Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

white smoke toolbar


  • This topic is locked This topic is locked
36 replies to this topic

#1 bear4569

bear4569

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 24 August 2012 - 09:32 AM

I have tried and tried to remove the whitesmoke toolbar and have been unsuccessful, please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by VanderKamp at 10:02:56 on 2012-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1454 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\ftusbsrvc.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\AdFender\AdFender.exe
C:\Users\VanderKamp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
uSearch Bar = Preserve
mStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: LastPass Vault: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\VANDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AdFender.lnk - C:\Program Files (x86)\AdFender\AdFender.exe
StartupFolder: C:\Users\VANDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\VanderKamp\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: intuit.com\ttlc
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://connect.urmc.rochester.edu/+CSCOL+/csvrloader32.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{7B92CBC6-0367-43C4-9CB7-8322119DF3EC} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{7B92CBC6-0367-43C4-9CB7-8322119DF3EC} : DhcpNameServer = 192.168.254.254 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-X64: LastPass Vault - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB-X64: {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\VanderKamp\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\VanderKamp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\VanderKamp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}\plugins\np-mswmp.dll
FF - plugin: C:\Users\VanderKamp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\VanderKamp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959&q=
FF - user.js: extensions.funmoods.id - 7071BC1067CC6B13
FF - user.js: extensions.funmoods.instlDay - 15575
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:29:15
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - aln
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\system32\DRIVERS\MxEFUF64.sys --> C:\Windows\system32\DRIVERS\MxEFUF64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ftusbsrvc;PCoE (Client) service;C:\Windows\system32\ftusbsrvc.exe --> C:\Windows\system32\ftusbsrvc.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-26 1262400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]
R2 Scan2PC;Scan2PC;C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe [2011-9-7 93184]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-2 185856]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 ft2usbhub;Virtual USB Bus;C:\Windows\system32\DRIVERS\ftusbbus2.sys --> C:\Windows\system32\DRIVERS\ftusbbus2.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-6 136176]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2012-8-1 580648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-13 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-6 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 SRS_AE_Service;SRS Audio Essentials;C:\Windows\system32\drivers\SRS_AE_amd64.sys --> C:\Windows\system32\drivers\SRS_AE_amd64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-24 13:41:49 -------- d-----w- C:\Users\VanderKamp\AppData\Local\Macromedia
2012-08-24 13:39:48 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
2012-08-24 13:39:45 -------- d-----w- C:\Windows\System32\wbem\Logs
2012-08-24 13:34:14 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2012-08-24 13:34:14 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2012-08-24 13:34:14 -------- d-----w- C:\Windows\System32\wbem\MOF
2012-08-24 13:16:30 -------- d-----w- C:\ProgramData\Sophos
2012-08-24 13:16:23 73728 ----a-r- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 13:16:23 73728 ----a-r- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 13:16:23 73728 ----a-r- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-24 13:16:19 -------- d-----w- C:\Program Files (x86)\Sophos
2012-08-23 10:59:19 -------- d-----w- C:\Users\VanderKamp\AppData\Local\Vid-Saver
2012-08-23 10:59:02 -------- d-----w- C:\Program Files (x86)\Vid-Saver
2012-08-21 01:57:20 -------- d-----w- C:\Program Files\uRexsoft
2012-08-20 21:39:55 -------- d-----w- C:\ProgramData\WeCareReminder
2012-08-15 22:12:12 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 22:12:12 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 22:11:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 22:11:35 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 22:11:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 22:11:35 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 22:06:23 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 22:06:23 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 22:06:23 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 22:06:16 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 22:06:07 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-08 15:40:01 -------- d-----w- C:\ProgramData\Codec
2012-08-08 11:18:39 -------- d-----w- C:\ProgramData\AdFender
2012-08-01 14:14:11 -------- d-----w- C:\Users\VanderKamp\AppData\Local\CrashDumps
2012-08-01 13:52:42 -------- d-----w- C:\Users\VanderKamp\AppData\Roaming\SystemSpeedBooster
2012-08-01 13:52:42 -------- d-----w- C:\ProgramData\SystemSpeedBooster
2012-08-01 13:36:42 -------- d-----w- C:\Users\VanderKamp\AppData\Roaming\Wise Care 365
2012-08-01 12:54:42 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-01 00:38:00 -------- d-----w- C:\Users\VanderKamp\AppData\Roaming\Blueberry
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 19:58:23 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
2012-07-26 21:53:52 -------- d-----w- C:\Program Files\Defraggler
2012-07-26 20:44:25 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-26 20:44:25 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-26 20:44:25 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-26 20:44:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-26 20:44:25 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-26 20:44:10 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-26 20:44:10 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-26 20:44:02 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-07-26 18:24:07 -------- d-----w- C:\Program Files (x86)\Belarc
2012-07-26 18:06:09 -------- d-----w- C:\ProgramData\r2 Studios
2012-07-26 18:05:45 -------- d-----w- C:\Program Files\r2 Studios
2012-07-26 16:50:07 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2012-07-26 16:50:07 -------- d-----w- C:\Program Files (x86)\SpeedBit Video Accelerator
2012-07-26 16:49:33 -------- d-----w- C:\Program Files (x86)\SpeedBit
2012-07-25 15:07:27 -------- d-----w- C:\Users\VanderKamp\AppData\Local\libimobiledevice
2012-07-25 14:59:36 -------- d-----w- C:\Users\VanderKamp\AppData\Roaming\redsn0w
2012-07-25 14:46:49 -------- d-----w- C:\JailbreAk
.
==================== Find3M ====================
.
2012-07-22 13:36:38 90784 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2012-07-22 13:36:38 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2012-07-19 00:39:22 14690376 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-07-11 17:56:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:56:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-09 13:25:44 1669749 ----a-w- C:\MGtools.exe
2012-07-09 10:52:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-07-09 10:52:34 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-25 15:13:23 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-06-25 15:13:23 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-06-25 14:35:05 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-25 14:35:05 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-23 19:30:24 254976 ----a-w- C:\Windows\System32\RDCCredentialProvider.dll
2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 10:03:26.50 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/20/2011 12:03:00 AM
System Uptime: 8/24/2012 9:39:23 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Narra6
Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 370.692 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.491 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Avnex Virtual Audio Device
Device ID: ROOT\MEDIA\0000
Manufacturer: AVNEX Ltd.
