Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 guitarsrkewl08

guitarsrkewl08

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 August 2012 - 10:25 AM

despite my best efforts to get rid of this virus i have not been able to get rid of it so far ive tried malwarebytes (updated)
avg(updated) it seems both google chrome and firefox have been compromised by the virus however IE seems to not redirect me

posting avg log and malwarebytes log

Scan "Specific files or folders scan" completed.
Warnings 60
Folders selected for scanning: C:\;C:\Program Files;C:\Program Files (x86);C:\Users\Public\Documents;C:\Users\freddie2\AppData\Local\Microsoft\Windows\Temporary Internet Files;C:\Users\freddie2\AppData\Local\Temp;C:\Users\freddie2\Documents;C:\Windows;C:\Windows\SysWOW64;C:\Windows\System32;
Scan started: Tuesday, August 14, 2012, 10:47:17 AM
Scan finished: Tuesday, August 14, 2012, 11:07:53 AM (20 minute(s) 35 second(s))
Total object scanned: 1550730
User who launched the scan: freddie2

Warnings
File
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[6].txt:\tribalfusion.com.dcc03271
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[6].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt:\serving-sys.com.db46cecc
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt:\serving-sys.com.bb39fa8c
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt:\serving-sys.com.a222cbcd
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt:\serving-sys.com.841298c4
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt:\serving-sys.com.176b0dad
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[7].txt:\ru4.com.82a499d7
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[7].txt:\ru4.com.6f8749a4
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[7].txt:\ru4.com.5a5e0633
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[7].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[8].txt:\revsci.net.44927ec
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[8].txt:\revsci.net.3983b30a
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[8].txt:\revsci.net.1ecc4d24
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[8].txt:\revsci.net.1d1a4fbf
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[8].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt:\pro-market.net.e3b25da3
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt:\pro-market.net.bbf67f2d
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt:\pro-market.net.90e15025
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt:\pro-market.net.679dd108
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt:\pro-market.net.266912e2
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt:\pro-market.net.18fe6aff
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[4].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[5].txt:\pointroll.com.f2d5a6f6
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[5].txt:\pointroll.com.72c0abc9
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[5].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[11].txt:\fastclick.net.8a6435e9
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[11].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt:\casalemedia.com.987e6b46
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt:\casalemedia.com.80ad4799
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt:\casalemedia.com.350339d4
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt:\casalemedia.com.2d37ad26
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt:\casalemedia.com.1e1e0e23
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt:\casalemedia.com.1773afc
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[10].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[5].txt:\burstnet.com.c4fe2ebb
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[5].txt:\burstnet.com.a9987480
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[5].txt:\burstnet.com.a3218a37
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[5].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt:\advertising.com.b624fa46
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt:\advertising.com.82fea56
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt:\advertising.com.525a5fb9
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt:\advertising.com.27dc11af
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt:\advertising.com.203aa218
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt:\advertising.com.1dfa2206
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[10].txt:\adbrite.com.d5e309c2
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[10].txt:\adbrite.com.37283d89
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[10].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.d7291c6b
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.9ffdf2e7
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt



=======================
end
==========

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
freddie2 :: FREDDIE-PC [administrator]

8/7/2012 12:27:49 AM
mbam-log-2012-08-07 (00-27-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431689
Time elapsed: 44 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2736 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Happili) -> Data: rundll32.exe "C:\Users\freddie2\AppData\Roaming\Yahoo!\Yahoo!\uuuqi.dll",DllRegisterServer -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 15
C:\Users\freddie2\AppData\Local\Temp\wh_cc.exe (PUP.WebHancer) -> No action taken.
C:\Users\freddie2\AppData\Local\Temp\WZS56D6.tmp\whiehlpr.dll (PUP.WebHancer) -> No action taken.
C:\Users\freddie2\AppData\Local\Temp\WZS56D6.tmp\whieshm.dll (PUP.WebHancer) -> No action taken.
C:\Users\freddie2\AppData\Roaming\Yahoo!\Yahoo!\uuuqi.dll (Trojan.Happili) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2692136088-4157217204-3928519883-1001\$R43FCRR.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\freddie2\AppData\Local\Temp\0.9056385904604137.exe (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\freddie2\AppData\Local\Temp\nsx87A9.tmp\etxcsibbl.dll (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\freddie2\AppData\Local\Temp\nsx87A9.tmp\uuuqi.dll (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\freddie2\AppData\Roaming\Yahoo!\Yahoo!\etxcsibbl.dll (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Windows\Installer\{78ed815a-397e-1606-fae9-33e4b3dac79d}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{78ed815a-397e-1606-fae9-33e4b3dac79d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{78ed815a-397e-1606-fae9-33e4b3dac79d}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{78ed815a-397e-1606-fae9-33e4b3dac79d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:02 AM

Posted 14 August 2012 - 02:46 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 August 2012 - 04:53 PM

