276 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:57:27.0774 3276 seclogon - ok
14:57:27.0805 3276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:57:27.0852 3276 SENS - ok
14:57:27.0868 3276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:57:27.0899 3276 SensrSvc - ok
14:57:27.0914 3276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:57:27.0946 3276 Serenum - ok
14:57:27.0977 3276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:57:27.0992 3276 Serial - ok
14:57:28.0024 3276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:57:28.0055 3276 sermouse - ok
14:57:28.0086 3276 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:57:28.0148 3276 SessionEnv - ok
14:57:28.0180 3276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:57:28.0211 3276 sffdisk - ok
14:57:28.0226 3276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:57:28.0258 3276 sffp_mmc - ok
14:57:28.0273 3276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:57:28.0304 3276 sffp_sd - ok
14:57:28.0320 3276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:57:28.0351 3276 sfloppy - ok
14:57:28.0382 3276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:57:28.0429 3276 SharedAccess - ok
14:57:28.0460 3276 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:57:28.0523 3276 ShellHWDetection - ok
14:57:28.0554 3276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:57:28.0570 3276 SiSRaid2 - ok
14:57:28.0585 3276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:57:28.0601 3276 SiSRaid4 - ok
14:57:28.0632 3276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:57:28.0679 3276 Smb - ok
14:57:28.0710 3276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:57:28.0757 3276 SNMPTRAP - ok
14:57:28.0772 3276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:57:28.0788 3276 spldr - ok
14:57:28.0835 3276 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:57:28.0866 3276 Spooler - ok
14:57:29.0053 3276 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:57:29.0209 3276 sppsvc - ok
14:57:29.0303 3276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:57:29.0412 3276 sppuinotify - ok
14:57:29.0474 3276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:57:29.0537 3276 srv - ok
14:57:29.0568 3276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:57:29.0584 3276 srv2 - ok
14:57:29.0599 3276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:57:29.0630 3276 srvnet - ok
14:57:29.0662 3276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:57:29.0724 3276 SSDPSRV - ok
14:57:29.0740 3276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:57:29.0786 3276 SstpSvc - ok
14:57:29.0802 3276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:57:29.0802 3276 stexstor - ok
14:57:29.0864 3276 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:57:29.0927 3276 stisvc - ok
14:57:29.0958 3276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:57:29.0974 3276 swenum - ok
14:57:30.0005 3276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:57:30.0067 3276 swprv - ok
14:57:30.0145 3276 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:57:30.0192 3276 SysMain - ok
14:57:30.0286 3276 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:57:30.0348 3276 TabletInputService - ok
14:57:30.0364 3276 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:57:30.0426 3276 TapiSrv - ok
14:57:30.0442 3276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:57:30.0488 3276 TBS - ok
14:57:30.0566 3276 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:57:30.0598 3276 Tcpip - ok
14:57:30.0754 3276 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:57:30.0800 3276 TCPIP6 - ok
14:57:31.0315 3276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:57:31.0409 3276 tcpipreg - ok
14:57:31.0440 3276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:57:31.0487 3276 TDPIPE - ok
14:57:31.0502 3276 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:57:31.0534 3276 TDTCP - ok
14:57:31.0580 3276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:57:31.0643 3276 tdx - ok
14:57:31.0690 3276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:57:31.0705 3276 TermDD - ok
14:57:31.0830 3276 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:57:31.0924 3276 TermService - ok
14:57:31.0955 3276 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:57:31.0970 3276 Themes - ok
14:57:32.0002 3276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:57:32.0033 3276 THREADORDER - ok
14:57:32.0064 3276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:57:32.0111 3276 TrkWks - ok