Name: Avnex Virtual Audio Device
PNP Device ID: ROOT\MEDIA\0000
Service: VCSVADHWSer
.
==== System Restore Points ===================
.
RP396: 8/24/2012 9:02:16 AM - OTL Restore Point - 8/24/2012 9:02:14 AM
RP397: 8/24/2012 9:15:41 AM - Installed Sophos Virus Removal Tool.
RP398: 8/24/2012 9:16:47 AM - Removed ASPCA Reminder by We-Care.com v4.1.18.1
RP399: 8/24/2012 9:20:29 AM - Revo Uninstaller's restore point - Sophos Virus Removal Tool
.
==== Installed Programs ======================
.
.
AccuWeather.com
AdFender
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Amazon Kindle
Apple Application Support
Apple Software Update
Avidemux 2.5
Belarc Advisor 8.2
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 3.0
Canon My Printer
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDBurnerXP
Compatibility Pack for the 2007 Office system
ContentManager
Coupon Printer for Windows
Creative Memories Memory Manager 3
Creative Memories StoryBook Creator Plus
Creative Memories StoryBook Creator Plus 3
CRI Image Resizer
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
DivX Setup
DriverMax 6
Dropbox
Duplicate Commander 2.5
DVD Decrypter (Remove Only)
DVD2one V2.4.2
Facebook Messenger 2.1.4590.0
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Grooveshark
Hewlett-Packard ACLM.NET v1.1.2.0
HijackThis 1.99.1
HP Advisor
HP Customer Experience Enhancements
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Update
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Kidzui
LabelPrint
LastPass (uninstall only)
Learning Lodge Navigator
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
Memory Manager 3 Service Update
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Music Manager
NOOK for PC
NVIDIA 3D Vision Controller Driver
OverDrive Media Console
PDF Form Filler 2
Photo Story 3 for Windows
PhotoScape
PictureMover
PMB
Power2Go
PowerDirector
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Remove Empty Directories version 2.2
Revo Uninstaller 1.94
RoboForm 7-6-6 (All Users)
Scan2PC
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Simple Adblock
Sophos Virus Removal Tool
SpeedBit 3.2
SpeedBit Video Accelerator
Startup Delayer v3.0 (build 323)
swMSM
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wndiper
TurboTax 2011 wnyiper
TurboTax 2011 wohiper
TurboTax 2011 wrapper
TurboTax Audit Support Center 3.0
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Verizon Wireless Software Upgrade Assistant - Samsung
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
ViewSonic Monitor Drivers x64
ViewSonic Windows 7 x64 Signed Files
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
VTech Download Agent Library
WebM Project Directshow Filters
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools - SubInAcl.exe
WinRAR 4.01
Wise Care 365 version 1.12
.
==== Event Viewer Messages From Past Week ========
.
8/24/2012 9:45:57 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/21/2012 7:32:31 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
8/19/2012 4:32:33 PM, Error: Schannel [36887] - The following fatal alert was received: 47.
.
==== End Of File ===========================


ran gmer with no results as well

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 25 August 2012 - 06:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 August 2012 - 03:34 PM

Here are the results of the two checks



Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 1.99.1
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




ComboFix 12-08-25.04 - VanderKamp 08/25/2012 13:08:27.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1678 [GMT -4:00]
Running from: c:\users\VanderKamp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\program files (x86)\Vid-Saver\ButtonUtil.dll
c:\program files (x86)\Vid-Saver\Vid-Saver-bg.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\Codecv\background.html
c:\programdata\Codecv\bhoclass.dll
c:\programdata\Codecv\content.js
c:\programdata\Codecv\data\content.js
c:\programdata\Codecv\data\jsondb.js
c:\programdata\Codecv\oloemjnjhhmglodmbibalpbnmmegmdag.crx
c:\programdata\Codecv\ooajnfknjohjpcnogkjakalehloanpeb.crx
c:\programdata\Codecv\settings.ini
c:\users\VanderKamp\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\install.rdf
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\windows\sys\msvcp100d.dll
c:\windows\sys\msvcr100.dll
c:\windows\sys\msvcr100d.dll
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-24 14:31 . 2012-08-24 14:31 -------- d-----w- c:\users\VanderKamp\AppData\Roaming\avidemux
2012-08-24 13:41 . 2012-08-24 13:41 -------- d-----w- c:\users\VanderKamp\AppData\Local\Macromedia
2012-08-24 13:39 . 2012-08-24 13:39 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2012-08-24 13:39 . 2012-08-24 13:39 -------- d-----w- c:\windows\system32\wbem\Logs
2012-08-24 13:34 . 2012-08-24 13:34 -------- d-----w- c:\windows\system32\wbem\MOF
2012-08-24 13:16 . 2012-08-24 13:16 -------- d-----w- c:\programdata\Sophos
2012-08-24 13:16 . 2012-08-24 13:16 73728 ----a-r- c:\users\VanderKamp\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 13:16 . 2012-08-24 13:16 73728 ----a-r- c:\users\VanderKamp\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 13:16 . 2012-08-24 13:16 73728 ----a-r- c:\users\VanderKamp\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-24 13:16 . 2012-08-24 13:16 -------- d-----w- c:\program files (x86)\Sophos
2012-08-21 01:57 . 2012-08-21 01:57 -------- d-----w- c:\program files\uRexsoft
2012-08-20 21:39 . 2012-08-24 13:17 -------- d-----w- c:\programdata\WeCareReminder
2012-08-15 22:12 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 22:12 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 22:11 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 22:11 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 22:11 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 22:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 22:06 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 22:06 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 22:06 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 22:06 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 22:06 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 22:06 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 13:43 . 2012-08-24 13:33 -------- d-----w- c:\users\Caleb
2012-08-13 11:51 . 2012-08-13 11:51 -------- d--h--w- c:\program files\CanonBJ
2012-08-08 15:40 . 2012-08-24 13:33 -------- d-----w- c:\programdata\Codec
2012-08-08 11:18 . 2012-08-08 11:18 -------- d-----w- c:\programdata\AdFender
2012-08-01 14:14 . 2012-08-24 00:33 -------- d-----w- c:\users\VanderKamp\AppData\Local\CrashDumps
2012-08-01 13:52 . 2012-08-01 13:52 -------- d-----w- c:\programdata\SystemSpeedBooster
2012-08-01 13:52 . 2012-08-01 13:52 -------- d-----w- c:\users\VanderKamp\AppData\Roaming\SystemSpeedBooster
2012-08-01 13:36 . 2012-08-25 17:06 -------- d-----w- c:\users\VanderKamp\AppData\Roaming\Wise Care 365
2012-08-01 13:23 . 2012-08-01 13:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-01 12:54 . 2012-08-01 12:54 -------- d-----w- c:\program files (x86)\Oracle
2012-08-01 00:38 . 2012-08-01 00:38 -------- d-----w- c:\users\VanderKamp\AppData\Roaming\Blueberry
2012-07-29 20:21 . 2012-08-20 21:34 -------- d-----w- c:\users\VanderKamp\AppData\Roaming\vlc
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 19:58 . 2012-07-27 19:59 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-07-26 21:53 . 2012-07-26 21:53 -------- d-----w- c:\program files\Defraggler