16:47:03.0678 0888 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:47:04.0044 0888 ============================================================
16:47:04.0044 0888 Current date / time: 2012/08/14 16:47:04.0044
16:47:04.0045 0888 SystemInfo:
16:47:04.0045 0888
16:47:04.0045 0888 OS Version: 6.1.7600 ServicePack: 0.0
16:47:04.0045 0888 Product type: Workstation
16:47:04.0045 0888 ComputerName: FREDDIE-PC
16:47:04.0045 0888 UserName: freddie2
16:47:04.0045 0888 Windows directory: C:\Windows
16:47:04.0045 0888 System windows directory: C:\Windows
16:47:04.0045 0888 Running under WOW64
16:47:04.0045 0888 Processor architecture: Intel x64
16:47:04.0045 0888 Number of processors: 2
16:47:04.0045 0888 Page size: 0x1000
16:47:04.0045 0888 Boot type: Normal boot
16:47:04.0045 0888 ============================================================
16:47:05.0114 0888 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:05.0138 0888 ============================================================
16:47:05.0138 0888 \Device\Harddisk0\DR0:
16:47:05.0138 0888 MBR partitions:
16:47:05.0138 0888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
16:47:05.0138 0888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x488252B0
16:47:05.0139 0888 ============================================================
16:47:05.0156 0888 C: <-> \Device\Harddisk0\DR0\Partition2
16:47:05.0156 0888 ============================================================
16:47:05.0156 0888 Initialize success
16:47:05.0156 0888 ============================================================
16:47:06.0064 1300 ============================================================
16:47:06.0065 1300 Scan started
16:47:06.0065 1300 Mode: Manual;
16:47:06.0065 1300 ============================================================
16:47:06.0697 1300 ================ Scan services =============================
16:47:06.0843 1300 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:47:06.0877 1300 1394ohci - ok
16:47:06.0926 1300 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:47:06.0938 1300 ACPI - ok
16:47:06.0966 1300 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:47:06.0970 1300 AcpiPmi - ok
16:47:07.0051 1300 [ e8fe4fce23d2809bd88bcc1d0f8408ce ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
16:47:07.0057 1300 AdobeActiveFileMonitor6.0 - ok
16:47:07.0156 1300 [ 459ac130c6ab892b1cd5d7544626efc5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:47:07.0160 1300 AdobeFlashPlayerUpdateSvc - ok
16:47:07.0192 1300 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:47:07.0208 1300 adp94xx - ok
16:47:07.0240 1300 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:47:07.0268 1300 adpahci - ok
16:47:07.0299 1300 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:47:07.0312 1300 adpu320 - ok
16:47:07.0389 1300 [ e005682ae8f8ec4eb05f2a70a16ea1c5 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys
16:47:07.0428 1300 AE1000 - ok
16:47:07.0455 1300 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:47:07.0457 1300 AeLookupSvc - ok
16:47:07.0498 1300 [ b9384e03479d2506bc924c16a3db87bc ] AFD C:\Windows\system32\drivers\afd.sys
16:47:07.0520 1300 AFD - ok
16:47:07.0539 1300 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:47:07.0542 1300 agp440 - ok
16:47:07.0566 1300 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
16:47:07.0569 1300 ALG - ok
16:47:07.0582 1300 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:47:07.0591 1300 aliide - ok
16:47:07.0628 1300 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:47:07.0631 1300 amdide - ok
16:47:07.0654 1300 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:47:07.0657 1300 AmdK8 - ok
16:47:07.0673 1300 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:47:07.0676 1300 AmdPPM - ok
16:47:07.0690 1300 [ 7a4b413614c055935567cf88a9734d38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
16:47:07.0702 1300 amdsata - ok
16:47:07.0721 1300 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:47:07.0725 1300 amdsbs - ok
16:47:07.0737 1300 [ b4ad0cacbab298671dd6f6ef7e20679d ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
16:47:07.0739 1300 amdxata - ok
16:47:07.0779 1300 [ 4de0d5d747a73797c95a97dcce5018b5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:47:07.0782 1300 androidusb - ok
16:47:07.0805 1300 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:47:07.0808 1300 AppID - ok
16:47:07.0821 1300 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:47:07.0825 1300 AppIDSvc - ok
16:47:07.0838 1300 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
16:47:07.0840 1300 Appinfo - ok
16:47:07.0909 1300 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:47:07.0912 1300 Apple Mobile Device - ok
16:47:07.0955 1300 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
16:47:07.0958 1300 arc - ok
16:47:07.0973 1300 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:47:07.0976 1300 arcsas - ok
16:47:07.0999 1300 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:08.0001 1300 AsyncMac - ok
16:47:08.0020 1300 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:47:08.0022 1300 atapi - ok
16:47:08.0044 1300 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:08.0061 1300 AudioEndpointBuilder - ok
16:47:08.0078 1300 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:47:08.0085 1300 AudioSrv - ok
16:47:08.0260 1300 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
16:47:08.0364 1300 AVGIDSAgent - ok
16:47:08.0381 1300 Scan interrupted by user!
16:47:08.0381 1300 ================ Scan global ===============================
16:47:08.0381 1300 Scan interrupted by user!
16:47:08.0381 1300 ================ Scan MBR ==================================
16:47:08.0381 1300 Scan interrupted by user!
16:47:08.0381 1300 ================ Scan VBR ==================================
16:47:08.0381 1300 Scan interrupted by user!
16:47:08.0381 1300 ============================================================
16:47:08.0381 1300 Scan finished
16:47:08.0381 1300 ============================================================
16:47:08.0396 2320 Detected object count: 0
16:47:08.0396 2320 Actual detected object count: 0
16:48:26.0709 3940 ============================================================
16:48:26.0709 3940 Scan started
16:48:26.0709 3940 Mode: Manual; SigCheck; TDLFS;
16:48:26.0709 3940 ============================================================
16:48:26.0930 3940 ================ Scan services =============================
16:48:27.0050 3940 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:48:27.0167 3940 1394ohci - ok
16:48:27.0190 3940 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:48:27.0211 3940 ACPI - ok
16:48:27.0231 3940 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:48:27.0284 3940 AcpiPmi - ok
16:48:27.0350 3940 [ e8fe4fce23d2809bd88bcc1d0f8408ce ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
16:48:27.0362 3940 AdobeActiveFileMonitor6.0 - ok
16:48:27.0446 3940 [ 459ac130c6ab892b1cd5d7544626efc5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:27.0461 3940 AdobeFlashPlayerUpdateSvc - ok
16:48:27.0488 3940 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:48:27.0510 3940 adp94xx - ok
16:48:27.0530 3940 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:48:27.0550 3940 adpahci - ok
16:48:27.0564 3940 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:48:27.0582 3940 adpu320 - ok
16:48:27.0629 3940 [ e005682ae8f8ec4eb05f2a70a16ea1c5 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys
16:48:27.0663 3940 AE1000 - ok
16:48:27.0704 3940 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:48:27.0913 3940 AeLookupSvc - ok
16:48:27.0940 3940 [ b9384e03479d2506bc924c16a3db87bc ] AFD C:\Windows\system32\drivers\afd.sys
16:48:28.0006 3940 AFD - ok
16:48:28.0021 3940 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:48:28.0033 3940 agp440 - ok
16:48:28.0048 3940 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
16:48:28.0076 3940 ALG - ok
16:48:28.0089 3940 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:48:28.0102 3940 aliide - ok
16:48:28.0119 3940 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:48:28.0130 3940 amdide - ok
16:48:28.0162 3940 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:48:28.0183 3940 AmdK8 - ok
16:48:28.0194 3940 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:48:28.0223 3940 AmdPPM - ok
16:48:28.0239 3940 [ 7a4b413614c055935567cf88a9734d38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
16:48:28.0252 3940 amdsata - ok
16:48:28.0269 3940 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:48:28.0285 3940 amdsbs - ok
16:48:28.0303 3940 [ b4ad0cacbab298671dd6f6ef7e20679d ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
16:48:28.0316 3940 amdxata - ok
16:48:28.0345 3940 [ 4de0d5d747a73797c95a97dcce5018b5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:48:28.0396 3940 androidusb - ok
16:48:28.0412 3940 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:48:28.0488 3940 AppID - ok
16:48:28.0503 3940 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:48:28.0562 3940 AppIDSvc - ok
16:48:28.0578 3940 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
16:48:28.0633 3940 Appinfo - ok
16:48:28.0691 3940 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:28.0703 3940 Apple Mobile Device - ok
16:48:28.0725 3940 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
16:48:28.0737 3940 arc - ok
16:48:28.0755 3940 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:48:28.0768 3940 arcsas - ok
16:48:28.0782 3940 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:28.0841 3940 AsyncMac - ok
16:48:28.0847 3940 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:48:28.0859 3940 atapi - ok
16:48:28.0885 3940 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:28.0954 3940 AudioEndpointBuilder - ok
16:48:28.0976 3940 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:48:29.0035 3940 AudioSrv - ok
16:48:29.0167 3940 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
16:48:29.0287 3940 AVGIDSAgent - ok
16:48:29.0311 3940 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:48:29.0334 3940 AVGIDSDriver - ok
16:48:29.0366 3940 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:48:29.0379 3940 AVGIDSFilter - ok
16:48:29.0416 3940 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:48:29.0428 3940 AVGIDSHA - ok
16:48:29.0486 3940 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:48:29.0518 3940 Avgldx64 - ok
16:48:29.0554 3940 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:48:29.0564 3940 Avgmfx64 - ok
16:48:29.0602 3940 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:48:29.0614 3940 Avgrkx64 - ok
16:48:29.0643 3940 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:48:29.0660 3940 avgwd - ok
16:48:29.0687 3940 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:48:29.0753 3940 AxInstSV - ok
16:48:29.0784 3940 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:48:29.0835 3940 b06bdrv - ok
16:48:29.0867 3940 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:29.0899 3940 b57nd60a - ok
16:48:29.0922 3940 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:48:29.0956 3940 BDESVC - ok
16:48:29.0966 3940 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:48:30.0024 3940 Beep - ok
16:48:30.0067 3940 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
16:48:30.0142 3940 BFE - ok
16:48:30.0190 3940 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\system32\qmgr.dll
16:48:30.0282 3940 BITS - ok
16:48:30.0296 3940 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:30.0323 3940 blbdrive - ok
16:48:30.0406 3940 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:48:30.0425 3940 Bonjour Service - ok
16:48:30.0440 3940 [ 91ce0d3dc57dd377e690a2d324022b08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:48:30.0497 3940 bowser - ok
16:48:30.0510 3940 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:48:30.0539 3940 BrFiltLo - ok
16:48:30.0556 3940 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:48:30.0580 3940 BrFiltUp - ok
16:48:30.0608 3940 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:48:30.0664 3940 BridgeMP - ok
16:48:30.0681 3940 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
16:48:30.0741 3940 Browser - ok
16:48:30.0759 3940 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:48:30.0824 3940 Brserid - ok
16:48:30.0830 3940 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:30.0863 3940 BrSerWdm - ok
16:48:30.0875 3940 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:30.0900 3940 BrUsbMdm - ok
16:48:30.0920 3940 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:30.0943 3940 BrUsbSer - ok
16:48:30.0976 3940 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:48:31.0014 3940 BthEnum - ok
16:48:31.0032 3940 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:48:31.0058 3940 BTHMODEM - ok
16:48:31.0071 3940 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:48:31.0107 3940 BthPan - ok
16:48:31.0142 3940 [ a51fa9d0e85d5adabef72e67f386309c ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:48:31.0183 3940 BTHPORT - ok
16:48:31.0201 3940 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
16:48:31.0259 3940 bthserv - ok
16:48:31.0287 3940 [ f740b9a16b2c06700f2130e19986bf3b ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:48:31.0320 3940 BTHUSB - ok
16:48:31.0425 3940 catchme - ok
16:48:31.0440 3940 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:48:31.0495 3940 cdfs - ok
16:48:31.0528 3940 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:48:31.0550 3940 cdrom - ok
16:48:31.0572 3940 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
16:48:31.0635 3940 CertPropSvc - ok
16:48:31.0650 3940 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:48:31.0675 3940 circlass - ok
16:48:31.0700 3940 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
16:48:31.0735 3940 CLFS - ok
16:48:31.0780 3940 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:31.0794 3940 clr_optimization_v2.0.50727_32 - ok
16:48:31.0840 3940 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:31.0854 3940 clr_optimization_v2.0.50727_64 - ok
16:48:31.0873 3940 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:31.0901 3940 CmBatt - ok
16:48:31.0911 3940 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:48:31.0924 3940 cmdide - ok
16:48:31.0947 3940 [ f95fd4cb7da00ba2a63ce9f6b5c053e1 ] CNG C:\Windows\system32\Drivers\cng.sys
16:48:31.0990 3940 CNG - ok
16:48:32.0011 3940 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:48:32.0024 3940 Compbatt - ok
16:48:32.0046 3940 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:48:32.0069 3940 CompositeBus - ok
16:48:32.0078 3940 COMSysApp - ok
16:48:32.0102 3940 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:32.0116 3940 crcdisk - ok
16:48:32.0162 3940 [ 8c57411b66282c01533cb776f98ad384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:48:32.0217 3940 CryptSvc - ok
16:48:32.0254 3940 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:48:32.0323 3940 DcomLaunch - ok
16:48:32.0340 3940 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
16:48:32.0401 3940 defragsvc - ok
16:48:32.0424 3940 [ 3f1dc527070acb87e40afe46ef6da749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:48:32.0484 3940 DfsC - ok
16:48:32.0500 3940 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
16:48:32.0578 3940 Dhcp - ok
16:48:32.0593 3940 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
16:48:32.0656 3940 discache - ok
16:48:32.0670 3940 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:48:32.0684 3940 Disk - ok
16:48:32.0704 3940 [ 676108c4e3aa6f6b34633748bd0bebd9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:48:32.0758 3940 Dnscache - ok
16:48:32.0774 3940 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
16:48:32.0837 3940 dot3svc - ok
16:48:32.0867 3940 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
16:48:32.0923 3940 DPS - ok
16:48:32.0944 3940 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:48:32.0963 3940 drmkaud - ok
16:48:32.0994 3940 [ ebce0b0924835f635f620d19f0529dce ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:48:33.0044 3940 DXGKrnl - ok
16:48:33.0059 3940 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:48:33.0124 3940 EapHost - ok
16:48:33.0196 3940 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:48:33.0329 3940 ebdrv - ok
16:48:33.0355 3940 [ 0793f40b9b8a1bdd266296409dbd91ea ] EFS C:\Windows\System32\lsass.exe
16:48:33.0373 3940 EFS - ok
16:48:33.0413 3940 [ b91d81b3b54a54ccafc03733dbc2e29e ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:48:33.0467 3940 ehRecvr - ok
16:48:33.0483 3940 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
16:48:33.0504 3940 ehSched - ok
16:48:33.0522 3940 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:48:33.0557 3940 elxstor - ok
16:48:33.0572 3940 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:48:33.0591 3940 ErrDev - ok
16:48:33.0618 3940 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
16:48:33.0699 3940 EventSystem - ok
16:48:33.0718 3940 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
16:48:33.0772 3940 exfat - ok
16:48:33.0790 3940 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:48:33.0852 3940 fastfat - ok
16:48:33.0889 3940 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
16:48:33.0933 3940 Fax - ok
16:48:33.0946 3940 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:48:33.0972 3940 fdc - ok
16:48:33.0989 3940 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:48:34.0044 3940 fdPHost - ok
16:48:34.0055 3940 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:48:34.0108 3940 FDResPub - ok
16:48:34.0126 3940 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:48:34.0144 3940 FileInfo - ok
16:48:34.0153 3940 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:48:34.0215 3940 Filetrace - ok
16:48:34.0258 3940 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:48:34.0292 3940 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:48:34.0292 3940 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:48:34.0307 3940 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:34.0322 3940 flpydisk - ok
16:48:34.0343 3940 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:48:34.0363 3940 FltMgr - ok
16:48:34.0397 3940 [ 8ac4cb4ea61e41009fae9ae7b2b5da3a ] FontCache C:\Windows\system32\FntCache.dll
16:48:34.0487 3940 FontCache - ok
16:48:34.0522 3940 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:34.0534 3940 FontCache3.0.0.0 - ok
16:48:34.0584 3940 [ 52b58a46beefb238c580b69fd051cb5b ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
16:48:34.0608 3940 ForceWare Intelligent Application Manager (IAM) - ok
16:48:34.0620 3940 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:48:34.0634 3940 FsDepends - ok
16:48:34.0646 3940 [ e95ef8547de20cf0603557c0cf7a9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:48:34.0658 3940 Fs_Rec - ok
16:48:34.0685 3940 [ b8b2a6e1558f8f5de5ce431c5b2c7b09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:48:34.0709 3940 fvevol - ok
16:48:34.0723 3940 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:34.0747 3940 gagp30kx - ok
16:48:34.0796 3940 [ 6858c318e8daa40e747e6fb9b214e104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
16:48:34.0816 3940 GameConsoleService - ok
16:48:34.0848 3940 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:34.0859 3940 GEARAspiWDM - ok
16:48:34.0893 3940 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
16:48:34.0943 3940 gpsvc - ok
16:48:35.0012 3940 [ 816fd5a6f3c2f3d600900096632fc60e ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
16:48:35.0053 3940 Greg_Service - ok
16:48:35.0109 3940 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:35.0120 3940 gupdate - ok
16:48:35.0142 3940 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:35.0152 3940 gupdatem - ok
16:48:35.0169 3940 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:48:35.0212 3940 hcw85cir - ok
16:48:35.0243 3940 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:48:35.0278 3940 HdAudAddService - ok
16:48:35.0294 3940 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:35.0327 3940 HDAudBus - ok
16:48:35.0346 3940 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:35.0376 3940 HidBatt - ok
16:48:35.0391 3940 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:48:35.0420 3940 HidBth - ok
16:48:35.0437 3940 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:48:35.0461 3940 HidIr - ok
16:48:35.0485 3940 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
16:48:35.0536 3940 hidserv - ok
16:48:35.0571 3940 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:48:35.0587 3940 HidUsb - ok
16:48:35.0607 3940 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:48:35.0664 3940 hkmsvc - ok
16:48:35.0684 3940 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:48:35.0715 3940 HomeGroupListener - ok
16:48:35.0737 3940 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:48:35.0765 3940 HomeGroupProvider - ok
16:48:35.0784 3940 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:48:35.0798 3940 HpSAMD - ok
16:48:35.0830 3940 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:48:35.0911 3940 HTTP - ok
16:48:35.0928 3940 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:48:35.0941 3940 hwpolicy - ok
16:48:35.0971 3940 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:35.0993 3940 i8042prt - ok
16:48:36.0023 3940 [ d83efb6fd45df9d55e9a1afc63640d50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
16:48:36.0056 3940 iaStorV - ok
16:48:36.0095 3940 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:36.0142 3940 idsvc - ok
16:48:36.0164 3940 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:48:36.0180 3940 iirsp - ok
16:48:36.0215 3940 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
16:48:36.0298 3940 IKEEXT - ok
16:48:36.0371 3940 [ 2e3b99e8c23be2bf32ebe1db5261f275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:48:36.0514 3940 IntcAzAudAddService - ok
16:48:36.0534 3940 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:48:36.0547 3940 intelide - ok
16:48:36.0571 3940 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:48:36.0598 3940 intelppm - ok
16:48:36.0615 3940 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:48:36.0668 3940 IPBusEnum - ok
16:48:36.0686 3940 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:36.0738 3940 IpFilterDriver - ok
16:48:36.0764 3940 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:48:36.0840 3940 iphlpsvc - ok
16:48:36.0855 3940 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:48:36.0873 3940 IPMIDRV - ok
16:48:36.0895 3940 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:48:36.0954 3940 IPNAT - ok
16:48:36.0999 3940 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:48:37.0028 3940 iPod Service - ok
16:48:37.0048 3940 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:48:37.0069 3940 IRENUM - ok
16:48:37.0084 3940 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:48:37.0106 3940 isapnp - ok
16:48:37.0125 3940 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:48:37.0150 3940 iScsiPrt - ok
16:48:37.0170 3940 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:37.0189 3940 kbdclass - ok
16:48:37.0202 3940 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:37.0228 3940 kbdhid - ok
16:48:37.0238 3940 [ 0793f40b9b8a1bdd266296409dbd91ea ] KeyIso C:\Windows\system32\lsass.exe
16:48:37.0255 3940 KeyIso - ok
16:48:37.0271 3940 [ e8b6fcc9c83535c67f835d407620bd27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:48:37.0290 3940 KSecDD - ok
16:48:37.0305 3940 [ bbe1bf6d9b661c354d4857d5fadb943b ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:48:37.0326 3940 KSecPkg - ok
16:48:37.0335 3940 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:48:37.0394 3940 ksthunk - ok
16:48:37.0423 3940 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
16:48:37.0485 3940 KtmRm - ok
16:48:37.0517 3940 [ c926920b8978de6acfe9e15c709e9b57 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:48:37.0581 3940 LanmanServer - ok
16:48:37.0596 3940 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:37.0649 3940 LanmanWorkstation - ok
16:48:37.0674 3940 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:48:37.0725 3940 lltdio - ok
16:48:37.0741 3940 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:48:37.0800 3940 lltdsvc - ok
16:48:37.0825 3940 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:48:37.0876 3940 lmhosts - ok
16:48:37.0902 3940 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:37.0920 3940 LSI_FC - ok
16:48:37.0933 3940 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:37.0948 3940 LSI_SAS - ok
16:48:37.0960 3940 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:37.0974 3940 LSI_SAS2 - ok
16:48:37.0991 3940 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:38.0007 3940 LSI_SCSI - ok
16:48:38.0031 3940 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
16:48:38.0089 3940 luafv - ok
16:48:38.0124 3940 [ ef586b959f747e74c76603ff16ae417b ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
16:48:38.0154 3940 LVRS64 - ok
16:48:38.0252 3940 [ edf73bfa1bd24d74d1d64dc0ed28a7cd ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
16:48:38.0412 3940 LVUVC64 - ok
16:48:38.0449 3940 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:48:38.0462 3940 MBAMProtector - ok
16:48:38.0516 3940 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:48:38.0542 3940 MBAMService - ok
16:48:38.0560 3940 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:48:38.0584 3940 Mcx2Svc - ok
16:48:38.0597 3940 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:48:38.0612 3940 megasas - ok
16:48:38.0640 3940 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:38.0659 3940 MegaSR - ok
16:48:38.0682 3940 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
16:48:38.0739 3940 MMCSS - ok
16:48:38.0755 3940 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:48:38.0820 3940 Modem - ok
16:48:38.0838 3940 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:48:38.0867 3940 monitor - ok
16:48:38.0886 3940 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:48:38.0899 3940 mouclass - ok
16:48:38.0913 3940 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:48:38.0932 3940 mouhid - ok
16:48:38.0949 3940 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:48:38.0964 3940 mountmgr - ok
16:48:38.0991 3940 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:48:39.0004 3940 MozillaMaintenance - ok
16:48:39.0018 3940 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:48:39.0035 3940 mpio - ok
16:48:39.0048 3940 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:48:39.0100 3940 mpsdrv - ok
16:48:39.0125 3940 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:48:39.0198 3940 MpsSvc - ok
16:48:39.0207 3940 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:48:39.0237 3940 MRxDAV - ok
16:48:39.0258 3940 [ ab5892797c4114640ba333949568de8c ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:39.0297 3940 mrxsmb - ok
16:48:39.0328 3940 [ 81a38f7aeeb265634b05ae5f3f29fbc4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:39.0356 3940 mrxsmb10 - ok
16:48:39.0366 3940 [ 6b2d5fef385828b6e485c1c90afb8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:39.0417 3940 mrxsmb20 - ok
16:48:39.0440 3940 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:48:39.0456 3940 msahci - ok
16:48:39.0471 3940 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:48:39.0487 3940 msdsm - ok
16:48:39.0500 3940 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