14:57:32.0158 3276 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:57:32.0220 3276 TrustedInstaller - ok
14:57:32.0251 3276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:57:32.0314 3276 tssecsrv - ok
14:57:32.0345 3276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:57:32.0407 3276 TsUsbFlt - ok
14:57:32.0454 3276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:57:32.0563 3276 tunnel - ok
14:57:32.0579 3276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:57:32.0594 3276 uagp35 - ok
14:57:32.0657 3276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:57:32.0704 3276 udfs - ok
14:57:32.0750 3276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:57:32.0766 3276 UI0Detect - ok
14:57:32.0813 3276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:57:32.0844 3276 uliagpkx - ok
14:57:32.0875 3276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:57:32.0922 3276 umbus - ok
14:57:32.0953 3276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:57:32.0984 3276 UmPass - ok
14:57:33.0016 3276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:57:33.0078 3276 upnphost - ok
14:57:33.0109 3276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:57:33.0156 3276 usbccgp - ok
14:57:33.0203 3276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:57:33.0265 3276 usbcir - ok
14:57:33.0296 3276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:57:33.0343 3276 usbehci - ok
14:57:33.0359 3276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:57:33.0390 3276 usbhub - ok
14:57:33.0406 3276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:57:33.0437 3276 usbohci - ok
14:57:33.0468 3276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:57:33.0515 3276 usbprint - ok
14:57:33.0562 3276 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:57:33.0624 3276 usbscan - ok
14:57:33.0640 3276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:57:33.0702 3276 USBSTOR - ok
14:57:33.0733 3276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:57:33.0780 3276 usbuhci - ok
14:57:33.0796 3276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:57:33.0874 3276 UxSms - ok
14:57:33.0905 3276 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:33.0952 3276 VaultSvc - ok
14:57:33.0967 3276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:57:33.0983 3276 vdrvroot - ok
14:57:34.0030 3276 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:57:34.0092 3276 vds - ok
14:57:34.0108 3276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:57:34.0139 3276 vga - ok
14:57:34.0154 3276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:57:34.0201 3276 VgaSave - ok
14:57:34.0232 3276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:57:34.0248 3276 vhdmp - ok
14:57:34.0264 3276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:57:34.0279 3276 viaide - ok
14:57:34.0279 3276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:57:34.0295 3276 volmgr - ok
14:57:34.0326 3276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:57:34.0342 3276 volmgrx - ok
14:57:34.0373 3276 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:57:34.0388 3276 volsnap - ok
14:57:34.0420 3276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:57:34.0435 3276 vsmraid - ok
14:57:34.0498 3276 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:57:34.0591 3276 VSS - ok
14:57:34.0700 3276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:57:34.0747 3276 vwifibus - ok
14:57:34.0794 3276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:57:34.0841 3276 W32Time - ok
14:57:34.0856 3276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:57:34.0872 3276 WacomPen - ok
14:57:34.0919 3276 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:57:34.0966 3276 WANARP - ok
14:57:34.0981 3276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:57:35.0012 3276 Wanarpv6 - ok
14:57:35.0262 3276 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:57:35.0371 3276 WatAdminSvc - ok
14:57:35.0512 3276 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:57:35.0574 3276 wbengine - ok
14:57:35.0683 3276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:57:35.0730 3276 WbioSrvc - ok
14:57:35.0761 3276 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:57:35.0808 3276 wcncsvc - ok
14:57:35.0839 3276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:57:35.0870 3276 WcsPlugInService - ok
14:57:35.0917 3276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:57:35.0933 3276 Wd - ok
14:57:35.0964 3276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:57:35.0995 3276 Wdf01000 - ok