2012-07-26 20:44 . 2012-08-21 01:57 -------- d-----w- c:\users\UpdatusUser
2012-07-26 20:44 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-26 20:44 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-26 20:44 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-26 20:44 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-26 20:44 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-26 20:44 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-26 20:44 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-26 20:44 . 2012-07-26 20:44 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-26 18:24 . 2012-07-26 18:24 -------- d-----w- c:\program files (x86)\Belarc
2012-07-26 18:06 . 2012-07-26 18:06 -------- d-----w- c:\programdata\r2 Studios
2012-07-26 18:05 . 2012-07-26 18:05 -------- d-----w- c:\program files\r2 Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 00:40 . 2011-04-20 13:34 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-26 16:50 . 2012-07-26 16:50 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2012-07-22 13:36 . 2012-07-22 13:36 90784 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-07-22 13:36 . 2012-07-22 13:36 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-07-19 00:39 . 2012-07-19 00:39 14690376 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-07-11 17:56 . 2012-05-13 13:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:56 . 2012-05-13 13:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-09 13:33 . 2012-07-09 13:26 311249 ----a-w- C:\MGlogs.zip
2012-07-09 13:25 . 2012-07-09 13:25 1669749 ----a-w- C:\MGtools.exe
2012-07-09 10:52 . 2012-07-09 10:52 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-09 10:52 . 2012-07-09 10:52 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-06 02:06 . 2012-06-18 22:04 772544 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-06 02:06 . 2011-04-24 15:10 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2012-07-09 12:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-25 15:13 . 2012-06-25 15:13 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-25 15:13 . 2012-06-25 15:13 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-25 14:35 . 2012-06-25 14:35 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-25 14:35 . 2011-10-18 20:15 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-23 19:30 . 2012-06-23 19:31 254976 ----a-w- c:\windows\system32\RDCCredentialProvider.dll
2012-06-09 05:43 . 2012-07-11 12:21 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 12:21 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 12:21 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 12:19 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 12:21 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 12:21 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 12:19 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 05:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 05:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 05:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 05:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 05:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 05:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 05:14 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 05:14 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 05:14 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 12:21 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 12:21 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 12:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 12:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 12:21 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 12:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 12:21 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 12:21 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 12:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-25_15.27.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-25 15:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-25 17:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-25 17:08 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-25 15:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-25 15:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-25 17:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-16 02:19 . 2012-08-25 17:07 88768 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-25 17:08 49608 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 04:14 . 2012-08-25 17:08 34758 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2204444078-866163389-772774753-1000_UserData.bin
- 2012-08-25 15:27 . 2012-08-25 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-25 17:06 . 2012-08-25 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-25 17:06 . 2012-08-25 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-25 15:27 . 2012-08-25 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-22 00:34 . 2012-08-25 15:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-08-22 00:34 . 2012-08-25 17:08 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-08-25 15:26 449420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-25 16:41 449420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-26 13:52 . 2012-08-25 16:41 37278266 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2204444078-866163389-772774753-1000-12288.dat
- 2011-04-26 13:52 . 2012-08-25 15:26 37278266 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2204444078-866163389-772774753-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2012-07-26 421576]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-06-21 580648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys [2011-08-01 513824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-10 21504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\windows\TEMP\tmp6055.tmp [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ftusbsrvc;PCoE (Client) service;c:\windows\system32\ftusbsrvc.exe [2011-11-16 2892800]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 Scan2PC;Scan2PC;c:\program files (x86)\Scan2PC\Sc2PCS64.exe [2009-07-28 93184]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-02-16 51568]
S3 ft2usbhub;Virtual USB Bus;c:\windows\system32\DRIVERS\ftusbbus2.sys [2011-11-16 40520]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-02-16 45424]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 17:56]
.
2012-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000Core.job
- c:\users\VanderKamp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-01 12:06]
.
2012-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000UA.job
- c:\users\VanderKamp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-01 12:06]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 11:51]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 11:51]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000Core.job
- c:\users\VanderKamp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 18:47]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000UA.job
- c:\users\VanderKamp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 18:47]
.
2012-08-24 c:\windows\Tasks\HPCeeScheduleForVanderKamp.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-08-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2012-08-25 c:\windows\Tasks\Wise Care 365 PC Checkup Task.job
- c:\program files (x86)\Wise\Wise Care 365\WiseCare365.exe [2012-08-01 23:12]
.