16:48:39.0526 3940 MSDTC - ok
16:48:39.0542 3940 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:48:39.0591 3940 Msfs - ok
16:48:39.0608 3940 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:48:39.0663 3940 mshidkmdf - ok
16:48:39.0673 3940 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:48:39.0686 3940 msisadrv - ok
16:48:39.0729 3940 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:48:39.0791 3940 MSiSCSI - ok
16:48:39.0798 3940 msiserver - ok
16:48:39.0819 3940 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:48:39.0878 3940 MSKSSRV - ok
16:48:39.0891 3940 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:39.0937 3940 MSPCLOCK - ok
16:48:39.0952 3940 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:48:40.0009 3940 MSPQM - ok
16:48:40.0027 3940 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:48:40.0060 3940 MsRPC - ok
16:48:40.0075 3940 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:40.0088 3940 mssmbios - ok
16:48:40.0095 3940 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:48:40.0167 3940 MSTEE - ok
16:48:40.0190 3940 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:40.0214 3940 MTConfig - ok
16:48:40.0230 3940 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:48:40.0245 3940 Mup - ok
16:48:40.0274 3940 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
16:48:40.0340 3940 napagent - ok
16:48:40.0367 3940 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:48:40.0398 3940 NativeWifiP - ok
16:48:40.0424 3940 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
16:48:40.0479 3940 NDIS - ok
16:48:40.0495 3940 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:40.0544 3940 NdisCap - ok
16:48:40.0564 3940 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:40.0619 3940 NdisTapi - ok
16:48:40.0639 3940 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:40.0694 3940 Ndisuio - ok
16:48:40.0711 3940 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:40.0761 3940 NdisWan - ok
16:48:40.0777 3940 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:48:40.0827 3940 NDProxy - ok
16:48:40.0879 3940 [ 7d2633295eb6ff2b938185874884059d ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:48:40.0923 3940 Nero BackItUp Scheduler 4.0 - ok
16:48:40.0944 3940 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:48:41.0001 3940 NetBIOS - ok
16:48:41.0023 3940 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:48:41.0091 3940 NetBT - ok
16:48:41.0105 3940 [ 0793f40b9b8a1bdd266296409dbd91ea ] Netlogon C:\Windows\system32\lsass.exe
16:48:41.0121 3940 Netlogon - ok
16:48:41.0148 3940 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
16:48:41.0208 3940 Netman - ok
16:48:41.0231 3940 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
16:48:41.0302 3940 netprofm - ok
16:48:41.0325 3940 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:41.0339 3940 NetTcpPortSharing - ok
16:48:41.0356 3940 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:41.0372 3940 nfrd960 - ok
16:48:41.0397 3940 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:48:41.0467 3940 NlaSvc - ok
16:48:41.0479 3940 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:48:41.0532 3940 Npfs - ok
16:48:41.0543 3940 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:48:41.0603 3940 nsi - ok
16:48:41.0616 3940 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:48:41.0665 3940 nsiproxy - ok
16:48:41.0701 3940 [ 20e179a7fe78b37a02d30c4d34c870e7 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
16:48:41.0714 3940 nSvcIp - ok
16:48:41.0766 3940 [ 356698a13c4630d5b31c37378d469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:48:41.0832 3940 Ntfs - ok
16:48:41.0844 3940 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
16:48:41.0899 3940 Null - ok
16:48:41.0924 3940 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
16:48:41.0958 3940 NVENETFD - ok
16:48:42.0248 3940 [ 4628fa8f0cc0d509bc14a223e99d36f3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:42.0690 3940 nvlddmkm - ok
16:48:42.0732 3940 [ 909eedcbd365bb81027d8e742e6b3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
16:48:42.0771 3940 NVNET - ok
16:48:42.0798 3940 [ 3e38712941e9bb4ddbee00affe3fed3d ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
16:48:42.0814 3940 nvraid - ok
16:48:42.0831 3940 [ 477dc4d6deb99be37084c9ac6d013da1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
16:48:42.0850 3940 nvstor - ok
16:48:42.0880 3940 [ 1e45f96342429d63dc30e0d9117da3d8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
16:48:42.0897 3940 nvstor64 - ok
16:48:42.0921 3940 [ 703f996312202d84663f7c8584acaf55 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:48:42.0940 3940 nvsvc - ok
16:48:42.0959 3940 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:48:42.0977 3940 nv_agp - ok
16:48:42.0995 3940 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:43.0014 3940 ohci1394 - ok
16:48:43.0045 3940 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:48:43.0084 3940 p2pimsvc - ok
16:48:43.0115 3940 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:48:43.0150 3940 p2psvc - ok
16:48:43.0173 3940 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:48:43.0190 3940 Parport - ok
16:48:43.0207 3940 [ 7daa117143316c4a1537e074a5a9eaf0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:48:43.0223 3940 partmgr - ok
16:48:43.0239 3940 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:48:43.0271 3940 PcaSvc - ok
16:48:43.0288 3940 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
16:48:43.0308 3940 pci - ok
16:48:43.0319 3940 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:48:43.0331 3940 pciide - ok
16:48:43.0355 3940 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:43.0373 3940 pcmcia - ok
16:48:43.0391 3940 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:48:43.0405 3940 pcw - ok
16:48:43.0438 3940 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:48:43.0504 3940 PEAUTH - ok
16:48:43.0573 3940 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:48:43.0601 3940 PerfHost - ok
16:48:43.0647 3940 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
16:48:43.0747 3940 pla - ok
16:48:43.0777 3940 [ 23157d583244400e1d7fbaee2e4b31b7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:48:43.0845 3940 PlugPlay - ok
16:48:43.0856 3940 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:48:43.0883 3940 PNRPAutoReg - ok
16:48:43.0904 3940 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:48:43.0923 3940 PNRPsvc - ok
16:48:43.0946 3940 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:48:44.0019 3940 PolicyAgent - ok
16:48:44.0045 3940 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
16:48:44.0106 3940 Power - ok
16:48:44.0129 3940 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:48:44.0186 3940 PptpMiniport - ok
16:48:44.0202 3940 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:48:44.0231 3940 Processor - ok
16:48:44.0258 3940 [ f381975e1f4346de875cb07339ce8d3a ] ProfSvc C:\Windows\system32\profsvc.dll
16:48:44.0325 3940 ProfSvc - ok
16:48:44.0338 3940 [ 0793f40b9b8a1bdd266296409dbd91ea ] ProtectedStorage C:\Windows\system32\lsass.exe
16:48:44.0360 3940 ProtectedStorage - ok
16:48:44.0381 3940 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:48:44.0431 3940 Psched - ok
16:48:44.0479 3940 [ a6bf0a9b5a30d743623ca0d3be35df05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:48:44.0499 3940 PxHlpa64 - ok
16:48:44.0546 3940 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:48:44.0610 3940 ql2300 - ok
16:48:44.0627 3940 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:48:44.0652 3940 ql40xx - ok
16:48:44.0681 3940 [ e92ca234469cc386ad81b9db924fe9d4 ] qrkis C:\Windows\system32\DRIVERS\qrkis.sys
16:48:44.0712 3940 qrkis - ok
16:48:44.0727 3940 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
16:48:44.0755 3940 QWAVE - ok
16:48:44.0766 3940 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:48:44.0802 3940 QWAVEdrv - ok
16:48:44.0833 3940 [ a55e7d0d873b2c97585b3b5926ac6ade ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
16:48:44.0851 3940 RapiMgr - ok
16:48:44.0869 3940 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:48:44.0928 3940 RasAcd - ok
16:48:44.0961 3940 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:45.0011 3940 RasAgileVpn - ok
16:48:45.0026 3940 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
16:48:45.0081 3940 RasAuto - ok
16:48:45.0094 3940 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:45.0146 3940 Rasl2tp - ok
16:48:45.0160 3940 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
16:48:45.0228 3940 RasMan - ok
16:48:45.0240 3940 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:45.0295 3940 RasPppoe - ok
16:48:45.0311 3940 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:48:45.0368 3940 RasSstp - ok
16:48:45.0386 3940 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:48:45.0459 3940 rdbss - ok
16:48:45.0477 3940 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:45.0505 3940 rdpbus - ok
16:48:45.0524 3940 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:45.0584 3940 RDPCDD - ok
16:48:45.0601 3940 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:48:45.0670 3940 RDPENCDD - ok
16:48:45.0695 3940 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:48:45.0753 3940 RDPREFMP - ok
16:48:45.0772 3940 [ 8a3e6bea1c53ea6177fe2b6eba2c80d7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:48:45.0849 3940 RDPWD - ok
16:48:45.0867 3940 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:48:45.0887 3940 rdyboost - ok
16:48:45.0921 3940 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:48:46.0000 3940 RemoteAccess - ok
16:48:46.0013 3940 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:48:46.0088 3940 RemoteRegistry - ok
16:48:46.0133 3940 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:48:46.0172 3940 RFCOMM - ok
16:48:46.0195 3940 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:48:46.0264 3940 RpcEptMapper - ok
16:48:46.0291 3940 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
16:48:46.0317 3940 RpcLocator - ok
16:48:46.0337 3940 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
16:48:46.0396 3940 RpcSs - ok
16:48:46.0416 3940 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:48:46.0486 3940 rspndr - ok
16:48:46.0496 3940 [ 0793f40b9b8a1bdd266296409dbd91ea ] SamSs C:\Windows\system32\lsass.exe
16:48:46.0516 3940 SamSs - ok
16:48:46.0532 3940 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:48:46.0556 3940 sbp2port - ok
16:48:46.0576 3940 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:48:46.0633 3940 SCardSvr - ok
16:48:46.0651 3940 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:48:46.0724 3940 scfilter - ok
16:48:46.0758 3940 [ ec56b171f85c7e855e7b0588ac503eea ] Schedule C:\Windows\system32\schedsvc.dll
16:48:46.0848 3940 Schedule - ok
16:48:46.0865 3940 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
16:48:46.0931 3940 SCPolicySvc - ok
16:48:46.0951 3940 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:48:47.0003 3940 SDRSVC - ok
16:48:47.0036 3940 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:48:47.0105 3940 secdrv - ok
16:48:47.0124 3940 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
16:48:47.0190 3940 seclogon - ok
16:48:47.0219 3940 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
16:48:47.0272 3940 SENS - ok
16:48:47.0297 3940 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:48:47.0328 3940 SensrSvc - ok
16:48:47.0348 3940 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:48:47.0372 3940 Serenum - ok
16:48:47.0405 3940 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:48:47.0440 3940 Serial - ok
16:48:47.0454 3940 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:48:47.0484 3940 sermouse - ok
16:48:47.0515 3940 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
16:48:47.0571 3940 SessionEnv - ok
16:48:47.0587 3940 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:47.0621 3940 sffdisk - ok
16:48:47.0634 3940 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:48:47.0663 3940 sffp_mmc - ok
16:48:47.0678 3940 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:47.0704 3940 sffp_sd - ok
16:48:47.0719 3940 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:48:47.0736 3940 sfloppy - ok
16:48:47.0762 3940 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:48:47.0835 3940 SharedAccess - ok
16:48:47.0859 3940 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:48:47.0909 3940 ShellHWDetection - ok
16:48:47.0927 3940 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:48:47.0940 3940 SiSRaid2 - ok
16:48:47.0952 3940 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:48:47.0968 3940 SiSRaid4 - ok
16:48:47.0992 3940 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:48:48.0047 3940 Smb - ok
16:48:48.0069 3940 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:48:48.0088 3940 SNMPTRAP - ok
16:48:48.0110 3940 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:48:48.0124 3940 spldr - ok
16:48:48.0167 3940 [ 89e8550c5862999fcf482ea562b0e98e ] Spooler C:\Windows\System32\spoolsv.exe
16:48:48.0200 3940 Spooler - ok
16:48:48.0280 3940 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
16:48:48.0400 3940 sppsvc - ok
16:48:48.0419 3940 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:48:48.0470 3940 sppuinotify - ok
16:48:48.0491 3940 [ 37c3abc2338010e110d2a6a3930f3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:48:48.0534 3940 srv - ok
16:48:48.0560 3940 [ f773d2ed090b7baa1c1a034f3ca476c8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:48:48.0639 3940 srv2 - ok
16:48:48.0659 3940 [ cce32bb223e9ff55d241099a858fa889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:48:48.0685 3940 srvnet - ok
16:48:48.0719 3940 [ 8f8324ed1de63ffc7b1a02cd2d963c72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:48:48.0762 3940 ssadbus - ok
16:48:48.0784 3940 [ 58221efcb74167b73667f0024c661ce0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:48:48.0870 3940 ssadmdfl - ok
16:48:48.0917 3940 [ 4da7c71bfac5ad71255b7e4cab980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:48:49.0002 3940 ssadmdm - ok
16:48:49.0038 3940 [ d33d1bd3ec0e766211a234f56a12726d ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
16:48:49.0079 3940 ssadserd - ok
16:48:49.0129 3940 [ ed161b91fdf7eaa39469d72d463d5f4e ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
16:48:49.0144 3940 sscdbus - ok
16:48:49.0175 3940 [ 4cb09e77593dbd8d7af33b37375ca715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:48:49.0191 3940 sscdmdfl - ok
16:48:49.0211 3940 [ c7b4cf53497a6e5363f3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
16:48:49.0239 3940 sscdmdm - ok
16:48:49.0263 3940 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:48:49.0334 3940 SSDPSRV - ok
16:48:49.0360 3940 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:48:49.0414 3940 SstpSvc - ok
16:48:49.0429 3940 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:48:49.0445 3940 stexstor - ok
16:48:49.0490 3940 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
16:48:49.0548 3940 stisvc - ok
16:48:49.0577 3940 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:48:49.0591 3940 swenum - ok
16:48:49.0619 3940 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
16:48:49.0688 3940 swprv - ok
16:48:49.0746 3940 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
16:48:49.0822 3940 SysMain - ok
16:48:49.0838 3940 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:48:49.0871 3940 TabletInputService - ok
16:48:49.0890 3940 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
16:48:49.0961 3940 TapiSrv - ok
16:48:49.0978 3940 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
16:48:50.0036 3940 TBS - ok
16:48:50.0082 3940 [ 912107716bab424c7870e8e6af5e07e1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:48:50.0153 3940 Tcpip - ok
16:48:50.0208 3940 [ 912107716bab424c7870e8e6af5e07e1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:48:50.0259 3940 TCPIP6 - ok
16:48:50.0274 3940 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:48:50.0326 3940 tcpipreg - ok
16:48:50.0345 3940 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:48:50.0405 3940 TDPIPE - ok
16:48:50.0413 3940 [ e4245bda3190a582d55ed09e137401a9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:48:50.0466 3940 TDTCP - ok
16:48:50.0489 3940 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:48:50.0547 3940 tdx - ok
16:48:50.0631 3940 [ 01a402d34732ca3da91786adcc765069 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
16:48:50.0717 3940 TeamViewer6 - ok
16:48:50.0817 3940 [ 74fc70ae64a7b7dabec9697ce0a1f4fa ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:48:50.0889 3940 TeamViewer7 - ok
16:48:50.0909 3940 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:48:50.0923 3940 TermDD - ok
16:48:50.0962 3940 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
16:48:51.0040 3940 TermService - ok
16:48:51.0091 3940 [ 8ea55b73b4cda9111f7fa3be50a91691 ] Tether C:\Program Files (x86)\Tether\TBService.exe
16:48:51.0103 3940 Tether - ok
16:48:51.0120 3940 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
16:48:51.0144 3940 Themes - ok
16:48:51.0157 3940 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
16:48:51.0210 3940 THREADORDER - ok
16:48:51.0228 3940 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
16:48:51.0285 3940 TrkWks - ok
16:48:51.0324 3940 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:48:51.0348 3940 TrustedInstaller - ok
16:48:51.0374 3940 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:51.0427 3940 tssecsrv - ok
16:48:51.0458 3940 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:48:51.0521 3940 tunnel - ok
16:48:51.0584 3940 [ 0461faebb17a4a92effa2eb67bc52261 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe
16:48:51.0620 3940 tvnserver - ok
16:48:51.0635 3940 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:48:51.0649 3940 uagp35 - ok
16:48:51.0672 3940 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:48:51.0737 3940 udfs - ok
16:48:51.0755 3940 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:48:51.0777 3940 UI0Detect - ok
16:48:51.0794 3940 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:48:51.0808 3940 uliagpkx - ok
16:48:51.0830 3940 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:48:51.0862 3940 umbus - ok
16:48:51.0883 3940 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:48:51.0905 3940 UmPass - ok
16:48:51.0947 3940 [ 8b802b483cbde06f62dbc04dc7afaf8e ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:48:51.0967 3940 UMVPFSrv - ok
16:48:52.0008 3940 [ f9ec9acd504d823d9b9ca98a4f8d3ca2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
16:48:52.0022 3940 Updater Service - ok
16:48:52.0044 3940 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
16:48:52.0117 3940 upnphost - ok
16:48:52.0158 3940 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:48:52.0224 3940 USBAAPL64 - ok
16:48:52.0240 3940 [ 77b01bc848298223a95d4ec23e1785a1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:48:52.0260 3940 usbaudio - ok
16:48:52.0277 3940 [ b26afb54a534d634523c4fb66765b026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:52.0303 3940 usbccgp - ok
16:48:52.0320 3940 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:48:52.0344 3940 usbcir - ok
16:48:52.0355 3940 [ 2ea4aff7be7eb4632e3aa8595b0803b5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:48:52.0375 3940 usbehci - ok
16:48:52.0402 3940 [ 4c9042b8df86c1e8e6240c218b99b39b ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:48:52.0447 3940 usbhub - ok
16:48:52.0463 3940 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:48:52.0481 3940 usbohci - ok
16:48:52.0493 3940 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:48:52.0516 3940 usbprint - ok
16:48:52.0550 3940 [ 080d3820da6c046be82fc8b45a893e83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:52.0568 3940 USBSTOR - ok
16:48:52.0582 3940 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:48:52.0601 3940 usbuhci - ok
16:48:52.0644 3940 [ 70d05ee263568a742d14e1876df80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
16:48:52.0665 3940 usb_rndisx - ok
16:48:52.0690 3940 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
16:48:52.0747 3940 UxSms - ok
16:48:52.0755 3940 [ 0793f40b9b8a1bdd266296409dbd91ea ] VaultSvc C:\Windows\system32\lsass.exe
16:48:52.0775 3940 VaultSvc - ok
16:48:52.0791 3940 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:48:52.0808 3940 vdrvroot - ok
16:48:52.0832 3940 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
16:48:52.0872 3940 vds - ok
16:48:52.0888 3940 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:52.0909 3940 vga - ok
16:48:52.0917 3940 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
16:48:52.0972 3940 VgaSave - ok
16:48:52.0989 3940 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:48:53.0011 3940 vhdmp - ok
16:48:53.0025 3940 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:48:53.0042 3940 viaide - ok
16:48:53.0062 3940 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:48:53.0081 3940 volmgr - ok
16:48:53.0101 3940 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:48:53.0135 3940 volmgrx - ok
16:48:53.0154 3940 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:48:53.0175 3940 volsnap - ok
16:48:53.0189 3940 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:48:53.0208 3940 vsmraid - ok
16:48:53.0249 3940 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
16:48:53.0318 3940 VSS - ok
16:48:53.0335 3940 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:48:53.0357 3940 vwifibus - ok
16:48:53.0380 3940 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:48:53.0402 3940 vwififlt - ok
16:48:53.0427 3940 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
16:48:53.0493 3940 W32Time - ok
16:48:53.0519 3940 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:48:53.0537 3940 WacomPen - ok
16:48:53.0548 3940 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:48:53.0603 3940 WANARP - ok
16:48:53.0610 3940 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:48:53.0660 3940 Wanarpv6 - ok
16:48:53.0714 3940 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
16:48:53.0799 3940 wbengine - ok
16:48:53.0821 3940 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:48:53.0854 3940 WbioSrvc - ok
16:48:53.0890 3940 [ 8bda6db43aa54e8bb5e0794541ddc209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
16:48:53.0925 3940 WcesComm - ok
16:48:53.0948 3940 [ 8321c2ca3b62b61b293cda3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:48:53.0985 3940 wcncsvc - ok
16:48:54.0011 3940 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:48:54.0145 3940 WcsPlugInService - ok
16:48:54.0173 3940 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:48:54.0230 3940 Wd - ok
16:48:54.0264 3940 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:48:54.0311 3940 Wdf01000 - ok
16:48:54.0320 3940 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:48:54.0359 3940 WdiServiceHost - ok
16:48:54.0366 3940 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:48:54.0402 3940 WdiSystemHost - ok
16:48:54.0429 3940 [ 8a438cbb8c032a0c798b0c642ffbe572 ] WebClient C:\Windows\System32\webclnt.dll
16:48:54.0466 3940 WebClient - ok
16:48:54.0495 3940 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:48:54.0582 3940 Wecsvc - ok
16:48:54.0603 3940 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:48:54.0674 3940 wercplsupport - ok
16:48:54.0714 3940 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:48:54.0774 3940 WerSvc - ok
16:48:54.0794 3940 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:54.0860 3940 WfpLwf - ok
16:48:54.0873 3940 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:48:54.0890 3940 WIMMount - ok
16:48:54.0925 3940 WinDefend - ok
16:48:54.0939 3940 WinHttpAutoProxySvc - ok
16:48:54.0995 3940 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:48:55.0083 3940 Winmgmt - ok
16:48:55.0134 3940 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:48:55.0250 3940 WinRM - ok
16:48:55.0293 3940 [ 817eaff5d38674edd7713b9dfb8e9791 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
16:48:55.0315 3940 WINUSB - ok
16:48:55.0357 3940 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
16:48:55.0405 3940 Wlansvc - ok
16:48:55.0501 3940 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:55.0586 3940 wlidsvc - ok
16:48:55.0607 3940 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:48:55.0627 3940 WmiAcpi - ok
16:48:55.0649 3940 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:48:55.0674 3940 wmiApSrv - ok
16:48:55.0702 3940 WMPNetworkSvc - ok
16:48:55.0719 3940 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:48:55.0738 3940 WPCSvc - ok
16:48:55.0749 3940 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:48:55.0795 3940 WPDBusEnum - ok
16:48:55.0807 3940 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:48:55.0862 3940 ws2ifsl - ok
16:48:55.0875 3940 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
16:48:55.0902 3940 wscsvc - ok
16:48:55.0908 3940 WSearch - ok
16:48:55.0975 3940 [ 38340204a2d0228f1e87740fc5e554a7 ] wuauserv C:\Windows\system32\wuaueng.dll
16:48:56.0102 3940 wuauserv - ok
16:48:56.0119 3940 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:48:56.0177 3940 WudfPf - ok
16:48:56.0201 3940 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:56.0261 3940 WUDFRd - ok
16:48:56.0275 3940 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:48:56.0337 3940 wudfsvc - ok
16:48:56.0354 3940 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
16:48:56.0392 3940 WwanSvc - ok
16:48:56.0418 3940 [ 2ee48cfce7ca8e0db4c44c7476c0943b ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:48:56.0444 3940 xusb21 - ok
16:48:56.0494 3940 ================ Scan global ===============================
16:48:56.0529 3940 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
16:48:56.0548 3940 (457b44ab6d502e55f64a867d4f35c76c) C:\Windows\system32\winsrv.dll
16:48:56.0579 3940 (457b44ab6d502e55f64a867d4f35c76c) C:\Windows\system32\winsrv.dll
16:48:56.0603 3940 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
16:48:56.0641 3940 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
16:48:56.0656 3940 [Global] - ok
16:48:56.0661 3940 ================ Scan MBR ==================================
16:48:56.0671 3940 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:48:57.0018 3940 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:48:57.0018 3940 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:48:57.0019 3940 ================ Scan VBR ==================================
16:48:57.0024 3940 Boot (0x1200) (dc78dc10bb40d8b83f1b1ceac6ffa4eb) \Device\Harddisk0\DR0\Partition1
16:48:57.0026 3940 \Device\Harddisk0\DR0\Partition1 - ok
16:48:57.0053 3940 Boot (0x1200) (f32cedfeedae7cd1a83eaef53f45563e) \Device\Harddisk0\DR0\Partition2
16:48:57.0056 3940 \Device\Harddisk0\DR0\Partition2 - ok
16:48:57.0057 3940 ============================================================
16:48:57.0057 3940 Scan finished
16:48:57.0057 3940 ============================================================
16:48:57.0074 3976 Detected object count: 2
16:48:57.0074 3976 Actual detected object count: 2
16:49:25.0888 3976 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:25.0888 3976 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:25.0889 3976 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:49:25.0890 3976 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:49:58.0830 1096 Deinitialize success