14:57:36.0011 3276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:57:36.0089 3276 WdiServiceHost - ok
14:57:36.0104 3276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:57:36.0136 3276 WdiSystemHost - ok
14:57:36.0167 3276 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:57:36.0214 3276 WebClient - ok
14:57:36.0229 3276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:57:36.0292 3276 Wecsvc - ok
14:57:36.0307 3276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:57:36.0354 3276 wercplsupport - ok
14:57:36.0385 3276 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:57:36.0432 3276 WerSvc - ok
14:57:36.0479 3276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:57:36.0541 3276 WfpLwf - ok
14:57:36.0557 3276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:57:36.0572 3276 WIMMount - ok
14:57:36.0588 3276 WinDefend - ok
14:57:36.0604 3276 WinHttpAutoProxySvc - ok
14:57:36.0666 3276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:57:36.0744 3276 Winmgmt - ok
14:57:36.0884 3276 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:57:36.0962 3276 WinRM - ok
14:57:37.0072 3276 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:57:37.0118 3276 WinUsb - ok
14:57:37.0165 3276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:57:37.0212 3276 Wlansvc - ok
14:57:37.0274 3276 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:57:37.0306 3276 wlcrasvc - ok
14:57:37.0477 3276 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:57:37.0524 3276 wlidsvc - ok
14:57:37.0633 3276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:57:37.0664 3276 WmiAcpi - ok
14:57:37.0727 3276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:57:37.0789 3276 wmiApSrv - ok
14:57:37.0836 3276 WMPNetworkSvc - ok
14:57:37.0867 3276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:57:37.0898 3276 WPCSvc - ok
14:57:37.0945 3276 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:57:37.0976 3276 WPDBusEnum - ok
14:57:37.0992 3276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:57:38.0023 3276 ws2ifsl - ok
14:57:38.0039 3276 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:57:38.0086 3276 wscsvc - ok
14:57:38.0086 3276 WSearch - ok
14:57:38.0179 3276 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:57:38.0226 3276 wuauserv - ok
14:57:38.0335 3276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:57:38.0413 3276 WudfPf - ok
14:57:38.0429 3276 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:57:38.0491 3276 WUDFRd - ok
14:57:38.0522 3276 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:57:38.0554 3276 wudfsvc - ok
14:57:38.0600 3276 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:57:38.0632 3276 WwanSvc - ok
14:57:38.0647 3276 MBR (0x1B8) (7e1d3387e53690ca4c2d2535296bb5c1) \Device\Harddisk0\DR0
14:57:39.0224 3276 \Device\Harddisk0\DR0 - ok
14:57:39.0240 3276 Boot (0x1200) (fd2d1b39dbe9ff9792cfd16da4c54e72) \Device\Harddisk0\DR0\Partition0
14:57:39.0256 3276 \Device\Harddisk0\DR0\Partition0 - ok
14:57:39.0271 3276 Boot (0x1200) (2f5b22d7057daffb9a9cd0ff8db1c0cf) \Device\Harddisk0\DR0\Partition1
14:57:39.0271 3276 \Device\Harddisk0\DR0\Partition1 - ok
14:57:39.0302 3276 Boot (0x1200) (030a84e6d26ffa51d0ee2908a61d2e1a) \Device\Harddisk0\DR0\Partition2
14:57:39.0318 3276 \Device\Harddisk0\DR0\Partition2 - ok
14:57:39.0318 3276 ============================================================
14:57:39.0318 3276 Scan finished
14:57:39.0318 3276 ============================================================
14:57:39.0349 4000 Detected object count: 8
14:57:39.0349 4000 Actual detected object count: 8
14:58:13.0014 4000 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0014 4000 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0014 4000 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0014 4000 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0014 4000 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0014 4000 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0030 4000 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0030 4000 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0030 4000 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0030 4000 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0030 4000 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0030 4000 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0030 4000 ProfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0030 4000 ProfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:13.0030 4000 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0030 4000 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip

#14 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 03:03 PM

step 3



Farbar Service Scanner Version: 08-07-2012
Ran by Dolores (administrator) on 12-07-2012 at 15:03:12
Running from "C:\Users\Dolores\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\040134SK"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 deejen

deejen
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 July 2012 - 03:25 PM

step4

OTL logfile created on: 7/12/2012 3:06:18 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Dolores\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.37% Memory free
5.75 Gb Paging File | 4.27 Gb Available in Paging File | 74.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.76 Gb Total Space | 405.58 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Drive D: | 10.90 Gb Total Space | 2.03 Gb Free Space | 18.58% Space Free | Partition Type: NTFS

Computer Name: DOLORES-PC | User Name: Dolores | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 15:04:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dolores\Desktop\OTL.exe
PRC - [2012/07/12 14:55:36 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dolores\Downloads\tdsskiller.exe
PRC - [2012/05/14 14:22:48 | 000,249,448 | ---- | M] (Synovate) -- C:\Program Files (x86)\Automated Feedback Tool\v6.1.608.0\AftService.EXE
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 16:50:07 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 16:49:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 16:49:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 16:49:45 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/14 13:06:42 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/14 12:28:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 12:28:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 12:27:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/14 12:27:15 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/14 12:27:15 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/14 12:27:14 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/14 12:26:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/14 12:26:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 12:26:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 12:26:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 12:26:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/02 22:04:47 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/30 00:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/07/11 13:25:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/14 14:22:48 | 000,249,448 | ---- | M] (Synovate) [Auto | Running] -- C:\Program Files (x86)\Automated Feedback Tool\v6.1.608.0\AftService.EXE -- (aftservice)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/13 16:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5B9D2CE3-41C5-4CC7-A325-C116CA6C9207}
IE:64bit: - HKLM\..\SearchScopes\{5B9D2CE3-41C5-4CC7-A325-C116CA6C9207}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{F72DDD41-BCDF-4AFD-B924-D5C54655F2CA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{5B9D2CE3-41C5-4CC7-A325-C116CA6C9207}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKLM\..\SearchScopes\{F72DDD41-BCDF-4AFD-B924-D5C54655F2CA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109936&tt=060612_6_&babsrc=SP_ss&mntrId=544cd32b000000000000002618a51e4f
IE - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: textlinks@lplay.com:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109936&tt=060612_6_&babsrc=KW_ss&mntrId=544cd32b000000000000002618a51e4f&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109936&tt=060612_6_&babsrc=HP_ss&mntrId=544cd32b000000000000002618a51e4f"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dolores\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\PROGRAM FILES (X86)\NETRATINGSNETSIGHT\NETSIGHT\METER1\FFADDON\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/16 13:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FFAddon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/07 15:21:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/10 17:49:22 | 000,000,000 | ---D | M]

[2010/09/05 15:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dolores\AppData\Roaming\Mozilla\Extensions
[2012/06/08 12:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\p12fz6j0.default\extensions
[2012/06/08 12:50:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\p12fz6j0.default\extensions\ffxtlbr@babylon.com
[2011/07/26 18:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\p12fz6j0.default\searchplugins\askcom.xml
[2012/05/07 15:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/07 15:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/05/07 15:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/07 15:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/02/09 00:01:07 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files (x86)\google\chrome\application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = c:\program files (x86)\google\chrome\application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = c:\program files (x86)\google\chrome\application\8.0.552.224\gcswf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dolores\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: CashGopher = C:\Users\Dolores\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcaigjnpnfbpnamhjfngppkmfaeoflfn\1.0_0\