2012-08-25 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2012-08-01 14:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\VanderKamp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: LastPass - file://c:\users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{7B92CBC6-0367-43C4-9CB7-8322119DF3EC}: NameServer = 8.26.56.26,156.154.70.22
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://connect.urmc.rochester.edu/+CSCOL+/csvrloader32.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\6mg29mpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQCh0oXfi&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQCh0oXfi&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 907f6b130000000000007071bc1067cc
FF - user.js: extensions.incredibar_i.instlDay - 15523
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQCh0oXfi
FF - user.js: extensions.incredibar_i.upn2n - 92543162611091776
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10659
FF - user.js: extensions.incredibar_i.ppd - 97%5F5
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959&q=
FF - user.js: extensions.funmoods.id - 7071BC1067CC6B13
FF - user.js: extensions.funmoods.instlDay - 15575
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:29
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - aln
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{462be121-2b54-4218-bf00-b9bf8135b23f} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{462BE121-2B54-4218-BF00-B9BF8135B23F} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\windows\TEMP\tmp6055.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-25 16:09:02
ComboFix-quarantined-files.txt 2012-08-25 20:09
.
Pre-Run: 397,121,204,224 bytes free
Post-Run: 397,095,092,224 bytes free
.
- - End Of File - - 48E684E6B42C73D1B77EA3C701E9B4A2

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 25 August 2012 - 04:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 August 2012 - 10:12 PM

22:59:05.0404 5728 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:59:05.0810 5728 ============================================================
22:59:05.0810 5728 Current date / time: 2012/08/25 22:59:05.0810
22:59:05.0810 5728 SystemInfo:
22:59:05.0810 5728
22:59:05.0810 5728 OS Version: 6.1.7601 ServicePack: 1.0
22:59:05.0810 5728 Product type: Workstation
22:59:05.0810 5728 ComputerName: VANDERKAMP-PC
22:59:05.0810 5728 UserName: VanderKamp
22:59:05.0810 5728 Windows directory: C:\Windows
22:59:05.0810 5728 System windows directory: C:\Windows
22:59:05.0810 5728 Running under WOW64
22:59:05.0810 5728 Processor architecture: Intel x64
22:59:05.0810 5728 Number of processors: 2
22:59:05.0810 5728 Page size: 0x1000
22:59:05.0810 5728 Boot type: Normal boot
22:59:05.0810 5728 ============================================================
22:59:06.0574 5728 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:06.0590 5728 Drive \Device\Harddisk1\DR1 - Size: 0x1D6000000 (7.34 Gb), SectorSize: 0x200, Cylinders: 0x3BE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:59:06.0590 5728 ============================================================
22:59:06.0590 5728 \Device\Harddisk0\DR0:
22:59:06.0590 5728 MBR partitions:
22:59:06.0590 5728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:59:06.0590 5728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x38FC87C1
22:59:06.0590 5728 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFB000, BlocksNum 0x138A800
22:59:06.0590 5728 \Device\Harddisk1\DR1:
22:59:06.0590 5728 MBR partitions:
22:59:06.0590 5728 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0xAC8, BlocksNum 0xEAF538
22:59:06.0590 5728 ============================================================
22:59:06.0637 5728 C: <-> \Device\Harddisk0\DR0\Partition2
22:59:06.0684 5728 D: <-> \Device\Harddisk0\DR0\Partition3
22:59:06.0684 5728 ============================================================
22:59:06.0684 5728 Initialize success
22:59:06.0684 5728 ============================================================
22:59:08.0805 5584 ============================================================
22:59:08.0805 5584 Scan started
22:59:08.0805 5584 Mode: Manual;
22:59:08.0805 5584 ============================================================
22:59:09.0554 5584 ================ Scan system memory ========================
22:59:09.0554 5584 System memory - ok
22:59:09.0554 5584 ================ Scan services =============================
22:59:09.0679 5584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:59:09.0679 5584 1394ohci - ok
22:59:09.0694 5584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:59:09.0710 5584 ACPI - ok
22:59:09.0726 5584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:59:09.0726 5584 AcpiPmi - ok
22:59:09.0819 5584 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:59:09.0819 5584 AdobeARMservice - ok
22:59:09.0960 5584 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:59:09.0960 5584 AdobeFlashPlayerUpdateSvc - ok
22:59:09.0975 5584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:59:09.0991 5584 adp94xx - ok
22:59:09.0991 5584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:59:09.0991 5584 adpahci - ok
22:59:10.0006 5584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:59:10.0022 5584 adpu320 - ok
22:59:10.0038 5584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:59:10.0038 5584 AeLookupSvc - ok
22:59:10.0084 5584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:59:10.0084 5584 AFD - ok
22:59:10.0147 5584 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
22:59:10.0147 5584 AgereModemAudio - ok
22:59:10.0178 5584 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:59:10.0178 5584 AgereSoftModem - ok
22:59:10.0209 5584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:59:10.0209 5584 agp440 - ok
22:59:10.0225 5584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:59:10.0225 5584 ALG - ok
22:59:10.0256 5584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:59:10.0256 5584 aliide - ok
22:59:10.0272 5584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:59:10.0272 5584 amdide - ok
22:59:10.0272 5584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:59:10.0272 5584 AmdK8 - ok
22:59:10.0287 5584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:59:10.0287 5584 AmdPPM - ok
22:59:10.0318 5584 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:59:10.0318 5584 amdsata - ok
22:59:10.0334 5584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:59:10.0334 5584 amdsbs - ok
22:59:10.0350 5584 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:59:10.0350 5584 amdxata - ok
22:59:10.0381 5584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:59:10.0381 5584 AppID - ok
22:59:10.0396 5584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:59:10.0396 5584 AppIDSvc - ok
22:59:10.0412 5584 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:59:10.0412 5584 Appinfo - ok
22:59:10.0490 5584 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:59:10.0490 5584 Apple Mobile Device - ok
22:59:10.0521 5584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:59:10.0521 5584 arc - ok
22:59:10.0537 5584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:59:10.0537 5584 arcsas - ok
22:59:10.0615 5584 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:59:10.0615 5584 aspnet_state - ok
22:59:10.0646 5584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:59:10.0646 5584 AsyncMac - ok
22:59:10.0662 5584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:59:10.0662 5584 atapi - ok