----
tried to post all on one post said post was to long so posting more below
---

Farbar Service Scanner Version: 06-08-2012
Ran by freddie2 (administrator) on 14-08-2012 at 16:50:42
Running from "C:\Users\freddie2\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


Action Center:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 16:25] - [2009-07-13 18:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll
[2009-07-13 16:21] - [2009-07-13 18:40] - 0182272 ____N (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____N (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 August 2012 - 05:18 PM

OTL logfile created on: 8/14/2012 6:06:20 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\freddie2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 30.46% Memory free
7.50 Gb Paging File | 4.73 Gb Available in Paging File | 63.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.07 Gb Total Space | 515.11 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
Drive D: | 183.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FREDDIE-PC | User Name: freddie2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 16:46:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\freddie2\Desktop\OTL.exe
PRC - [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/23 03:40:40 | 007,983,488 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/23 03:24:58 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/11 14:33:54 | 000,009,728 | ---- | M] () -- C:\Users\freddie2\jagexcache\jagexlauncher\bin\JagexLauncher.exe
PRC - [2011/09/29 12:11:30 | 000,052,664 | ---- | M] () -- C:\Program Files (x86)\Tether\TBService.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Freddie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 12:57:36 | 000,147,456 | ---- | M] () -- C:\Users\freddie2\jagexcache\runescape\LIVE\jaclib.dll
MOD - [2012/08/14 12:57:36 | 000,080,896 | ---- | M] () -- C:\Users\freddie2\jagexcache\runescape\LIVE\jagdx.dll
MOD - [2012/08/14 12:57:27 | 000,066,048 | ---- | M] () -- C:\Windows\.jagex_cache_32\browsercontrol.dll
MOD - [2012/07/13 17:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/31 10:33:39 | 002,970,448 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-2692136088-4157217204-3928519883-1001\MSPRindiv01.key
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/11 14:33:54 | 000,009,728 | ---- | M] () -- C:\Users\freddie2\jagexcache\jagexlauncher\bin\JagexLauncher.exe
MOD - [2011/11/10 18:16:12 | 000,402,944 | ---- | M] () -- C:\Users\freddie2\jagexcache\jagexlauncher\bin\freetype.dll
MOD - [2011/11/10 17:35:24 | 003,198,464 | ---- | M] () -- C:\Users\freddie2\jagexcache\jagexlauncher\bin\jvm.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/08/10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/26 20:25:56 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/03 11:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/09/29 12:11:30 | 000,052,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tether\TBService.exe -- (Tether)
SRV - [2011/07/20 17:28:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/26 14:47:16 | 000,826,896 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 19:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/20 17:25:31 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/04/01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/17 15:53:12 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/01/15 01:19:10 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 02:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360711n103p0444v1i5r4781t239
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360711n103p0444v1i5r4781t239
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=60&systemid=2&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=60&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 3D 43 A5 E4 0E CD 01 [binary data]
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={298EF0BB-9686-4883-A6BE-A8713EBCA32B}&mid=eb637400ede447d1a510d16f6bd831d7-0cb1d3785c79d908bf8f58721a7fd8561b031481&lang=en&ds=AVG&pr=fr&d=2012-08-13 20:34:45&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=60&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://movies.netflix.com/WiHome"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\freddie2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\freddie2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/13 20:33:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/09 10:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/29 17:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddie\AppData\Roaming\Mozilla\Extensions
[2012/07/29 17:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\freddie2\AppData\Roaming\mozilla\Firefox\Profiles\ue0owb8h.default\extensions
[2012/08/09 10:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/30 23:53:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/25 19:58:39 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\FREDDIE2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UE0OWB8H.DEFAULT\EXTENSIONS\UZRRJZBTRP@UZRRJZBTRP.ORG.XPI
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/13 20:34:36 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/29 15:06:24 | 000,002,511 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.bearshare.net
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={298EF0BB-9686-4883-A6BE-A8713EBCA32B}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://search.bearshare.net
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\freddie2\AppData\Local\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\freddie2\AppData\Local\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\freddie2\AppData\Local\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: YouTube = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Search = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Do Not Track = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/14 01:04:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\freddie2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E0C1338-0554-4685-8EF9-E809834FD581}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E8DED03-07D2-4825-81E8-AD7949D5C1D8}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DABCF2-88D6-4988-ABDA-0768EA2FE6BB}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5291D33-A987-450F-8757-53E61F871BEB}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 16:46:21 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\freddie2\Desktop\OTL.exe
[2012/08/14 16:46:10 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\freddie2\Desktop\FSS(1).exe
[2012/08/14 16:40:41 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\freddie2\Desktop\FSS.exe
[2012/08/14 16:39:43 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\freddie2\Desktop\tdsskiller.exe
[2012/08/14 10:39:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 01:01:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/14 00:21:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/14 00:21:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/14 00:21:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/14 00:21:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/14 00:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 00:20:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/14 00:20:15 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\freddie2\Desktop\ComboFix.exe
[2012/08/13 21:46:37 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2AC732DC-1E0E-467A-B444-FBD673363EEC}
[2012/08/13 21:46:15 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{5FA5D268-E794-49FC-A09E-BB822E8954F8}
[2012/08/13 21:03:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/13 20:36:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Roaming\AVG2012
[2012/08/13 20:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/13 20:34:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/13 20:33:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/13 20:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/13 19:56:25 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Roaming\AVG10
[2012/08/13 19:04:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2012/08/13 19:04:50 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2012/08/13 19:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan SVCHOSTRemoval Tool
[2012/08/13 19:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
[2012/08/13 09:45:48 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{FB4EB6EA-8322-4E07-8647-D1768D5689A1}
[2012/08/13 09:45:25 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{86830007-37E9-4AB2-8FE1-8C8B85CAEFA1}
[2012/08/12 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/08/12 19:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/08/12 18:48:14 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{F8E08EBB-16FE-407C-A499-2BFD6AF22DE0}
[2012/08/12 18:47:50 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{08FD175D-69FC-408F-81A1-F4AEA4C75D64}
[2012/08/12 06:47:22 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8505AFE4-F261-47C5-9F50-1D3528C6F207}
[2012/08/12 06:47:12 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{BDC2578A-C65D-460F-92CE-B322FCB835A0}
[2012/08/11 17:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/11 17:58:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/11 17:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 17:53:39 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{C8AACFBB-A245-4130-A99F-2F85E7872771}
[2012/08/11 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{4CF84176-D75B-4659-9BCF-5FA07166D8AC}
[2012/08/10 23:07:56 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1380653C-3634-4040-B196-81534B474A79}
[2012/08/10 23:07:45 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{338A40E9-3268-4AB5-B064-922ACFFB11B3}
[2012/08/09 10:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/07 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{929F4FC0-B979-4B7F-B990-1672CCD525E5}
[2012/08/07 15:38:39 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8193B5E0-1CA1-44D8-A93B-7817F3258A72}
[2012/08/07 12:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FRISK Software
[2012/08/07 12:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRISK Software
[2012/08/07 12:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2012/08/07 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2012/08/07 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/07 12:34:06 | 002,020,864 | ---- | C] (Inprise Corporation) -- C:\Windows\SysWow64\VCL50.bpl
[2012/08/07 12:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Teknum Systems
[2012/08/07 12:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HandyBits
[2012/08/07 01:36:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[2012/08/06 19:05:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/05 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{5D6EC1FE-1F18-4600-A4A8-64877E8B7E53}
[2012/08/05 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{64B0FD56-D846-414F-A4A2-CABCE3253120}
[2012/08/05 10:23:48 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{7353A73C-3C9D-491A-9741-E151B8DECB18}
[2012/08/05 10:23:37 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{635A24F6-75BC-4FB3-A211-218EC66313D6}
[2012/08/04 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{896FF215-A6E3-4F53-8055-320CAC6AF231}
[2012/08/04 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{ED1BAD92-9464-412B-9152-B093DA001898}
[2012/08/04 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{14DE4189-F3AB-4C05-ACBA-B96BF54A5000}
[2012/08/04 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{F6C37A87-8517-43F2-9616-2A219601E443}
[2012/08/03 18:51:50 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{DCF97ECE-8D8B-41E8-9136-1763C8350296}
[2012/08/03 18:51:39 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{FAAD4B88-474F-44BC-BABD-DA151EEA1F4D}
[2012/08/02 22:25:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{B449496F-FEF5-477F-80B6-D6DBD5CA1728}
[2012/08/02 22:25:33 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1AD60C57-1E91-4255-9023-766353AC3B73}
[2012/08/02 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{387EF4C1-6F25-4FCE-A6D8-3E31EF450C2C}
[2012/08/02 10:24:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{FE628254-8BC3-4BE9-A528-9700F48B5C2A}
[2012/08/01 16:48:17 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1D0F80D1-CC00-45D9-A621-B09E8B2DB90F}
[2012/08/01 16:48:05 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{06779B91-CA24-49B8-A6A7-DB35B12B4086}
[2012/07/31 23:21:43 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{C8566504-6EDD-4D11-9678-D4ED3041A85D}
[2012/07/31 23:21:21 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{CFC7DA87-2800-4C6C-B630-1CC89542773F}
[2012/07/31 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{05DEB38E-57E5-4CB1-A319-68ED582F5DCE}
[2012/07/31 11:20:47 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{62CF2204-82EA-4636-A492-B4EBFCADACB3}
[2012/07/30 18:31:24 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8602E94D-B236-4D59-98CC-3081DF33036B}
[2012/07/30 18:30:45 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{85B4BC85-875A-4753-98D9-8E0934825A97}
[2012/07/29 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{28FA62DE-A9AD-423B-A3D6-78EC2843D6B9}
[2012/07/29 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8278D39E-1549-4DE8-A1EC-EAFD0BCC4EED}
[2012/07/29 15:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\1A1D0
[2012/07/29 13:06:26 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{08E99E1D-7C9A-441F-96D8-32E703067740}
[2012/07/28 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2ECB0897-B6E6-48D6-B244-431747722886}
[2012/07/28 16:53:04 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{41D883E8-B02A-440C-AB19-5CF2E3E22729}
[2012/07/27 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3E7116ED-F1FE-41A9-9D38-E2F169414D26}
[2012/07/27 22:15:20 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2EBC6BBC-B841-45D5-BF59-DE30021414EC}
[2012/07/27 10:14:53 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{7EBCA8FA-81D7-4EC8-A7C2-833E91A906B5}
[2012/07/27 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{896935C7-198D-4F38-ACFA-16DE7BA2B513}
[2012/07/26 23:02:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/26 18:17:05 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{529BCAC6-F316-4BDA-B602-A73BFE2AC225}
[2012/07/26 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{811DFD45-C7BA-4D56-87D1-1D9544CDA089}
[2012/07/24 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{82A703FE-C3D8-40FD-9A0A-DC47A91BC754}
[2012/07/24 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{AE4C8716-4D7C-489A-B7BE-9ABA3D37C240}
[2012/07/23 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{4866ABAD-89EB-4F24-A8BB-DEA8C9161A0D}
[2012/07/23 09:59:41 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{0C789248-D52A-4E36-953B-7C4DCD048BFC}
[2012/07/22 21:42:14 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{0F79900E-02DB-458A-8796-8ACE7A64ABB6}
[2012/07/22 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3B5979EA-BAA4-4526-9671-02E8203D0D2D}
[2012/07/22 09:41:46 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{C691028D-6099-48F1-AEDF-F06FD9B4D495}
[2012/07/22 09:41:08 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{AE8A46CC-4834-40FD-96B5-B1A35130A408}
[2012/07/21 17:55:02 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2F7612A6-C1AE-48A6-8F5E-A3BCAB8193CF}
[2012/07/20 17:10:03 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{EC822D18-CFD1-487C-BFC7-33EF5BE3BA07}
[2012/07/19 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2CCC4AA8-9319-40DC-BBBF-3C8B6716AFE4}
[2012/07/19 10:34:20 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3D31C2AD-F087-4BDC-B280-DB09E31777B7}
[2012/07/18 15:22:07 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{E3785DCD-0B65-4DF9-A744-534C29D846AD}
[2012/07/18 15:21:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{D5D7BAA4-8BD4-449E-A3D8-1A93013A9480}
[2012/07/18 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{543AB121-D4C6-443A-94CD-1C266D0F9811}
[2012/07/18 00:04:47 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1AD0CEC0-44C4-452A-A460-EA1A6F485452}
[2012/07/17 21:50:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{F1362E28-AF85-46A0-A47F-9CF6CC7563E7}
[2012/07/16 19:13:17 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Roaming\InstallShield
[2012/07/16 18:12:46 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3262DBCD-FBD5-4221-AB4E-5D325610E07C}
[2012/07/16 18:08:37 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{00028DB9-2268-46E6-AE6C-B8D6620A9E03}