O1 HOSTS File: ([2012/07/11 06:30:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2226678873-1678006178-2442612478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {C414535E-B440-4A15-B8A5-0926A76699A5} https://lastpass.com/LPIEHome.ocx (LPIEHome Control)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{241E8A25-0666-4499-9ED7-6C269A904BB9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 15:37:39 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/12 15:04:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dolores\Desktop\OTL.exe
[2012/07/11 07:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/11 07:41:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/11 07:09:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/11 06:30:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/11 06:10:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/11 06:09:31 | 004,576,342 | R--- | C] (Swearware) -- C:\Users\Dolores\Desktop\ComboFix.exe
[2012/07/11 03:01:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 03:01:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 03:01:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 03:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 03:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 03:01:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 03:01:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 03:01:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 03:01:38 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 03:01:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 03:01:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 03:01:37 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 03:01:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 20:05:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 20:05:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 20:04:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 20:04:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 20:04:52 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 14:53:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/07/10 14:53:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/07/10 14:53:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/07/10 14:53:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/07/10 14:53:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/07/10 14:53:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/07/10 14:53:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/07/10 14:53:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/07/08 21:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/08 21:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/13 22:20:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 22:20:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 22:20:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 22:20:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 22:20:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 22:20:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 22:20:27 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 22:20:22 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 22:20:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 15:04:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dolores\Desktop\OTL.exe
[2012/07/12 15:00:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 15:00:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 14:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 14:52:22 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 06:01:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 13:25:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 13:25:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 07:42:08 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 06:30:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/11 06:09:46 | 004,576,342 | R--- | M] (Swearware) -- C:\Users\Dolores\Desktop\ComboFix.exe
[2012/07/11 03:24:14 | 000,330,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 03:23:52 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDolores.job
[2012/06/17 12:04:26 | 000,002,086 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/17 10:46:20 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/06/14 16:25:33 | 000,759,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 16:25:33 | 000,637,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 16:25:33 | 000,111,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 16:14:49 | 000,004,592 | ---- | M] () -- C:\Users\Dolores\Documents\cc_20120614_161436.reg
[2012/06/13 22:10:52 | 309,000,998 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/11 12:27:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 07:42:08 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 16:19:52 | 000,017,972 | ---- | C] () -- C:\Users\Dolores\Documents\cc_20120603_111219.reg
[2012/06/14 16:19:44 | 000,004,592 | ---- | C] () -- C:\Users\Dolores\Documents\cc_20120614_161436.reg
[2012/05/08 14:28:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/08 14:28:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/08 14:28:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/08 14:28:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 14:28:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/08 23:54:51 | 000,003,584 | ---- | C] () -- C:\Users\Dolores\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 22:48:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/08 08:44:27 | 000,001,854 | ---- | C] () -- C:\Users\Dolores\AppData\Roaming\GhostObjGAFix.xml
[2011/01/27 08:52:04 | 000,758,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/15 22:39:51 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/01/08 22:49:33 | 000,007,620 | ---- | C] () -- C:\Users\Dolores\AppData\Local\Resmon.ResmonCfg

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 21:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 18:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 23:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 04:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 21:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 22:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 22:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 21:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/10/06 01:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 01:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 01:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 00:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 18:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TDX.SYS >
[2009/07/13 18:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\ERDNT\cache64\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 20:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/03 14:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/03 14:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/03 14:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/21 03:03:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/21 03:03:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/21 03:03:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2010/12/03 14:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2010/12/03 14:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2010/12/03 14:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/21 03:03:33 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/21 03:03:33 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/21 03:03:33 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2012/06/17 12:21:57 | 000,874,384 | ---- | M] (Opera Software)

< End of report >

step extras

OTL Extras logfile created on: 7/12/2012 3:06:18 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Dolores\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.37% Memory free
5.75 Gb Paging File | 4.27 Gb Available in Paging File | 74.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.76 Gb Total Space | 405.58 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Drive D: | 10.90 Gb Total Space | 2.03 Gb Free Space | 18.58% Space Free | Partition Type: NTFS