22:59:10.0708 5584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:59:10.0708 5584 AudioEndpointBuilder - ok
22:59:10.0724 5584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:59:10.0740 5584 AudioSrv - ok
22:59:10.0849 5584 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:59:10.0927 5584 AVGIDSAgent - ok
22:59:10.0958 5584 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:59:10.0958 5584 AVGIDSDriver - ok
22:59:10.0974 5584 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:59:10.0974 5584 AVGIDSFilter - ok
22:59:10.0989 5584 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
22:59:10.0989 5584 AVGIDSHA - ok
22:59:11.0005 5584 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
22:59:11.0020 5584 Avgldx64 - ok
22:59:11.0020 5584 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
22:59:11.0036 5584 Avgmfx64 - ok
22:59:11.0036 5584 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
22:59:11.0036 5584 Avgrkx64 - ok
22:59:11.0052 5584 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
22:59:11.0067 5584 Avgtdia - ok
22:59:11.0098 5584 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:59:11.0098 5584 avgwd - ok
22:59:11.0145 5584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:59:11.0145 5584 AxInstSV - ok
22:59:11.0176 5584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:59:11.0192 5584 b06bdrv - ok
22:59:11.0192 5584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:59:11.0208 5584 b57nd60a - ok
22:59:11.0223 5584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:59:11.0223 5584 BDESVC - ok
22:59:11.0239 5584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:59:11.0239 5584 Beep - ok
22:59:11.0270 5584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:59:11.0286 5584 BFE - ok
22:59:11.0301 5584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:59:11.0301 5584 BITS - ok
22:59:11.0332 5584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:59:11.0332 5584 blbdrive - ok
22:59:11.0379 5584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:59:11.0379 5584 Bonjour Service - ok
22:59:11.0395 5584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:59:11.0395 5584 bowser - ok
22:59:11.0410 5584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:59:11.0410 5584 BrFiltLo - ok
22:59:11.0426 5584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:59:11.0426 5584 BrFiltUp - ok
22:59:11.0442 5584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:59:11.0457 5584 BridgeMP - ok
22:59:11.0473 5584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:59:11.0473 5584 Browser - ok
22:59:11.0488 5584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:59:11.0488 5584 Brserid - ok
22:59:11.0504 5584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:59:11.0504 5584 BrSerWdm - ok
22:59:11.0520 5584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:59:11.0520 5584 BrUsbMdm - ok
22:59:11.0535 5584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:59:11.0535 5584 BrUsbSer - ok
22:59:11.0551 5584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:59:11.0551 5584 BTHMODEM - ok
22:59:11.0582 5584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:59:11.0582 5584 bthserv - ok
22:59:11.0582 5584 catchme - ok
22:59:11.0598 5584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:59:11.0598 5584 cdfs - ok
22:59:11.0629 5584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:59:11.0629 5584 cdrom - ok
22:59:11.0660 5584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:59:11.0660 5584 CertPropSvc - ok
22:59:11.0676 5584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:59:11.0691 5584 circlass - ok
22:59:11.0707 5584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:59:11.0707 5584 CLFS - ok
22:59:11.0754 5584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:59:11.0754 5584 clr_optimization_v2.0.50727_32 - ok
22:59:11.0785 5584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:59:11.0800 5584 clr_optimization_v2.0.50727_64 - ok
22:59:11.0832 5584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:59:11.0847 5584 clr_optimization_v4.0.30319_32 - ok
22:59:11.0847 5584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:59:11.0847 5584 clr_optimization_v4.0.30319_64 - ok
22:59:11.0863 5584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:59:11.0863 5584 CmBatt - ok
22:59:11.0894 5584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:59:11.0894 5584 cmdide - ok
22:59:11.0910 5584 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:59:11.0910 5584 CNG - ok
22:59:11.0925 5584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:59:11.0925 5584 Compbatt - ok
22:59:11.0956 5584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:59:11.0956 5584 CompositeBus - ok
22:59:11.0972 5584 COMSysApp - ok
22:59:11.0988 5584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:59:11.0988 5584 crcdisk - ok
22:59:12.0019 5584 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:59:12.0019 5584 CryptSvc - ok
22:59:12.0066 5584 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
22:59:12.0066 5584 CVirtA - ok
22:59:12.0081 5584 [ 955D19605E8043D2F2FBAFF6F91D47A3 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:59:12.0097 5584 dc3d - ok
22:59:12.0112 5584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:59:12.0112 5584 DcomLaunch - ok
22:59:12.0144 5584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:59:12.0144 5584 defragsvc - ok
22:59:12.0175 5584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:59:12.0175 5584 DfsC - ok
22:59:12.0222 5584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:59:12.0222 5584 Dhcp - ok
22:59:12.0237 5584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:59:12.0237 5584 discache - ok
22:59:12.0253 5584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:59:12.0253 5584 Disk - ok
22:59:12.0268 5584 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
22:59:12.0268 5584 DNE - ok
22:59:12.0300 5584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:59:12.0300 5584 Dnscache - ok
22:59:12.0331 5584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:59:12.0331 5584 dot3svc - ok
22:59:12.0346 5584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:59:12.0346 5584 DPS - ok
22:59:12.0362 5584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:59:12.0378 5584 drmkaud - ok
22:59:12.0424 5584 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:59:12.0424 5584 DXGKrnl - ok
22:59:12.0456 5584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:59:12.0456 5584 EapHost - ok
22:59:12.0846 5584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:59:12.0877 5584 ebdrv - ok
22:59:12.0892 5584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:59:12.0892 5584 EFS - ok
22:59:12.0939 5584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:59:12.0939 5584 ehRecvr - ok
22:59:12.0970 5584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:59:12.0970 5584 ehSched - ok
22:59:12.0986 5584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:59:13.0002 5584 elxstor - ok
22:59:13.0017 5584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:59:13.0017 5584 ErrDev - ok
22:59:13.0048 5584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:59:13.0048 5584 EventSystem - ok
22:59:13.0064 5584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:59:13.0064 5584 exfat - ok
22:59:13.0080 5584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:59:13.0080 5584 fastfat - ok
22:59:13.0126 5584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:59:13.0142 5584 Fax - ok
22:59:13.0142 5584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:59:13.0142 5584 fdc - ok