========== Files - Modified Within 30 Days ==========

[2012/08/14 17:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 17:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 17:19:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2692136088-4157217204-3928519883-1001UA.job
[2012/08/14 16:46:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\freddie2\Desktop\OTL.exe
[2012/08/14 16:46:10 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\freddie2\Desktop\FSS(1).exe
[2012/08/14 16:40:42 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\freddie2\Desktop\FSS.exe
[2012/08/14 16:39:46 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\freddie2\Desktop\tdsskiller.exe
[2012/08/14 16:19:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2692136088-4157217204-3928519883-1001Core.job
[2012/08/14 15:44:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 15:29:35 | 000,023,088 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/14 14:26:11 | 000,085,325 | ---- | M] () -- C:\Users\freddie2\Desktop\patch_fruittree.PNG
[2012/08/14 13:14:44 | 000,013,662 | ---- | M] () -- C:\Users\freddie2\Desktop\New Bitmap Image.bmp
[2012/08/14 12:58:12 | 000,000,024 | ---- | M] () -- C:\Users\freddie2\jagexappletviewer.preferences
[2012/08/14 12:57:31 | 000,000,047 | ---- | M] () -- C:\Users\freddie2\jagex_cl_runescape_LIVE.dat
[2012/08/14 12:57:10 | 000,000,024 | ---- | M] () -- C:\Users\freddie2\random.dat
[2012/08/14 11:19:55 | 000,027,520 | ---- | M] () -- C:\Users\freddie2\AppData\Local\dt.dat
[2012/08/14 11:09:17 | 000,023,988 | ---- | M] () -- C:\Users\freddie2\Desktop\avg log.csv
[2012/08/14 10:46:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 10:46:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 10:43:06 | 103,775,409 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/14 10:39:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 01:04:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/14 00:20:17 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\freddie2\Desktop\ComboFix.exe
[2012/08/13 20:35:02 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/13 20:34:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/13 20:34:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/13 17:55:03 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 17:55:03 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 17:55:03 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/11 17:58:30 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 10:03:39 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/07 12:34:07 | 002,020,864 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWow64\VCL50.bpl
[2012/07/22 16:37:38 | 000,000,048 | ---- | M] () -- C:\Users\freddie2\jagex_cl_runescape_LIVE1.dat
[2012/07/22 10:48:52 | 000,000,052 | ---- | M] () -- C:\Users\freddie2\jagex_cl_runescape_LIVE_BETA.dat

========== Files Created - No Company Name ==========

[2012/08/14 14:26:10 | 000,085,325 | ---- | C] () -- C:\Users\freddie2\Desktop\patch_fruittree.PNG
[2012/08/14 13:14:17 | 000,013,662 | ---- | C] () -- C:\Users\freddie2\Desktop\New Bitmap Image.bmp
[2012/08/14 11:19:55 | 000,027,520 | ---- | C] () -- C:\Users\freddie2\AppData\Local\dt.dat
[2012/08/14 11:09:17 | 000,023,988 | ---- | C] () -- C:\Users\freddie2\Desktop\avg log.csv
[2012/08/14 00:21:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/14 00:21:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/14 00:21:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/14 00:21:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/14 00:21:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/13 20:35:02 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/13 20:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/13 20:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/11 17:58:30 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 10:03:39 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/09 10:03:39 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/26 18:17:19 | 000,000,052 | ---- | C] () -- C:\Users\freddie2\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/10 11:26:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/11 14:56:54 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/03/11 14:56:53 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/03/11 14:56:53 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/10/26 23:35:31 | 000,000,024 | ---- | C] () -- C:\Users\freddie2\jagexappletviewer.preferences
[2011/10/26 12:43:43 | 000,000,048 | ---- | C] () -- C:\Users\freddie2\jagex_cl_runescape_LIVE1.dat
[2011/10/25 15:52:05 | 000,000,024 | ---- | C] () -- C:\Users\freddie2\random.dat
[2011/10/25 10:42:09 | 000,000,047 | ---- | C] () -- C:\Users\freddie2\jagex_cl_runescape_LIVE.dat
[2011/10/21 00:59:30 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/09/02 23:29:40 | 000,000,170 | ---- | C] () -- C:\Users\freddie2\AppData\Roaming\RSBuddy_midnightcobra08.ini
[2011/08/30 16:40:20 | 000,000,308 | ---- | C] () -- C:\Users\freddie2\AppData\Roaming\RSBuddy-Dev.ini
[2011/08/03 18:52:23 | 000,001,058 | ---- | C] () -- C:\Users\freddie2\Documents - Shortcut.lnk
[2011/08/03 18:52:23 | 000,000,129 | ---- | C] () -- C:\Users\freddie2\jagex_runescape_preferences2.dat
[2011/08/03 18:52:23 | 000,000,035 | ---- | C] () -- C:\Users\freddie2\jagex_runescape_preferences.dat
[2011/07/20 17:25:09 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/18 00:51:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\@
[2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\@

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\SysNative\drivers\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/10/05 23:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/10/05 23:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/02/04 03:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\erdnt\cache86\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 03:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 03:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/05 23:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/02/04 03:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/05 22:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: NETBT.SYS >
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\SysNative\drivers\netbt.sys
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TDX.SYS >
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\erdnt\cache64\tdx.sys
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\SysNative\drivers\tdx.sys
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\freddie2\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\freddie2\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\freddie2\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\freddie2\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2009/07/13 18:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2009/07/13 18:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\FREDDIE2\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\FREDDIE2\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\FREDDIE2\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\FREDDIE2\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/08 13:31:17 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2009/07/13 18:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2009/07/13 18:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 18:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

OTL Extras logfile created on: 8/14/2012 6:06:20 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\freddie2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 30.46% Memory free
7.50 Gb Paging File | 4.73 Gb Available in Paging File | 63.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.07 Gb Total Space | 515.11 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
Drive D: | 183.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FREDDIE-PC | User Name: freddie2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041941DD-65D3-43E0-986A-5C4EA5BC1DC6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0744F95F-782A-46FF-9A22-96173B5C1243}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{097DBFE3-717F-4372-91C3-78C89A8D28AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D9D9796-D9E8-465A-B379-B1BAA6B00E67}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EB9F31F-7C5E-4A70-9A75-C888CE3AB806}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F9DA410-DE34-4B8D-A183-7F89695428A7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{11F681E6-D810-4D14-8EC2-D7C974CBCE25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14941620-32B9-42D4-9181-3BEB91596333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C0CDF16-F320-42A1-BB07-6AF8E36C488B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1E38BA75-07CC-49D9-B34D-02477C12DC2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2468D99C-E243-47EE-BF25-79B4FB13974E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{254C986F-5829-4014-83D7-04A833425528}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29168191-155E-4C50-8754-E3084DA8EAB7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D047462-E28C-4D6E-BB0A-BA492F9150D4}" = lport=3390 | protocol=6 | dir=in | app=system |
"{31E1A206-FBC8-4C3E-A59A-C0E9BD45969E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{336A2761-75D3-47F2-8B6D-E5A368E77F13}" = rport=445 | protocol=6 | dir=out | app=system |
"{36CFABEC-2813-415A-816A-1FD0E56E0B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3958EFD2-8900-4EE8-A67F-066BB5AD0F39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D050DB5-1E49-4B41-B432-956D935525FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40918FEE-FA53-4B5E-9C3C-FEE163A4CFF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43236947-9009-4392-A43C-82F10EB89562}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46E05557-7BC6-4DBD-88F8-6F1E4D2A410A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C4F3928-0863-4AE0-BB8A-EB8018CF8CFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55F056E9-3BA1-4312-A543-558CE271CA13}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{59BB9A0C-5B2F-473A-B9E3-743CFB21D907}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C48424D-DCB8-4D8E-BEA7-24703CA1C32A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1642BA-805D-42DF-BBD9-BF6F1899B9E2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5FA01A2A-CD1A-4F89-BCDA-DB8A2A756B51}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{616DBAB8-0E71-4AE6-9185-DC0C8B75AE4E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{64475BD0-1718-4DDF-AF83-224003027681}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DD6842E-117C-4942-86EC-308CEBEA18C2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{70D9E1AA-BD4C-42E7-8B52-978D0EA82B87}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72039F92-96CA-4231-8F62-D45B7210167D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75BD5F3F-4262-4B2F-B306-B40BC0C13661}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E9F3609-5C69-4636-B6C7-2BBB020CE9C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80378CAF-62B0-403C-BBFE-B7876E43CCB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{894226CF-E965-4B8C-B99F-56FEFDC98697}" = lport=137 | protocol=17 | dir=in | app=system |
"{90D9D04B-8FFA-4AEF-80CE-C5184E644899}" = rport=137 | protocol=17 | dir=out | app=system |
"{97BD0E1C-E8BA-43B6-9723-0BC2198BFDFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97DDEFF4-B5BE-4693-9BC5-91DB3DE5BF24}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98277B2F-7F8C-4ED7-B172-74DE339BE5A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{990FF089-7B1B-485E-A18B-CC0CFA3DA9B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A02E7927-177D-48A2-A3EB-41DB49E16504}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A50EB1D1-78C2-4E56-BCE4-ABC87255A375}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5A1AE88-991E-4A6A-B53A-AC2F44F55686}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB642643-4B20-40BA-BBBF-6889A1B2F845}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B07E37B8-3049-4765-B4C5-EDAD416F63D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9A795FA-0061-4483-9914-6B5A626194E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB61E385-47EC-46D0-92E5-2894501AFC72}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BC2F6470-4E18-40F1-BF43-AC985F46E320}" = rport=138 | protocol=17 | dir=out | app=system |
"{BCE7D64F-691D-4DF7-B335-B1EEEA775C0A}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE73B86F-9766-4DC9-BC0D-383B9C0F114A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7B349F3-1A21-4A4B-8D13-A54DF21FD715}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA1B122E-B8D3-466E-8BC7-10017E5D56E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D0AC8D09-78C3-4BC6-8472-B9929647DA4B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D7004B49-5440-476B-B0B4-E04B7EB9D526}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D85592A7-4300-41E3-BEC4-C64821DC8EAC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DBB2A5AD-C104-4202-AB31-5CFD6658AAA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5AF262D-BAEF-41F7-A04F-89CFCAC4ADCE}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAA78879-2114-4498-979A-1FA93AD4DAB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBCB17DE-1D13-47FB-84CE-A449411B1B40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F0E41912-0C9B-4BA7-90CB-6513E99CFB70}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F7F9C73D-4757-41D1-83C5-A1E461358C5B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FCB7E4DB-72F2-4104-972F-A04F62D25AC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCF391D0-62F5-4410-96CF-18E76AD229C9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02990C7F-EE90-42C5-8515-22877FD21F8E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{029BA868-A345-4A22-95A8-21794094BD0F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{03BD4E0E-8D1E-490D-8C87-D244627EEC60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{045C2516-DC84-4B19-93AD-CAF3F104E992}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{0816CC63-F712-46B1-9DFD-1A35969A4C3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09B2008C-481F-48AB-BD38-76730358EA83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B56DBC9-B690-4943-BEF4-70899B91474F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CBE8A0B-E811-4DAF-B4C5-CEA8D3ADAC0E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{15EB652B-8E55-4FF5-BCD5-982E49D9E506}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2334D2F2-F139-482F-ADFB-DE6A6826DE74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{237B8B0F-877A-4F49-BC66-8A694F08BC39}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{238AC04D-F1B5-47FF-BCF8-C160E090C0DB}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{263B0401-FA4F-47E4-BFA7-40F3C57044DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27AB1274-0600-4B6F-98AD-7CE225520CDF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28A1AE87-E6B0-46FE-89CC-B2C357A54ACE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{28DC7A50-0E28-463B-AE1F-3A7D35752EF7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2906760C-FA97-446F-9380-A680870F2FD0}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{29351287-91E0-4C05-881E-68BC76110D0F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2A1A619B-C9B5-4410-AF28-764A0A64E79F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{33C731B2-2DC4-45E1-A163-C45EA138BA03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{341ADD85-BE1F-484D-B0C4-9A020412FF8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3476C1B3-5A70-4CD7-9B1F-12F3C03C791C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{3A215360-42ED-43A3-9AB4-0C0F867C0A23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FB02D8F-EC17-4393-B651-3A2DA521AB76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40A54E13-D7E0-401E-9C3B-774594D3D2E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4526A044-AC4A-4F16-8A30-152BBE06446A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45331B50-F0D4-42C4-86EA-C17A2B5BDF75}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{459060A6-7E61-44BE-9088-8F674AC97180}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46DEB6DE-F6C4-4770-BB39-5025086F7089}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4AD0A861-1F4E-4B73-AE25-1A46BB34D010}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51B4518E-1D5B-416A-8CFA-CBFB792E612A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51CB7AF7-584D-4583-9930-2C22C017274F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54089ED4-2EEF-4312-8709-787DE2F2468A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{554A6DD6-D37B-42F8-9C0D-5461B56B175A}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{590731AE-8AB0-42DA-9A29-F0313FD18ABC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59757D4F-296F-4DD4-8ECC-6257AFD02698}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5C7C2A02-3BBA-4396-9D70-7C2E0FB2B482}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5EFFB71B-1F0C-41C9-8ED5-B63319B1E566}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{610B5671-97D6-4BA3-938F-2B346DA8B751}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{62BF4772-3975-40D4-8835-6CF60B7837F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6495E83D-7ADE-4F8D-A374-CCC08243DFE1}" = protocol=6 | dir=in | app=c:\users\freddie\appdata\roaming\dropbox\bin\dropbox.exe |
"{6523FED0-A48B-461B-8F09-F3AF4AE57FF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6826B5C1-E237-4A86-B309-8A1ABDFBF46F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{68F133E8-7DFC-4A93-970E-C86D4F8451FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{69096C73-0E07-49B1-8F53-A75D01154C20}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C7234C8-1DEE-4404-8320-0999778BDF10}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6C724CDA-A333-4108-8130-DC0E7BAB6E88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D4D7D24-1C5F-43C2-9B21-58C32BBD5BB5}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6DEEA4F3-22F7-4990-A56A-E88681765512}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{7AA2EB32-9C80-4504-9E57-5516E82315FF}" = protocol=17 | dir=in | app=c:\users\freddie\appdata\roaming\dropbox\bin\dropbox.exe |
"{7AACF4BB-AD24-487F-922A-181FBF3F92C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AEE8D05-4F80-409A-B4AD-127051762D43}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C0FE119-C129-4BBA-BD81-934593149E86}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7D6485E4-38FB-4D8E-B4AB-FD28D182E513}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7DCA238F-E3EA-4D6E-8DBD-198B5E15A767}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E4DA3B5-B4D9-4426-AA1A-810420C943D0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{82852BCF-D1FA-49F2-83C9-526987D9D203}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84761D37-5230-4823-890A-24FE6906E61F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85102F88-1092-467A-A5A0-8C452C8D5BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{86AD5F5F-6F0C-47D6-AD68-0DB60472C7D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8985D355-1B3C-4654-9C00-701CC8FA061F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{89D22746-8E62-4CBC-93CA-4C3F80FEC821}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89E11FE9-0A88-469A-AC2C-756632C9B2A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A58FD79-418D-4C47-9DB6-CE7416BE00F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CF9E0B1-A97D-4922-959E-DA382AF04C34}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{8D11878B-B39C-4F9E-9190-891BBB66246B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9218A12F-00E3-41DD-99F4-7476C3B577AC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9581E63B-5040-4F4B-AAF7-C9EF0A1AE875}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{97CDE674-0667-4E72-8721-CD2B6022504D}" = protocol=6 | dir=out | app=system |
"{9A4CB9FD-8214-4551-B372-80572CC59C36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C39159C-943E-477F-85CC-F9EC7F987EBE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C89F442-A957-4E50-A6B0-1C3C1D82CA2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F4332AB-0675-44DA-9C1B-6EACA1821A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FB0EA48-71EF-4FEF-8C6F-30CB0B461B14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A103AD71-2E5D-4964-AEC0-D20856F329B6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A29CD131-F53B-4F3D-9095-81BE3EB07FDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A573B94A-FE5C-48E9-86F5-9CB688DB9788}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{A81607CE-9278-4A85-A253-9D3F074BCBC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A8815928-E42C-4C42-9556-A48D16A560E8}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A8CA2821-06F0-4CF2-B711-BCA57FEB5659}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8DBD77A-1C88-4053-BAB4-A3077B6E7EEB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{ABF04CE4-B0BE-4B4C-A2B6-75F0F1ADE72A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE2B6592-652E-442F-B16E-E567AB61F74D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B0855F62-8D32-4D17-B87F-D184D30F4C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BA42DBE7-094C-48A9-BAEC-2D0EC527A83F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAAC5E60-82C4-4A63-A9C0-3BF83060A321}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{BB36A658-5ABD-4160-B307-C6C219651AB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDDD0AF6-ED01-4B5C-B148-CB6239F881EE}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{BECC7481-F19E-45F0-8674-5B9C1AA60047}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{BF2CFC56-7550-46AC-B6A6-8E61E42C37AA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C17A286D-F2F6-49A2-B029-78F02957F5BA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C1CB98F5-BD33-43E1-8896-FA6CE0FA2703}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C2FDBBFB-8390-41F2-8CEE-217C6AA20B7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3005E0A-7E51-4A4A-9423-98294A2CA5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{C599A816-CBFE-4A31-A738-F60C204888E7}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{C7242B65-85F9-4DC2-A532-1ACB201BFF50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8698EFF-7A08-4C75-89E9-95DA9D629803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0335E62-7414-4D5C-814A-810F9962473E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1103BED-24E6-44C5-A181-053AFF2DC992}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1BEB46E-EE65-4C8A-A9E2-2CA3456592F0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{D29D361B-AC71-476E-A4BE-3F854F3E3D63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3A124F6-2DEA-4D83-B56B-B2504E1CCCB0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{D60A5EA9-89DB-486A-9C1E-A2C7E09B15D2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D716ECE4-8D1E-49C7-8EEF-6F1793C6F7AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D7C79EE7-4A03-4813-BEF2-FEA7A841B60D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAE089D8-62C0-4DEE-A5CD-819CA1407CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DFF8DF0F-FE2A-4DA4-AAA5-DD2A23CC48B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E1DBD9E2-939B-48B7-94BE-FE4EB5D5D6BC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E359A8AB-44CB-4203-A00D-C8A1AF2E901E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E452F49D-4BF1-48DF-BC9E-4E3DA08E99BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAAC21CC-C6FF-4A2E-967C-534797BF6815}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ECA6FF6D-FF8C-4150-899F-3C95C619690E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFCBE643-9A60-4CBA-A768-70B5862FA399}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F171285D-826C-4697-85E1-BCA841663583}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{F2FA3F8C-28CC-4128-B783-361BE7F4755B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F34508BC-92BE-4E29-A0A5-177B4345755A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F34DB8E8-5A9C-4FFC-AE4E-44D3FC128E5C}" = protocol=17 | dir=in | app=c:\users\freddie2\appdata\roaming\dropbox\bin\dropbox.exe |
"{F672B2AE-34E8-4742-B2E4-4CB7D1828902}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F9B0A664-588C-4C97-B77A-2343D8C8A285}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB1DBD9D-C524-463E-B25F-D039BBCDE3E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD960BA7-70DD-4468-99C1-67FA770DBE27}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF591936-CD32-48FE-86F0-F31DBE1069BD}" = protocol=6 | dir=in | app=c:\users\freddie2\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1C8B7047-994F-4217-A766-84D6022D7543}C:\backup\freddie\appdata\roaming\microsoft\windows\start menu\programs\mobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\backup\freddie\appdata\roaming\microsoft\windows\start menu\programs\mobiler\mymobiler.exe |
"TCP Query User{212014E7-DE86-4255-8FF0-0E3DECC938A0}C:\users\freddie2\documents\my mobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\freddie2\documents\my mobiler\mymobiler.exe |
"TCP Query User{3C0538C7-E96E-4ABD-BD3E-1A66CA869BC9}C:\users\freddie2\desktop\new folder\bearshare.exe" = protocol=6 | dir=in | app=c:\users\freddie2\desktop\new folder\bearshare.exe |
"TCP Query User{89228A35-65AC-4882-9F25-EEB0BF47D7A7}C:\users\freddie2\documents\random old crap\random things\my mobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\freddie2\documents\random old crap\random things\my mobiler\mymobiler.exe |
"TCP Query User{AA95DB63-84B1-4777-8FF4-B1E716C5D0CD}C:\users\freddie2\desktop\my mobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\freddie2\desktop\my mobiler\mymobiler.exe |
"TCP Query User{C882B623-43F0-4DE4-91E7-70723C52DC3B}C:\users\freddie2\desktop\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\freddie2\desktop\mymobiler.exe |
"UDP Query User{2249D5C5-A62B-4164-92BB-E151A77B5D9C}C:\users\freddie2\desktop\my mobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\freddie2\desktop\my mobiler\mymobiler.exe |
"UDP Query User{4571F00A-A46A-44D6-B144-47E2C46FB619}C:\backup\freddie\appdata\roaming\microsoft\windows\start menu\programs\mobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\backup\freddie\appdata\roaming\microsoft\windows\start menu\programs\mobiler\mymobiler.exe |
"UDP Query User{6DE009CA-4E76-4157-9AA7-95801718073F}C:\users\freddie2\desktop\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\freddie2\desktop\mymobiler.exe |
"UDP Query User{750DE709-D65B-48D5-AD12-B0E6ED6F2F61}C:\users\freddie2\documents\my mobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\freddie2\documents\my mobiler\mymobiler.exe |
"UDP Query User{D22E4CA2-4B03-4AA6-A55F-D2246CA5386E}C:\users\freddie2\desktop\new folder\bearshare.exe" = protocol=17 | dir=in | app=c:\users\freddie2\desktop\new folder\bearshare.exe |
"UDP Query User{F5357408-CEDA-4AF7-8232-C0707598B3DE}C:\users\freddie2\documents\random old crap\random things\my mobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\freddie2\documents\random old crap\random things\my mobiler\mymobiler.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{2863C12B-2A02-4258-8495-6220605B2E5C}_is1" = Tether 1.4.5.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java™ SE Development Kit 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4c472b5b-2a60-43da-a921-0715438be975}" = Nero 9 Essentials
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3459B16-744E-11E1-B425-984BE15F174E}" = Evernote v. 4.5.4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"ExpressBurn" = Express Burn Disc Burning Software
"FileZilla Client" = FileZilla Client 3.5.0
"GameSpy Arcade" = GameSpy Arcade
"Hotkey Utility" = Hotkey Utility
"HyperCam 2" = HyperCam 2
"Identity Card" = Identity Card
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"M8 Free Clipboard" = M8 Free Clipboard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TightVNC" = TightVNC 2.0.3
"Trojan SVCHOSTRemoval Tool_is1" = Trojan SVCHOSTRemoval Tool
"Unlocker" = Unlocker 1.9.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT078910" = Bejeweled 2 Deluxe
"WT078930" = Zuma Deluxe
"WT078954" = Blackhawk Striker 2
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079066" = Jewel Quest Solitaire 3
"WT079098" = Monopoly
"WT079102" = Mystery P.I. - Lost in Los Angeles
"WT079106" = Penguins!
"WT079110" = Plants vs. Zombies
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079150" = Scrabble Plus
"WT079154" = The Price is Right
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079316" = Escape Rosecliff Island
"WT079418" = Virtual Families
"Zax_is1" = Zax: The Alien Hunter