Computer Name: DOLORES-PC | User Name: Dolores | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2226678873-1678006178-2442612478-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D63532C-0D65-4CF9-B734-8AFEA030A6FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EBB327B-B79C-423B-B204-3DECFF9086BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4690D0DC-DC10-492D-8184-A005643E6171}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47837E8D-BA7F-43B5-B743-F2F9DE95415D}" = lport=445 | protocol=6 | dir=in | app=system |
"{482E291B-20AE-4967-AD03-E1D2AA1D6A8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49000A05-31DC-450F-B44E-5DA109290B01}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D009A04-48EE-4A0C-A7F8-15F8DC4AA719}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77AE4F5B-788A-4C25-BBD2-FA5AA5B8191C}" = rport=139 | protocol=6 | dir=out | app=system |
"{8461B93B-45B0-4953-AF36-59B822AE044E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8B01B95F-B0AB-4581-B522-00FA39F59031}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B3507A7-A548-4E5D-B713-F6F75C9586A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B37AFC9-7210-41F8-9EAB-70A87CA25452}" = lport=137 | protocol=17 | dir=in | app=system |
"{8C1F0D9C-3548-4CD8-BAB5-88CB59B30050}" = lport=138 | protocol=17 | dir=in | app=system |
"{939CB3E7-F920-47DD-AF21-B53FCEF27847}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6FEC33-FBBB-4C97-A3C5-35E894E0EBEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB687240-74DD-459A-9797-4D63017CCC41}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B02091B7-6F99-4F20-BDF1-57C0C9AA27C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B16FB381-F1C2-4EEE-A461-D3FF44355476}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4707DD0-1618-4554-BA40-7BCD5A958E27}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFAA9375-18DE-41A8-BDBE-904B2F417ABF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DA1B5144-3F20-401C-96FC-CED4F45722C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2CA51E4-8C41-42D9-8EBC-E31DC80C819E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F887BAAC-F4FF-41FC-8D92-9C8504AFAF78}" = rport=137 | protocol=17 | dir=out | app=system |
"{F97FF76B-879B-4720-866D-7E5D3DA931F2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FCBEB51A-9B5D-4D1C-BA37-3AB82B305012}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04220C89-42EB-44CC-813D-13622B1EC534}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{07984A10-AC98-4503-BF85-65B171BA17D5}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{0AB8CA70-D21C-4E62-92F3-69275F2D8E23}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0E450EED-BAC2-45BC-9C36-8A930BA16019}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{10EAFC6D-A62B-4693-A58B-AEC5E72F2264}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12953016-68B4-4835-A7FD-E5AF90947F69}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{16227EF6-726E-4BC2-99C0-49C976D80ED1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AC27BC8-7E6A-4C73-9243-8128F1241E80}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{40F7335B-8E1B-4239-9E3F-BE74BB59EA96}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{46A57F3A-CEF6-4BB5-9492-FFE27CC93756}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D0A40D7-6BC6-412B-91C6-3BEBD500DEFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5301454A-BB63-40AA-989D-7D952FBE7F63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5ACB951B-4C3E-4E6C-945F-34EDDC85A0F8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{6801CB62-E798-4C5F-9839-2316E0271814}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BD72964-66B6-432A-8302-06D06D191FD5}" = protocol=6 | dir=out | app=system |
"{6D6BCAA6-9297-450E-A35B-C83825999540}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{754837E9-943F-493C-91F8-A4919C436F6D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7D4AF0F4-B2D3-47EB-ADFC-18F0AA858D08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84CFB371-DE3A-47D8-A7E7-58645F3D9F48}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{898D20F4-B61A-4AC0-AEFF-9AFC8411AD9D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{A793DF3B-1207-420B-9A95-FC0580A2313E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8D3BB2E-EC9F-499D-AE74-478BC0F7FDE5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA1DC28D-E995-42A9-9343-BE5C222DA321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC538C1F-E234-4A0A-86F7-EAFC4BA56982}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{AD9B9381-594C-428A-AD94-D859CB376FB6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2A5C07D-07B4-4037-B38A-BB6CBD7F25B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9ABADF9-F252-432D-A373-E22E02D61EDA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CC967ED2-4ACC-4ADD-A24A-3BB7703C4BF2}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{D6D14A67-B453-475D-9FBE-2FC36BCFA6FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF863113-9695-4889-A8FF-134368EA30F2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0FF61DD-392F-4972-BD27-6EB0D416AC48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0379311-7397-4950-9BB4-0FE82E73881F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1B1014F5-AE5E-415F-AFDA-13D6B43E66A0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{BBF29B30-6F72-4C1D-87D2-3F3C4D83D250}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"TCP Query User{E208D1F8-CFBB-4C71-8903-765CE15B8305}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{F42E7BD6-BB46-442B-99E7-5A413E348982}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{62429F20-77B7-4734-AB9A-0B7BD672AF86}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{82293EA4-C9F3-44BB-85A1-5DDA2B17A00A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CA7AB28D-F2DA-4769-BA7E-2E26DD9B75AE}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"UDP Query User{EAB68EA6-3AB4-463B-8772-D9230CE440B7}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{46BD8F6D-3B54-4E4A-9906-559F77FF17C3}" = Automated Feedback Tool 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1" = Invoke Solutions Participant 6.2.0.1452
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATT-PRT22" = ATT-PRT22
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Opera 12.00.1467" = Opera 12.00
"Swag_Bucks Toolbar" = Swag_Bucks Toolbar
"WildTangent hp Master Uninstall" = HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2226678873-1678006178-2442612478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E002314-9999-4402-9823-1CB9E6098849}_is1" = Shopping InContext
"LastPass" = LastPass (uninstall only)
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2012 4:22:11 PM | Computer Name = Dolores-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1510 Faulting application start time: 0x01ccf8b21937c23c Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 63b9a3fc-64a5-11e1-bf9c-002618a51e4f