22:59:13.0158 5584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:59:13.0173 5584 fdPHost - ok
22:59:13.0173 5584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:59:13.0189 5584 FDResPub - ok
22:59:13.0189 5584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:59:13.0189 5584 FileInfo - ok
22:59:13.0204 5584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:59:13.0204 5584 Filetrace - ok
22:59:13.0204 5584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:59:13.0204 5584 flpydisk - ok
22:59:13.0236 5584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:59:13.0236 5584 FltMgr - ok
22:59:13.0267 5584 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:59:13.0282 5584 FontCache - ok
22:59:13.0314 5584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:59:13.0314 5584 FontCache3.0.0.0 - ok
22:59:13.0329 5584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:59:13.0329 5584 FsDepends - ok
22:59:13.0360 5584 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:59:13.0360 5584 fssfltr - ok
22:59:13.0454 5584 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:59:13.0454 5584 fsssvc - ok
22:59:13.0485 5584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:59:13.0501 5584 Fs_Rec - ok
22:59:13.0516 5584 [ 5F2B55F1C6F23A78FAD00EB1C2355F21 ] ft2usbhub C:\Windows\system32\DRIVERS\ftusbbus2.sys
22:59:13.0516 5584 ft2usbhub - ok
22:59:13.0563 5584 [ 4534732660F40EE4222C473F5B10FA8E ] ftusbsrvc C:\Windows\system32\ftusbsrvc.exe
22:59:13.0594 5584 ftusbsrvc - ok
22:59:13.0626 5584 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:59:13.0626 5584 fvevol - ok
22:59:13.0657 5584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:59:13.0657 5584 gagp30kx - ok
22:59:13.0672 5584 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:59:13.0672 5584 GEARAspiWDM - ok
22:59:13.0704 5584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:59:13.0704 5584 gpsvc - ok
22:59:13.0797 5584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:59:13.0797 5584 gupdate - ok
22:59:13.0813 5584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:59:13.0813 5584 gupdatem - ok
22:59:13.0828 5584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:59:13.0828 5584 hcw85cir - ok
22:59:13.0860 5584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:59:13.0860 5584 HDAudBus - ok
22:59:13.0875 5584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:59:13.0875 5584 HidBatt - ok
22:59:13.0891 5584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:59:13.0891 5584 HidBth - ok
22:59:13.0891 5584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:59:13.0891 5584 HidIr - ok
22:59:13.0922 5584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:59:13.0922 5584 hidserv - ok
22:59:13.0938 5584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:59:13.0938 5584 HidUsb - ok
22:59:13.0953 5584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:59:13.0953 5584 hkmsvc - ok
22:59:14.0000 5584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:59:14.0000 5584 HomeGroupListener - ok
22:59:14.0031 5584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:59:14.0031 5584 HomeGroupProvider - ok
22:59:14.0109 5584 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:59:14.0109 5584 HP Support Assistant Service - ok
22:59:14.0156 5584 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:59:14.0172 5584 HPDrvMntSvc.exe - ok
22:59:14.0218 5584 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:59:14.0218 5584 hpqwmiex - ok
22:59:14.0250 5584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:59:14.0250 5584 HpSAMD - ok
22:59:14.0281 5584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:59:14.0296 5584 HTTP - ok
22:59:14.0328 5584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:59:14.0328 5584 hwpolicy - ok
22:59:14.0343 5584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:59:14.0343 5584 i8042prt - ok
22:59:14.0359 5584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:59:14.0374 5584 iaStorV - ok
22:59:14.0421 5584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:59:14.0437 5584 idsvc - ok
22:59:14.0452 5584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:59:14.0452 5584 iirsp - ok
22:59:14.0499 5584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:59:14.0499 5584 IKEEXT - ok
22:59:14.0608 5584 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:59:14.0655 5584 IntcAzAudAddService - ok
22:59:14.0686 5584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:59:14.0686 5584 intelide - ok
22:59:14.0718 5584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:59:14.0718 5584 intelppm - ok
22:59:14.0796 5584 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:59:14.0796 5584 IntuitUpdateServiceV4 - ok
22:59:14.0811 5584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:59:14.0827 5584 IPBusEnum - ok
22:59:14.0842 5584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:59:14.0842 5584 IpFilterDriver - ok
22:59:14.0858 5584 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:59:14.0874 5584 iphlpsvc - ok
22:59:14.0889 5584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:59:14.0905 5584 IPMIDRV - ok
22:59:14.0920 5584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:59:14.0920 5584 IPNAT - ok
22:59:14.0967 5584 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:59:14.0983 5584 iPod Service - ok
22:59:14.0998 5584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:59:14.0998 5584 IRENUM - ok
22:59:15.0030 5584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:59:15.0030 5584 isapnp - ok
22:59:15.0061 5584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:59:15.0061 5584 iScsiPrt - ok
22:59:15.0092 5584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:59:15.0092 5584 kbdclass - ok
22:59:15.0108 5584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:59:15.0108 5584 kbdhid - ok
22:59:15.0123 5584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:59:15.0123 5584 KeyIso - ok
22:59:15.0139 5584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:59:15.0139 5584 KSecDD - ok
22:59:15.0170 5584 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:59:15.0170 5584 KSecPkg - ok
22:59:15.0186 5584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:59:15.0186 5584 ksthunk - ok
22:59:15.0217 5584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:59:15.0217 5584 KtmRm - ok
22:59:15.0232 5584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:59:15.0248 5584 LanmanServer - ok
22:59:15.0264 5584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:59:15.0279 5584 LanmanWorkstation - ok
22:59:15.0310 5584 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:59:15.0310 5584 LightScribeService - ok
22:59:15.0326 5584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:59:15.0326 5584 lltdio - ok
22:59:15.0373 5584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:59:15.0373 5584 lltdsvc - ok
22:59:15.0388 5584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:59:15.0388 5584 lmhosts - ok
22:59:15.0420 5584 [ A5080FF109574E41ABF38BBD73EA2405 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
22:59:15.0435 5584 LPCFilter - ok
22:59:15.0451 5584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:59:15.0451 5584 LSI_FC - ok
22:59:15.0466 5584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:59:15.0482 5584 LSI_SAS - ok
22:59:15.0482 5584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:59:15.0482 5584 LSI_SAS2 - ok
22:59:15.0498 5584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:59:15.0498 5584 LSI_SCSI - ok