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2012 9:26:37 PM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1220 Start
Time: 01cd77604ac25560 Termination Time: 4 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: 966268c1-e353-11e1-846c-00262d3cd824

Error - 8/10/2012 9:27:52 PM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b10 Start
Time: 01cd77605b5d6ea0 Termination Time: 4 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: c33b4651-e353-11e1-846c-00262d3cd824

Error - 8/10/2012 9:38:38 PM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1128 Start
Time: 01cd7761086e64f0 Termination Time: 3 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: 4411cc81-e355-11e1-846c-00262d3cd824

Error - 8/10/2012 9:39:52 PM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1100 Start
Time: 01cd7762128a0560 Termination Time: 6 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: 70094ac1-e355-11e1-846c-00262d3cd824

Error - 8/10/2012 9:47:04 PM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 824 Start
Time: 01cd776234f7cd80 Termination Time: 2 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: 71afd961-e356-11e1-846c-00262d3cd824

Error - 8/10/2012 10:13:42 PM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10bc Start
Time: 01cd77634e8c9c70 Termination Time: 6 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: 2a75c2e1-e35a-11e1-846c-00262d3cd824

Error - 8/10/2012 11:37:37 PM | Computer Name = Freddie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/10/2012 11:58:34 PM | Computer Name = Freddie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7600.16490, time
stamp: 0x4b2c9557 Exception code: 0xc0000005 Fault offset: 0x00128834 Faulting process
id: 0xb10 Faulting application start time: 0x01cd77703b809f20 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: d1caf2a0-e368-11e1-8c73-00262d3cd824

Error - 8/11/2012 12:24:17 AM | Computer Name = Freddie-PC | Source = Application Hang | ID = 1002
Description = The program SuperOneClick.exe version 2.3.3.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 334 Start
Time: 01cd77791f799bc0 Termination Time: 0 Application Path: C:\Users\freddie2\Desktop\New
folder\SuperOneClick.exe Report Id: 68724d41-e36c-11e1-8c73-00262d3cd824

Error - 8/12/2012 3:10:08 AM | Computer Name = Freddie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4fe23011 Faulting module name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x00001309 Faulting process
id: 0x1280 Faulting application start time: 0x01cd78598022f710 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: \\.\globalroot\systemroot\svchost.exe
Report
Id: bef525d0-e44c-11e1-bd32-00262d3cd824

[ Media Center Events ]
Error - 6/14/2012 12:51:43 AM | Computer Name = Freddie-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 7/13/2012 12:56:11 AM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 9:56:10 PM - Error connecting to the internet. 9:56:11 PM - Unable
to contact server..

Error - 7/13/2012 12:56:45 AM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 9:56:40 PM - Error connecting to the internet. 9:56:40 PM - Unable
to contact server..

Error - 7/13/2012 2:00:59 AM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 11:00:59 PM - Error connecting to the internet. 11:00:59 PM - Unable
to contact server..

Error - 7/13/2012 2:01:09 AM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 11:01:04 PM - Error connecting to the internet. 11:01:04 PM - Unable
to contact server..

Error - 7/13/2012 1:10:35 PM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 10:10:35 AM - Error connecting to the internet. 10:10:35 AM - Unable
to contact server..

Error - 7/13/2012 8:14:17 PM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 5:14:16 PM - Error connecting to the internet. 5:14:16 PM - Unable
to contact server..

Error - 7/16/2012 9:10:55 PM | Computer Name = Freddie-PC | Source = MCUpdate | ID = 0
Description = 6:10:54 PM - Error connecting to the internet. 6:10:55 PM - Unable
to contact server..

[ System Events ]
Error - 8/13/2012 8:44:53 PM | Computer Name = Freddie-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/13/2012 8:44:53 PM | Computer Name = Freddie-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/13/2012 8:44:54 PM | Computer Name = Freddie-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/13/2012 8:44:54 PM | Computer Name = Freddie-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/13/2012 8:44:54 PM | Computer Name = Freddie-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/13/2012 8:44:54 PM | Computer Name = Freddie-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/14/2012 3:54:31 AM | Computer Name = Freddie-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/14/2012 4:01:21 AM | Computer Name = Freddie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/14/2012 4:04:42 AM | Computer Name = Freddie-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/14/2012 1:39:19 PM | Computer Name = Freddie-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:02 AM

Posted 15 August 2012 - 05:36 PM

Hi!

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=60&systemid=2&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=60&systemid=2&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={298EF0BB-9686-4883-A6BE-A8713EBCA32B}&mid=eb637400ede447d1a510d16f6bd831d7-0cb1d3785c79d908bf8f58721a7fd8561b031481&lang=en&ds=AVG&pr=fr&d=2012-08-13 20:34:45&v=12.2.0.5&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=60&systemid=2&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    [2012/07/29 15:06:24 | 000,002,511 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/08/13 21:46:37 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2AC732DC-1E0E-467A-B444-FBD673363EEC}
    [2012/08/13 21:46:15 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{5FA5D268-E794-49FC-A09E-BB822E8954F8}
    [2012/08/13 09:45:48 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{FB4EB6EA-8322-4E07-8647-D1768D5689A1}
    [2012/08/13 09:45:25 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{86830007-37E9-4AB2-8FE1-8C8B85CAEFA1}
    [2012/08/12 18:48:14 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{F8E08EBB-16FE-407C-A499-2BFD6AF22DE0}
    [2012/08/12 18:47:50 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{08FD175D-69FC-408F-81A1-F4AEA4C75D64}
    [2012/08/12 06:47:22 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8505AFE4-F261-47C5-9F50-1D3528C6F207}
    [2012/08/12 06:47:12 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{BDC2578A-C65D-460F-92CE-B322FCB835A0}
    [2012/08/11 17:53:39 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{C8AACFBB-A245-4130-A99F-2F85E7872771}
    [2012/08/11 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{4CF84176-D75B-4659-9BCF-5FA07166D8AC}
    [2012/08/10 23:07:56 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1380653C-3634-4040-B196-81534B474A79}
    [2012/08/10 23:07:45 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{338A40E9-3268-4AB5-B064-922ACFFB11B3}
    [2012/08/07 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{929F4FC0-B979-4B7F-B990-1672CCD525E5}
    [2012/08/07 15:38:39 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8193B5E0-1CA1-44D8-A93B-7817F3258A72}
    [2012/08/05 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{5D6EC1FE-1F18-4600-A4A8-64877E8B7E53}
    [2012/08/05 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{64B0FD56-D846-414F-A4A2-CABCE3253120}
    [2012/08/05 10:23:48 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{7353A73C-3C9D-491A-9741-E151B8DECB18}
    [2012/08/05 10:23:37 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{635A24F6-75BC-4FB3-A211-218EC66313D6}
    [2012/08/04 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{896FF215-A6E3-4F53-8055-320CAC6AF231}
    [2012/08/04 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{ED1BAD92-9464-412B-9152-B093DA001898}
    [2012/08/04 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{14DE4189-F3AB-4C05-ACBA-B96BF54A5000}
    [2012/08/04 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{F6C37A87-8517-43F2-9616-2A219601E443}
    [2012/08/03 18:51:50 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{DCF97ECE-8D8B-41E8-9136-1763C8350296}
    [2012/08/03 18:51:39 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{FAAD4B88-474F-44BC-BABD-DA151EEA1F4D}
    [2012/08/02 22:25:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{B449496F-FEF5-477F-80B6-D6DBD5CA1728}
    [2012/08/02 22:25:33 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1AD60C57-1E91-4255-9023-766353AC3B73}
    [2012/08/02 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{387EF4C1-6F25-4FCE-A6D8-3E31EF450C2C}
    [2012/08/02 10:24:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{FE628254-8BC3-4BE9-A528-9700F48B5C2A}
    [2012/08/01 16:48:17 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1D0F80D1-CC00-45D9-A621-B09E8B2DB90F}
    [2012/08/01 16:48:05 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{06779B91-CA24-49B8-A6A7-DB35B12B4086}
    [2012/07/31 23:21:43 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{C8566504-6EDD-4D11-9678-D4ED3041A85D}
    [2012/07/31 23:21:21 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{CFC7DA87-2800-4C6C-B630-1CC89542773F}
    [2012/07/31 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{05DEB38E-57E5-4CB1-A319-68ED582F5DCE}
    [2012/07/31 11:20:47 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{62CF2204-82EA-4636-A492-B4EBFCADACB3}
    [2012/07/30 18:31:24 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8602E94D-B236-4D59-98CC-3081DF33036B}
    [2012/07/30 18:30:45 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{85B4BC85-875A-4753-98D9-8E0934825A97}
    [2012/07/29 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{28FA62DE-A9AD-423B-A3D6-78EC2843D6B9}
    [2012/07/29 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{8278D39E-1549-4DE8-A1EC-EAFD0BCC4EED}
    [2012/07/29 15:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\1A1D0
    [2012/07/29 13:06:26 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{08E99E1D-7C9A-441F-96D8-32E703067740}
    [2012/07/28 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2ECB0897-B6E6-48D6-B244-431747722886}
    [2012/07/28 16:53:04 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{41D883E8-B02A-440C-AB19-5CF2E3E22729}
    [2012/07/27 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3E7116ED-F1FE-41A9-9D38-E2F169414D26}
    [2012/07/27 22:15:20 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2EBC6BBC-B841-45D5-BF59-DE30021414EC}
    [2012/07/27 10:14:53 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{7EBCA8FA-81D7-4EC8-A7C2-833E91A906B5}
    [2012/07/27 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{896935C7-198D-4F38-ACFA-16DE7BA2B513}
    [2012/07/26 18:17:05 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{529BCAC6-F316-4BDA-B602-A73BFE2AC225}
    [2012/07/26 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{811DFD45-C7BA-4D56-87D1-1D9544CDA089}
    [2012/07/24 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{82A703FE-C3D8-40FD-9A0A-DC47A91BC754}
    [2012/07/24 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{AE4C8716-4D7C-489A-B7BE-9ABA3D37C240}
    [2012/07/23 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{4866ABAD-89EB-4F24-A8BB-DEA8C9161A0D}
    [2012/07/23 09:59:41 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{0C789248-D52A-4E36-953B-7C4DCD048BFC}
    [2012/07/22 21:42:14 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{0F79900E-02DB-458A-8796-8ACE7A64ABB6}
    [2012/07/22 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3B5979EA-BAA4-4526-9671-02E8203D0D2D}
    [2012/07/22 09:41:46 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{C691028D-6099-48F1-AEDF-F06FD9B4D495}
    [2012/07/22 09:41:08 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{AE8A46CC-4834-40FD-96B5-B1A35130A408}
    [2012/07/21 17:55:02 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2F7612A6-C1AE-48A6-8F5E-A3BCAB8193CF}
    [2012/07/20 17:10:03 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{EC822D18-CFD1-487C-BFC7-33EF5BE3BA07}
    [2012/07/19 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{2CCC4AA8-9319-40DC-BBBF-3C8B6716AFE4}
    [2012/07/19 10:34:20 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3D31C2AD-F087-4BDC-B280-DB09E31777B7}
    [2012/07/18 15:22:07 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{E3785DCD-0B65-4DF9-A744-534C29D846AD}
    [2012/07/18 15:21:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{D5D7BAA4-8BD4-449E-A3D8-1A93013A9480}
    [2012/07/18 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{543AB121-D4C6-443A-94CD-1C266D0F9811}
    [2012/07/18 00:04:47 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{1AD0CEC0-44C4-452A-A460-EA1A6F485452}
    [2012/07/17 21:50:55 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{F1362E28-AF85-46A0-A47F-9CF6CC7563E7}
    [2012/07/16 18:12:46 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{3262DBCD-FBD5-4221-AB4E-5D325610E07C}
    [2012/07/16 18:08:37 | 000,000,000 | ---D | C] -- C:\Users\freddie2\AppData\Local\{00028DB9-2268-46E6-AE6C-B8D6620A9E03}
    [2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\@
    [2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\@
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 15 August 2012 - 06:49 PM