Error - 3/2/2012 5:02:32 PM | Computer Name = Dolores-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033ab3 Faulting
process id: 0x18cc Faulting application start time: 0x01ccf8b412245f08 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 06dea000-64ab-11e1-bf9c-002618a51e4f

Error - 3/2/2012 5:35:49 PM | Computer Name = Dolores-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033ab3 Faulting
process id: 0x11e0 Faulting application start time: 0x01ccf8b8f8821ba8 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: ad27fd18-64af-11e1-bf9c-002618a51e4f

Error - 3/2/2012 5:37:52 PM | Computer Name = Dolores-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033ab3 Faulting
process id: 0x2970 Faulting application start time: 0x01ccf8bc736c24c8 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: f6640148-64af-11e1-bf9c-002618a51e4f

Error - 3/2/2012 5:38:40 PM | Computer Name = Dolores-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033ab3 Faulting
process id: 0x83c Faulting application start time: 0x01ccf8bcbc644228 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 132bb618-64b0-11e1-bf9c-002618a51e4f

Error - 3/2/2012 8:35:30 PM | Computer Name = Dolores-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x2f1c Faulting application start time: 0x01ccf8c8d8bd0278 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: c6e04990-64c8-11e1-bf9c-002618a51e4f

Error - 3/3/2012 2:04:45 AM | Computer Name = Dolores-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/3/2012 2:55:20 AM | Computer Name = Dolores-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 3/3/2012 3:29:58 AM | Computer Name = Dolores-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/3/2012 3:33:21 AM | Computer Name = Dolores-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/3/2012 4:01:40 AM | Computer Name = Dolores-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 3/28/2012 10:07:20 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 3/28/2012 10:09:27 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 4/4/2012 10:24:22 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 4/4/2012 10:27:34 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 4/18/2012 10:25:08 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 4/25/2012 10:45:15 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 4/25/2012 10:45:15 PM | Computer Name = Dolores-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 3/19/2010 2:39:59 PM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 1:39:59 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 3/21/2010 2:53:33 PM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 1:52:55 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 3/29/2010 2:18:31 PM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 1:18:31 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 4/13/2010 2:23:57 PM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 1:23:41 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 7/19/2010 2:29:46 PM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 1:29:46 PM - Error connecting to the internet. 1:29:46 PM - Unable
to contact server..

Error - 7/19/2010 2:30:21 PM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 1:30:15 PM - Error connecting to the internet. 1:30:15 PM - Unable
to contact server..

Error - 2/22/2012 5:39:17 AM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 3:39:13 AM - Error connecting to the internet. 3:39:13 AM - Unable
to contact server..

Error - 2/22/2012 6:40:02 AM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 4:39:57 AM - Error connecting to the internet. 4:39:57 AM - Unable
to contact server..

Error - 2/22/2012 7:43:43 AM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 5:43:42 AM - Error connecting to the internet. 5:43:42 AM - Unable
to contact server..

Error - 2/22/2012 8:43:48 AM | Computer Name = Dolores-PC | Source = MCUpdate | ID = 0
Description = 6:43:47 AM - Error connecting to the internet. 6:43:47 AM - Unable
to contact server..

[ System Events ]
Error - 7/12/2012 2:54:14 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/12/2012 2:54:14 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/12/2012 2:54:32 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/12/2012 2:54:32 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/12/2012 3:01:56 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/12/2012 3:01:56 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/12/2012 3:01:57 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/12/2012 3:01:58 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/12/2012 3:02:16 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/12/2012 3:02:16 PM | Computer Name = Dolores-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users