22:59:15.0513 5584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:59:15.0513 5584 luafv - ok
22:59:15.0529 5584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:59:15.0544 5584 Mcx2Svc - ok
22:59:15.0560 5584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:59:15.0576 5584 megasas - ok
22:59:15.0591 5584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:59:15.0591 5584 MegaSR - ok
22:59:15.0654 5584 Microsoft SharePoint Workspace Audit Service - ok
22:59:15.0654 5584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:59:15.0669 5584 MMCSS - ok
22:59:15.0669 5584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:59:15.0669 5584 Modem - ok
22:59:15.0700 5584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:59:15.0700 5584 monitor - ok
22:59:15.0716 5584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:59:15.0716 5584 mouclass - ok
22:59:15.0732 5584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:59:15.0747 5584 mouhid - ok
22:59:15.0763 5584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:59:15.0763 5584 mountmgr - ok
22:59:15.0810 5584 [ 01EB7C39A57F84E4BC3503AF3AD6440E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:59:15.0810 5584 MozillaMaintenance - ok
22:59:15.0825 5584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:59:15.0825 5584 mpio - ok
22:59:15.0841 5584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:59:15.0841 5584 mpsdrv - ok
22:59:15.0872 5584 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:59:15.0888 5584 MpsSvc - ok
22:59:15.0903 5584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:59:15.0903 5584 MRxDAV - ok
22:59:15.0919 5584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:59:15.0919 5584 mrxsmb - ok
22:59:15.0950 5584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:59:15.0950 5584 mrxsmb10 - ok
22:59:15.0950 5584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:59:15.0950 5584 mrxsmb20 - ok
22:59:15.0966 5584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:59:15.0966 5584 msahci - ok
22:59:15.0997 5584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:59:15.0997 5584 msdsm - ok
22:59:16.0012 5584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:59:16.0012 5584 MSDTC - ok
22:59:16.0028 5584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:59:16.0028 5584 Msfs - ok
22:59:16.0059 5584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:59:16.0059 5584 mshidkmdf - ok
22:59:16.0075 5584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:59:16.0075 5584 msisadrv - ok
22:59:16.0090 5584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:59:16.0090 5584 MSiSCSI - ok
22:59:16.0090 5584 msiserver - ok
22:59:16.0122 5584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:59:16.0122 5584 MSKSSRV - ok
22:59:16.0137 5584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:59:16.0137 5584 MSPCLOCK - ok
22:59:16.0153 5584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:59:16.0153 5584 MSPQM - ok
22:59:16.0184 5584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:59:16.0200 5584 MsRPC - ok
22:59:16.0215 5584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:59:16.0215 5584 mssmbios - ok
22:59:16.0246 5584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:59:16.0246 5584 MSTEE - ok
22:59:16.0262 5584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:59:16.0262 5584 MTConfig - ok
22:59:16.0278 5584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:59:16.0278 5584 Mup - ok
22:59:16.0324 5584 [ 08835780CC6A5CFF5275101B5A9D17A4 ] MxEFUF C:\Windows\system32\DRIVERS\MxEFUF64.sys
22:59:16.0324 5584 MxEFUF - ok
22:59:16.0356 5584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:59:16.0371 5584 napagent - ok
22:59:16.0387 5584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:59:16.0387 5584 NativeWifiP - ok
22:59:16.0418 5584 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:59:16.0418 5584 NDIS - ok
22:59:16.0434 5584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:59:16.0434 5584 NdisCap - ok
22:59:16.0449 5584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:59:16.0449 5584 NdisTapi - ok
22:59:16.0480 5584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:59:16.0480 5584 Ndisuio - ok
22:59:16.0512 5584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:59:16.0512 5584 NdisWan - ok
22:59:16.0527 5584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:59:16.0527 5584 NDProxy - ok
22:59:16.0543 5584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:59:16.0543 5584 NetBIOS - ok
22:59:16.0574 5584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:59:16.0574 5584 NetBT - ok
22:59:16.0590 5584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:59:16.0590 5584 Netlogon - ok
22:59:16.0621 5584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:59:16.0636 5584 Netman - ok
22:59:16.0668 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:16.0668 5584 NetMsmqActivator - ok
22:59:16.0683 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:16.0683 5584 NetPipeActivator - ok
22:59:16.0699 5584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:59:16.0699 5584 netprofm - ok
22:59:16.0730 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:16.0730 5584 NetTcpActivator - ok
22:59:16.0730 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:16.0730 5584 NetTcpPortSharing - ok
22:59:16.0761 5584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:59:16.0761 5584 nfrd960 - ok
22:59:16.0777 5584 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:59:16.0777 5584 NlaSvc - ok
22:59:16.0808 5584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:59:16.0808 5584 Npfs - ok
22:59:16.0824 5584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:59:16.0824 5584 nsi - ok
22:59:16.0839 5584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:59:16.0839 5584 nsiproxy - ok
22:59:16.0870 5584 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:59:16.0902 5584 Ntfs - ok
22:59:16.0917 5584 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:59:16.0917 5584 NuidFltr - ok
22:59:16.0933 5584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:59:16.0933 5584 Null - ok
22:59:17.0479 5584 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:59:17.0666 5584 nvlddmkm - ok
22:59:17.0713 5584 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
22:59:17.0713 5584 NVNET - ok
22:59:17.0728 5584 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:59:17.0744 5584 nvraid - ok
22:59:17.0760 5584 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:59:17.0760 5584 nvstor - ok
22:59:17.0775 5584 [ 4D9ABA962D7ECE81866F96D5F69FB2B8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:59:17.0775 5584 nvstor64 - ok
22:59:17.0806 5584 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:59:17.0822 5584 nvsvc - ok
22:59:17.0916 5584 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:59:17.0916 5584 nvUpdatusService - ok
22:59:17.0947 5584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:59:17.0947 5584 nv_agp - ok
22:59:17.0962 5584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:59:17.0978 5584 ohci1394 - ok
22:59:18.0025 5584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:18.0025 5584 ose - ok
22:59:18.0243 5584 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:59:18.0306 5584 osppsvc - ok
22:59:18.0321 5584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:59:18.0337 5584 p2pimsvc - ok
22:59:18.0352 5584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:59:18.0352 5584 p2psvc - ok
22:59:18.0368 5584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:59:18.0368 5584 Parport - ok