combofix

ComboFix 12-08-15.01 - freddie2 08/15/2012 19:35:43.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2561 [GMT -7:00]
Running from: c:\users\freddie2\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\svchost.exe
c:\windows\SysWow64\9D6E86EF1F.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 02:42 . 2012-08-16 02:42 -------- d-----w- c:\users\Mcx1-FREDDIE-PC\AppData\Local\temp
2012-08-16 02:42 . 2012-08-16 02:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-16 02:42 . 2012-08-16 02:42 -------- d-----w- c:\users\Freddie\AppData\Local\temp
2012-08-16 02:42 . 2012-08-16 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 02:22 . 2012-08-16 02:22 -------- d-----w- C:\_OTL
2012-08-14 03:36 . 2012-08-14 03:36 -------- d-----w- c:\users\freddie2\AppData\Roaming\AVG2012
2012-08-14 03:34 . 2012-08-14 03:34 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-14 03:33 . 2012-08-14 03:33 -------- d-----w- C:\$AVG
2012-08-14 03:30 . 2012-08-14 03:46 -------- d-----w- c:\programdata\AVG2012
2012-08-14 02:56 . 2012-08-14 02:56 -------- d-----w- c:\users\freddie2\AppData\Roaming\AVG10
2012-08-14 02:04 . 2012-08-14 02:58 -------- d-----w- c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2012-08-14 02:04 . 2011-02-18 01:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-08-14 02:04 . 2011-02-18 01:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-08-13 02:33 . 2012-08-13 02:42 -------- d-----w- c:\program files (x86)\Unlocker
2012-08-12 00:58 . 2012-08-12 00:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-12 00:58 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 22:41 . 2012-08-07 22:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-08-07 22:41 . 2012-08-07 22:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-07 22:41 . 2012-08-07 22:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-07 19:40 . 2012-08-07 19:40 -------- d-----w- c:\programdata\FRISK Software
2012-08-07 19:40 . 2012-08-07 19:40 -------- d-----w- c:\program files (x86)\FRISK Software
2012-08-07 19:37 . 2012-08-07 22:36 -------- d-----w- c:\program files (x86)\ThreatFire
2012-08-07 19:37 . 2012-08-07 19:37 -------- d-----w- c:\programdata\PC Tools
2012-08-07 19:34 . 2012-08-07 22:36 -------- d-----w- c:\program files (x86)\Common Files\Teknum Systems
2012-08-07 19:34 . 2012-08-07 19:34 2020864 ----a-w- c:\windows\SysWow64\VCL50.bpl
2012-08-07 19:34 . 2012-08-07 19:34 -------- d-----w- c:\program files (x86)\HandyBits
2012-08-07 08:36 . 2012-08-07 08:36 -------- d-----w- c:\program files (x86)\Android
2012-08-07 02:05 . 2012-08-07 02:05 -------- d-----w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 01:17 . 2012-03-11 21:56 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-06-20 01:17 . 2012-03-11 21:56 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-06-20 01:17 . 2012-03-11 21:56 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-06-10 18:31 . 2012-06-10 18:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-10 18:21 . 2012-06-10 18:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-10 18:20 . 2012-06-10 18:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-10 18:20 . 2012-06-10 18:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-14_08.04.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-10 17:17 . 2012-08-16 02:28 55580 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 02:28 45792 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-05 01:10 . 2012-08-16 02:28 16744 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2692136088-4157217204-3928519883-1001_UserData.bin
+ 2011-07-18 05:37 . 2012-08-16 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-18 05:37 . 2012-08-14 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-14 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-18 05:46 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 05:46 . 2012-08-16 02:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-18 05:46 . 2012-08-14 06:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-18 05:46 . 2012-08-16 02:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 05:46 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-18 05:46 . 2012-08-16 02:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-18 06:08 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 06:08 . 2012-08-16 02:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 06:08 . 2012-08-16 02:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-18 06:08 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-27 06:35 . 2012-08-14 07:15 66048 c:\windows\.jagex_cache_32\browsercontrol.dll
+ 2011-10-27 06:35 . 2012-08-16 01:50 66048 c:\windows\.jagex_cache_32\browsercontrol.dll
- 2011-07-20 08:24 . 2012-08-13 07:07 3142 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-20 08:24 . 2012-08-15 06:59 3142 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-14 06:34 . 2012-08-14 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 02:26 . 2012-08-16 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 02:26 . 2012-08-16 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 06:34 . 2012-08-14 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-14 06:19 287500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 02:25 287500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-02 21:29 . 2012-08-14 06:19 1694240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2692136088-4157217204-3928519883-1001-12288.dat
+ 2011-08-02 21:29 . 2012-08-16 02:25 1694240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2692136088-4157217204-3928519883-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\freddie2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\freddie2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\freddie2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 253088]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-01-15 1101600]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2010-11-17 50856]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
R4 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-05-26 826896]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-07-21 52856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2011-09-29 52664]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:25]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 06:51]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 06:51]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2692136088-4157217204-3928519883-1001Core.job
- c:\users\freddie2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:19]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2692136088-4157217204-3928519883-1001UA.job
- c:\users\freddie2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E5291D33-A987-450F-8757-53E61F871BEB}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\freddie2\AppData\Roaming\Mozilla\Firefox\Profiles\ue0owb8h.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://movies.netflix.com/WiHome
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, c056f6fc-eea2-4c96-83b3-6767944deb7e
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 19:44:29
ComboFix-quarantined-files.txt 2012-08-16 02:44
.
Pre-Run: 552,952,315,904 bytes free
Post-Run: 552,505,540,608 bytes free
.
- - End Of File - - 2A51D373755ED386D4C96A2D85A28331





===
otl
===





All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2692136088-4157217204-3928519883-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\freddie2\AppData\Local\{2AC732DC-1E0E-467A-B444-FBD673363EEC} folder moved successfully.
C:\Users\freddie2\AppData\Local\{5FA5D268-E794-49FC-A09E-BB822E8954F8} folder moved successfully.
C:\Users\freddie2\AppData\Local\{FB4EB6EA-8322-4E07-8647-D1768D5689A1} folder moved successfully.
C:\Users\freddie2\AppData\Local\{86830007-37E9-4AB2-8FE1-8C8B85CAEFA1} folder moved successfully.
C:\Users\freddie2\AppData\Local\{F8E08EBB-16FE-407C-A499-2BFD6AF22DE0} folder moved successfully.
C:\Users\freddie2\AppData\Local\{08FD175D-69FC-408F-81A1-F4AEA4C75D64} folder moved successfully.
C:\Users\freddie2\AppData\Local\{8505AFE4-F261-47C5-9F50-1D3528C6F207} folder moved successfully.
C:\Users\freddie2\AppData\Local\{BDC2578A-C65D-460F-92CE-B322FCB835A0} folder moved successfully.
C:\Users\freddie2\AppData\Local\{C8AACFBB-A245-4130-A99F-2F85E7872771} folder moved successfully.
C:\Users\freddie2\AppData\Local\{4CF84176-D75B-4659-9BCF-5FA07166D8AC} folder moved successfully.
C:\Users\freddie2\AppData\Local\{1380653C-3634-4040-B196-81534B474A79} folder moved successfully.
C:\Users\freddie2\AppData\Local\{338A40E9-3268-4AB5-B064-922ACFFB11B3} folder moved successfully.
C:\Users\freddie2\AppData\Local\{929F4FC0-B979-4B7F-B990-1672CCD525E5} folder moved successfully.
C:\Users\freddie2\AppData\Local\{8193B5E0-1CA1-44D8-A93B-7817F3258A72} folder moved successfully.
C:\Users\freddie2\AppData\Local\{5D6EC1FE-1F18-4600-A4A8-64877E8B7E53} folder moved successfully.
C:\Users\freddie2\AppData\Local\{64B0FD56-D846-414F-A4A2-CABCE3253120} folder moved successfully.
C:\Users\freddie2\AppData\Local\{7353A73C-3C9D-491A-9741-E151B8DECB18} folder moved successfully.
C:\Users\freddie2\AppData\Local\{635A24F6-75BC-4FB3-A211-218EC66313D6} folder moved successfully.
C:\Users\freddie2\AppData\Local\{896FF215-A6E3-4F53-8055-320CAC6AF231} folder moved successfully.
C:\Users\freddie2\AppData\Local\{ED1BAD92-9464-412B-9152-B093DA001898} folder moved successfully.
C:\Users\freddie2\AppData\Local\{14DE4189-F3AB-4C05-ACBA-B96BF54A5000} folder moved successfully.
C:\Users\freddie2\AppData\Local\{F6C37A87-8517-43F2-9616-2A219601E443} folder moved successfully.
C:\Users\freddie2\AppData\Local\{DCF97ECE-8D8B-41E8-9136-1763C8350296} folder moved successfully.
C:\Users\freddie2\AppData\Local\{FAAD4B88-474F-44BC-BABD-DA151EEA1F4D} folder moved successfully.
C:\Users\freddie2\AppData\Local\{B449496F-FEF5-477F-80B6-D6DBD5CA1728} folder moved successfully.
C:\Users\freddie2\AppData\Local\{1AD60C57-1E91-4255-9023-766353AC3B73} folder moved successfully.
C:\Users\freddie2\AppData\Local\{387EF4C1-6F25-4FCE-A6D8-3E31EF450C2C} folder moved successfully.
C:\Users\freddie2\AppData\Local\{FE628254-8BC3-4BE9-A528-9700F48B5C2A} folder moved successfully.
C:\Users\freddie2\AppData\Local\{1D0F80D1-CC00-45D9-A621-B09E8B2DB90F} folder moved successfully.
C:\Users\freddie2\AppData\Local\{06779B91-CA24-49B8-A6A7-DB35B12B4086} folder moved successfully.
C:\Users\freddie2\AppData\Local\{C8566504-6EDD-4D11-9678-D4ED3041A85D} folder moved successfully.
C:\Users\freddie2\AppData\Local\{CFC7DA87-2800-4C6C-B630-1CC89542773F} folder moved successfully.
C:\Users\freddie2\AppData\Local\{05DEB38E-57E5-4CB1-A319-68ED582F5DCE} folder moved successfully.
C:\Users\freddie2\AppData\Local\{62CF2204-82EA-4636-A492-B4EBFCADACB3} folder moved successfully.
C:\Users\freddie2\AppData\Local\{8602E94D-B236-4D59-98CC-3081DF33036B} folder moved successfully.
C:\Users\freddie2\AppData\Local\{85B4BC85-875A-4753-98D9-8E0934825A97} folder moved successfully.
C:\Users\freddie2\AppData\Local\{28FA62DE-A9AD-423B-A3D6-78EC2843D6B9} folder moved successfully.
C:\Users\freddie2\AppData\Local\{8278D39E-1549-4DE8-A1EC-EAFD0BCC4EED} folder moved successfully.
C:\ProgramData\1A1D0 folder moved successfully.
C:\Users\freddie2\AppData\Local\{08E99E1D-7C9A-441F-96D8-32E703067740} folder moved successfully.
C:\Users\freddie2\AppData\Local\{2ECB0897-B6E6-48D6-B244-431747722886} folder moved successfully.
C:\Users\freddie2\AppData\Local\{41D883E8-B02A-440C-AB19-5CF2E3E22729} folder moved successfully.
C:\Users\freddie2\AppData\Local\{3E7116ED-F1FE-41A9-9D38-E2F169414D26} folder moved successfully.
C:\Users\freddie2\AppData\Local\{2EBC6BBC-B841-45D5-BF59-DE30021414EC} folder moved successfully.
C:\Users\freddie2\AppData\Local\{7EBCA8FA-81D7-4EC8-A7C2-833E91A906B5} folder moved successfully.
C:\Users\freddie2\AppData\Local\{896935C7-198D-4F38-ACFA-16DE7BA2B513} folder moved successfully.
C:\Users\freddie2\AppData\Local\{529BCAC6-F316-4BDA-B602-A73BFE2AC225} folder moved successfully.
C:\Users\freddie2\AppData\Local\{811DFD45-C7BA-4D56-87D1-1D9544CDA089} folder moved successfully.
C:\Users\freddie2\AppData\Local\{82A703FE-C3D8-40FD-9A0A-DC47A91BC754} folder moved successfully.
C:\Users\freddie2\AppData\Local\{AE4C8716-4D7C-489A-B7BE-9ABA3D37C240} folder moved successfully.
C:\Users\freddie2\AppData\Local\{4866ABAD-89EB-4F24-A8BB-DEA8C9161A0D} folder moved successfully.
C:\Users\freddie2\AppData\Local\{0C789248-D52A-4E36-953B-7C4DCD048BFC} folder moved successfully.
C:\Users\freddie2\AppData\Local\{0F79900E-02DB-458A-8796-8ACE7A64ABB6} folder moved successfully.
C:\Users\freddie2\AppData\Local\{3B5979EA-BAA4-4526-9671-02E8203D0D2D} folder moved successfully.
C:\Users\freddie2\AppData\Local\{C691028D-6099-48F1-AEDF-F06FD9B4D495} folder moved successfully.
C:\Users\freddie2\AppData\Local\{AE8A46CC-4834-40FD-96B5-B1A35130A408} folder moved successfully.
C:\Users\freddie2\AppData\Local\{2F7612A6-C1AE-48A6-8F5E-A3BCAB8193CF} folder moved successfully.
C:\Users\freddie2\AppData\Local\{EC822D18-CFD1-487C-BFC7-33EF5BE3BA07} folder moved successfully.
C:\Users\freddie2\AppData\Local\{2CCC4AA8-9319-40DC-BBBF-3C8B6716AFE4} folder moved successfully.
C:\Users\freddie2\AppData\Local\{3D31C2AD-F087-4BDC-B280-DB09E31777B7} folder moved successfully.
C:\Users\freddie2\AppData\Local\{E3785DCD-0B65-4DF9-A744-534C29D846AD} folder moved successfully.
C:\Users\freddie2\AppData\Local\{D5D7BAA4-8BD4-449E-A3D8-1A93013A9480} folder moved successfully.
C:\Users\freddie2\AppData\Local\{543AB121-D4C6-443A-94CD-1C266D0F9811} folder moved successfully.
C:\Users\freddie2\AppData\Local\{1AD0CEC0-44C4-452A-A460-EA1A6F485452} folder moved successfully.
C:\Users\freddie2\AppData\Local\{F1362E28-AF85-46A0-A47F-9CF6CC7563E7} folder moved successfully.
C:\Users\freddie2\AppData\Local\{3262DBCD-FBD5-4221-AB4E-5D325610E07C} folder moved successfully.
C:\Users\freddie2\AppData\Local\{00028DB9-2268-46E6-AE6C-B8D6620A9E03} folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\@ moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\{78ed815a-397e-1606-fae9-33e4b3dac79d}\@ not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\freddie2\Desktop\cmd.bat deleted successfully.
C:\Users\freddie2\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\freddie2\Desktop\cmd.bat deleted successfully.
C:\Users\freddie2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Freddie
->Temp folder emptied: 462848 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 175930 bytes
->FireFox cache emptied: 79072183 bytes
->Flash cache emptied: 5707 bytes

User: freddie2
->Temp folder emptied: 17789053 bytes
->Temporary Internet Files folder emptied: 21463493 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 61412263 bytes
->Google Chrome cache emptied: 15890045 bytes
->Flash cache emptied: 903 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 13519556 bytes
->Flash cache emptied: 480 bytes

User: Mcx1-FREDDIE-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 232 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32768 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 69400 bytes
RecycleBin emptied: 2615200 bytes

Total Files Cleaned = 203.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Freddie
->Flash cache emptied: 0 bytes

User: freddie2
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Mcx1-FREDDIE-PC

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Freddie
->Java cache emptied: 0 bytes

User: freddie2
->Java cache emptied: 0 bytes

User: Guest

User: Mcx1-FREDDIE-PC

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08152012_192240

Files\Folders moved on Reboot...
C:\Users\freddie2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\freddie2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

still redirecting me but so far nothing new problematic

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:02 AM

Posted 16 August 2012 - 04:48 PM

Hi!

Sorry to hear that it's still redirecting you!

Lets see what this finds:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Click on Qoobox in the left-hand window pane
  • Look for ComboFix2.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 16 August 2012 - 05:11 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 18:12:03
-----------------------------
18:12:03.603 OS Version: Windows x64 6.1.7600
18:12:03.603 Number of processors: 2 586 0x603
18:12:03.605 ComputerName: FREDDIE-PC UserName: freddie2
18:12:05.869 Initialize success
18:12:45.583 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
18:12:45.590 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
18:12:45.602 Disk 0 MBR read successfully
18:12:45.605 Disk 0 MBR scan
18:12:45.610 Disk 0 Windows 7 default MBR code
18:12:45.618 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
18:12:45.634 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
18:12:45.641 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593994 MB offset 33761280
18:12:45.651 Disk 0 scanning C:\Windows\system32\drivers
18:12:50.311 Service scanning
18:12:58.835 Modules scanning
18:12:58.845 Disk 0 trace - called modules:
18:12:58.860 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:12:58.865 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004609060]
18:12:58.875 3 CLASSPNP.SYS[fffff8800192c43f] -> nt!IofCallDriver -> [0xfffffa80041fa1a0]
18:12:58.882 5 ACPI.sys[fffff88000ef5781] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8004280060]
18:12:58.889 Scan finished successfully
18:13:27.595 Disk 0 MBR has been saved successfully to "C:\Users\freddie2\Desktop\MBR.dat"
18:13:27.603 The log file has been saved successfully to "C:\Users\freddie2\Desktop\aswMBR.txt"





there was no combofix2.txt there was only add and remove programs.txt will go ahead and post below

Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 9.1 MUI
Advertising Center
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Build-a-lot 2
Click to Call with Skype
CyberLink PowerDVD 9
D3DX10
Dropbox
eBay Worldwide
eMachines Game Console
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Escape Rosecliff Island
Evernote v. 4.5.4
Express Burn Disc Burning Software
Faerie Solitaire
FATE - The Traitor Soul
FileZilla Client 3.5.0
GameSpy Arcade
Google Chrome
Google Update Helper
Hotkey Utility
HyperCam 2
Identity Card
ImagXpress
Java Auto Updater
Java™ 6 Update 29
Java™ SE Development Kit 6 Update 26
JavaFX 2.1.0
Jewel Quest Solitaire 3
M8 Free Clipboard
Malwarebytes Anti-Malware version 1.62.0.1300
Messenger Companion
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Monopoly
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mystery P.I. - Lost in Los Angeles
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Notepad++
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.3
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
RuneScape Launcher 1.2
Scrabble Plus
Skype™ 5.5
TeamViewer 6
TeamViewer 7
Tether 1.4.5.0
The Price is Right
TightVNC 2.0.3
Trojan SVCHOSTRemoval Tool
Unlocker 1.9.1
Ventrilo Client
Virtual Families
Virtual Villagers - A New Home
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
Yahtzee
Zax: The Alien Hunter
Zuma Deluxe



and combofix quarantined files again will post below

2012-08-14 08:06:12 . 2012-08-14 08:06:12 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2012-08-14 08:06:12 . 2012-08-14 08:06:12 113 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03}.reg.dat
2012-08-14 08:06:12 . 2012-08-14 08:06:12 124 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-08-14 08:06:12 . 2012-08-14 08:06:12 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-08-14 08:05:52 . 2012-08-14 08:05:52 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ROC_roc_ssl_v12.reg.dat
2012-08-14 08:05:49 . 2012-08-14 08:05:49 218 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03}.reg.dat
2012-08-14 08:05:49 . 2012-08-14 08:05:49 229 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
2012-08-14 08:05:49 . 2012-08-14 08:05:49 521 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}.reg.dat
2012-08-14 08:05:48 . 2012-08-14 08:05:49 237 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2012-08-14 08:05:48 . 2012-08-14 08:05:48 197 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-08-14 08:05:48 . 2012-08-14 08:05:48 469 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}.reg.dat
2012-08-14 08:05:46 . 2012-08-14 08:05:46 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03}.reg.dat
2012-08-14 08:05:46 . 2012-08-14 08:05:46 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}.reg.dat
2012-08-14 07:58:57 . 2012-08-16 02:40:05 13,716 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-14 07:21:20 . 2012-08-16 02:33:42 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-08-14 06:46:20 . 2012-08-14 06:46:20 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\svchost.exe.vir
2011-07-25 05:40:13 . 2011-07-25 06:13:09 80 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\9D6E86EF1F.dll.vir

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:02 AM

Posted 16 August 2012 - 05:39 PM

hmmm... Thanks for those logs.

Can you do me a favor and run a new scan with ComboFix? If it prompts you to update, please allow it to do so.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 16 August 2012 - 10:20 PM

new combofix

ComboFix 12-08-16.01 - freddie2 08/16/2012 23:03:54.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2150 [GMT -7:00]
Running from: c:\users\freddie2\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 06:10 . 2012-08-17 06:10 -------- d-----w- c:\users\Mcx1-FREDDIE-PC\AppData\Local\temp
2012-08-17 06:10 . 2012-08-17 06:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-17 06:10 . 2012-08-17 06:10 -------- d-----w- c:\users\Freddie\AppData\Local\temp
2012-08-17 06:10 . 2012-08-17 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 03:36 . 2012-08-14 03:36 -------- d-----w- c:\users\freddie2\AppData\Roaming\AVG2012
2012-08-14 03:34 . 2012-08-14 03:34 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-14 03:33 . 2012-08-14 03:33 -------- d-----w- C:\$AVG
2012-08-14 03:30 . 2012-08-14 03:46 -------- d-----w- c:\programdata\AVG2012
2012-08-14 02:56 . 2012-08-14 02:56 -------- d-----w- c:\users\freddie2\AppData\Roaming\AVG10
2012-08-14 02:04 . 2012-08-14 02:58 -------- d-----w- c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2012-08-14 02:04 . 2011-02-18 01:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-08-14 02:04 . 2011-02-18 01:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-08-13 02:33 . 2012-08-13 02:42 -------- d-----w- c:\program files (x86)\Unlocker
2012-08-12 00:58 . 2012-08-12 00:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-12 00:58 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 22:41 . 2012-08-07 22:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-08-07 22:41 . 2012-08-07 22:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-07 22:41 . 2012-08-07 22:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-07 19:40 . 2012-08-07 19:40 -------- d-----w- c:\programdata\FRISK Software
2012-08-07 19:40 . 2012-08-07 19:40 -------- d-----w- c:\program files (x86)\FRISK Software
2012-08-07 19:37 . 2012-08-07 22:36 -------- d-----w- c:\program files (x86)\ThreatFire
2012-08-07 19:37 . 2012-08-07 19:37 -------- d-----w- c:\programdata\PC Tools
2012-08-07 19:34 . 2012-08-07 22:36 -------- d-----w- c:\program files (x86)\Common Files\Teknum Systems
2012-08-07 19:34 . 2012-08-07 19:34 2020864 ----a-w- c:\windows\SysWow64\VCL50.bpl
2012-08-07 19:34 . 2012-08-07 19:34 -------- d-----w- c:\program files (x86)\HandyBits
2012-08-07 08:36 . 2012-08-07 08:36 -------- d-----w- c:\program files (x86)\Android
2012-08-07 02:05 . 2012-08-07 02:05 -------- d-----w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 01:17 . 2012-03-11 21:56 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-06-20 01:17 . 2012-03-11 21:56 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-06-20 01:17 . 2012-03-11 21:56 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-06-10 18:31 . 2012-06-10 18:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-10 18:21 . 2012-06-10 18:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-10 18:20 . 2012-06-10 18:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-10 18:20 . 2012-06-10 18:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-14_08.04.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-10 17:17 . 2012-08-17 00:59 55904 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-17 00:59 45848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-05 01:10 . 2012-08-17 00:59 17152 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2692136088-4157217204-3928519883-1001_UserData.bin
- 2011-07-18 05:37 . 2012-08-14 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 05:37 . 2012-08-16 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-14 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-18 05:46 . 2012-08-17 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-18 05:46 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 05:46 . 2012-08-17 00:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 05:46 . 2012-08-14 06:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 05:46 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-18 05:46 . 2012-08-17 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-18 06:08 . 2012-08-17 00:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-18 06:08 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 06:08 . 2012-08-17 00:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-18 06:08 . 2012-08-14 06:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-27 06:35 . 2012-08-14 07:15 66048 c:\windows\.jagex_cache_32\browsercontrol.dll
+ 2011-10-27 06:35 . 2012-08-17 01:06 66048 c:\windows\.jagex_cache_32\browsercontrol.dll
+ 2011-07-20 08:24 . 2012-08-16 07:20 4944 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-17 00:57 . 2012-08-17 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-14 06:34 . 2012-08-14 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 00:57 . 2012-08-17 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 06:34 . 2012-08-14 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-17 02:41 . 2012-08-17 02:41 124520 c:\windows\SysWOW64\mlfcache.dat
- 2009-07-14 05:01 . 2012-08-14 06:19 287500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 17:45 287500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-08-17 04:59 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-08-11 04:32 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-08-02 21:29 . 2012-08-14 06:19 1694240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2692136088-4157217204-3928519883-1001-12288.dat
+ 2011-08-02 21:29 . 2012-08-16 17:45 1694240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2692136088-4157217204-3928519883-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Freddie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\freddie2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\freddie2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\freddie2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 253088]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-01-15 1101600]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2010-11-17 50856]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
R4 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-05-26 826896]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-07-21 52856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2011-09-29 52664]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:25]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 06:51]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 06:51]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2692136088-4157217204-3928519883-1001Core.job
- c:\users\freddie2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:19]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2692136088-4157217204-3928519883-1001UA.job
- c:\users\freddie2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\freddie2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E5291D33-A987-450F-8757-53E61F871BEB}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\freddie2\AppData\Roaming\Mozilla\Firefox\Profiles\ue0owb8h.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://movies.netflix.com/WiHome
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, c056f6fc-eea2-4c96-83b3-6767944deb7e
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-16 23:12:47
ComboFix-quarantined-files.txt 2012-08-17 06:12
ComboFix2.txt 2012-08-16 02:44
.
Pre-Run: 549,967,794,176 bytes free
Post-Run: 549,660,381,184 bytes free
.
- - End Of File - - B06FABA96237A6CD1B111C9BF291B4BD

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:02 AM

Posted 17 August 2012 - 12:07 PM

Hi!

Can you provide me with a little bit more information on this: Trojan SVCHOSTRemoval Tool ?

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 17 August 2012 - 04:20 PM

about the TROJAN SVCHOSTRemoval Tool before i came here i was looking for ways to get rid of the svchost virus it kept showing up on malwarebytes but malwarebytes wouldnt get rid of it so i looked up how to remove svchost virus on yahoo search and thats what it came up with i got it from this website http://www.securitystronghold.com/gates/trojan-svchost.html

#13 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 17 August 2012 - 05:24 PM

and as for the log


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
freddie2 :: FREDDIE-PC [administrator]

Protection: Enabled

8/17/2012 5:28:59 PM
mbam-log-2012-08-17 (17-28-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 423915
Time elapsed: 51 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:02 AM

Posted 18 August 2012 - 03:40 PM

Hi!

Thanks for that information.

I've honestly never heard of that tool before.

Please go ahead and remove Trojan Svchost Removal tool.

Are you still experiencing the redirects?

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 18 August 2012 - 08:45 PM

report from eset and yes to your question it is still redirecting me went ahead and got rid of the tool via programs and features in control panel



C:\Backup\freddie\AppData\Local\Temp\HyperCam.exe Win32/Somoto application
C:\insidiaXV8cache\JFrame\WorldMap\WorldMap.jar a variant of Java/JShrink.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application
C:\Users\Freddie\AppData\Roaming\Mozilla\Firefox\Profiles\qtlh03ua.default\extensions\uzrrjzbtrp@uzrrjzbtrp.org.xpi JS/Redirector.NBX trojan
C:\Users\freddie2\AppData\Local\Google\Chrome\User Data\Default\Default\aacacofhnpppijmnaifafgaoojjjjhok\background.html Win32/BHO.OEI trojan
C:\Users\freddie2\AppData\Roaming\Mozilla\Firefox\Profiles\ue0owb8h.default\extensions\uzrrjzbtrp@uzrrjzbtrp.org.xpi JS/Redirector.NBX trojan
C:\Users\freddie2\Desktop\New folder (2)\cwm crap\UniversalAndroot-1.6.2-beta5.apk multiple threats
C:\Users\freddie2\Desktop\New folder (2)\cwm crap\Exploits\psneuter Android/Exploit.Lotoor.AK trojan
C:\Users\freddie2\Desktop\New folder (2)\cwm crap\Exploits\zergRush Android/Exploit.Lotoor.AN trojan
C:\Users\freddie2\Downloads\SuperOneClickv2.3.3-ShortFuse.zip multiple threats
C:\Users\freddie2\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application
C:\Users\freddie2\Music\all music\honky tonk badonkydonk.mp3 WMA/TrojanDownloader.GetCodec.C trojan
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\3t7c3pht.default\extensions\uzrrjzbtrp@uzrrjzbtrp.org.xpi JS/Redirector.NBX trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users