22:59:18.0399 5584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:59:18.0399 5584 partmgr - ok
22:59:18.0415 5584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:59:18.0415 5584 PcaSvc - ok
22:59:18.0430 5584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:59:18.0430 5584 pci - ok
22:59:18.0462 5584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:59:18.0462 5584 pciide - ok
22:59:18.0477 5584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:59:18.0477 5584 pcmcia - ok
22:59:18.0493 5584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:59:18.0493 5584 pcw - ok
22:59:18.0508 5584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:59:18.0524 5584 PEAUTH - ok
22:59:18.0602 5584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:59:18.0618 5584 PerfHost - ok
22:59:18.0649 5584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:59:18.0680 5584 pla - ok
22:59:18.0711 5584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:59:18.0711 5584 PlugPlay - ok
22:59:18.0774 5584 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:59:18.0774 5584 PMBDeviceInfoProvider - ok
22:59:18.0805 5584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:59:18.0805 5584 PNRPAutoReg - ok
22:59:18.0805 5584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:59:18.0820 5584 PNRPsvc - ok
22:59:18.0836 5584 [ 89F340670034834DDC91CBC452B756EC ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:59:18.0836 5584 Point64 - ok
22:59:18.0852 5584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:59:18.0867 5584 PolicyAgent - ok
22:59:18.0883 5584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:59:18.0883 5584 Power - ok
22:59:18.0930 5584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:59:18.0930 5584 PptpMiniport - ok
22:59:18.0945 5584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:59:18.0945 5584 Processor - ok
22:59:18.0976 5584 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:59:18.0976 5584 ProfSvc - ok
22:59:18.0992 5584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:59:18.0992 5584 ProtectedStorage - ok
22:59:19.0023 5584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:59:19.0023 5584 Psched - ok
22:59:19.0054 5584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:59:19.0070 5584 ql2300 - ok
22:59:19.0101 5584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:59:19.0101 5584 ql40xx - ok
22:59:19.0132 5584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:59:19.0132 5584 QWAVE - ok
22:59:19.0132 5584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:59:19.0148 5584 QWAVEdrv - ok
22:59:19.0164 5584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:59:19.0164 5584 RasAcd - ok
22:59:19.0179 5584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:59:19.0179 5584 RasAgileVpn - ok
22:59:19.0195 5584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:59:19.0195 5584 RasAuto - ok
22:59:19.0242 5584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:19.0242 5584 Rasl2tp - ok
22:59:19.0257 5584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:59:19.0257 5584 RasMan - ok
22:59:19.0273 5584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:19.0273 5584 RasPppoe - ok
22:59:19.0288 5584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:59:19.0288 5584 RasSstp - ok
22:59:19.0288 5584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:59:19.0288 5584 rdbss - ok
22:59:19.0304 5584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:59:19.0304 5584 rdpbus - ok
22:59:19.0320 5584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:19.0320 5584 RDPCDD - ok
22:59:19.0335 5584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:59:19.0335 5584 RDPENCDD - ok
22:59:19.0351 5584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:59:19.0351 5584 RDPREFMP - ok
22:59:19.0366 5584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:59:19.0366 5584 RDPWD - ok
22:59:19.0398 5584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:59:19.0398 5584 rdyboost - ok
22:59:19.0413 5584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:59:19.0413 5584 RemoteAccess - ok
22:59:19.0429 5584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:59:19.0444 5584 RemoteRegistry - ok
22:59:19.0460 5584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:59:19.0460 5584 RpcEptMapper - ok
22:59:19.0476 5584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:59:19.0476 5584 RpcLocator - ok
22:59:19.0491 5584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:59:19.0491 5584 RpcSs - ok
22:59:19.0507 5584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:59:19.0507 5584 rspndr - ok
22:59:19.0522 5584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:59:19.0522 5584 SamSs - ok
22:59:19.0538 5584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:59:19.0538 5584 sbp2port - ok
22:59:19.0569 5584 [ 8C957D55D34AE4B062AA05E869139D87 ] Scan2PC C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe
22:59:19.0569 5584 Scan2PC - ok
22:59:19.0585 5584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:59:19.0600 5584 SCardSvr - ok
22:59:19.0616 5584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:59:19.0616 5584 scfilter - ok
22:59:19.0647 5584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:59:19.0647 5584 Schedule - ok
22:59:19.0678 5584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:59:19.0678 5584 SCPolicySvc - ok
22:59:19.0694 5584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:59:19.0694 5584 SDRSVC - ok
22:59:19.0725 5584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:59:19.0725 5584 secdrv - ok
22:59:19.0756 5584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:59:19.0756 5584 seclogon - ok
22:59:19.0772 5584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:59:19.0772 5584 SENS - ok
22:59:19.0788 5584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:59:19.0788 5584 SensrSvc - ok
22:59:19.0803 5584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:59:19.0819 5584 Serenum - ok
22:59:19.0819 5584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:59:19.0819 5584 Serial - ok
22:59:19.0850 5584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:59:19.0850 5584 sermouse - ok
22:59:19.0866 5584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:59:19.0866 5584 SessionEnv - ok
22:59:19.0897 5584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:59:19.0897 5584 sffdisk - ok
22:59:19.0912 5584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:59:19.0912 5584 sffp_mmc - ok
22:59:19.0928 5584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:59:19.0928 5584 sffp_sd - ok
22:59:19.0928 5584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:59:19.0928 5584 sfloppy - ok
22:59:19.0975 5584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:59:19.0975 5584 SharedAccess - ok
22:59:20.0006 5584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:59:20.0006 5584 ShellHWDetection - ok
22:59:20.0022 5584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:59:20.0022 5584 SiSRaid2 - ok
22:59:20.0037 5584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:59:20.0037 5584 SiSRaid4 - ok
22:59:20.0053 5584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:59:20.0053 5584 Smb - ok
22:59:20.0084 5584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:59:20.0084 5584 SNMPTRAP - ok
22:59:20.0100 5584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:59:20.0100 5584 spldr - ok
22:59:20.0115 5584 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:59:20.0131 5584 Spooler - ok
22:59:20.0224 5584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:59:20.0271 5584 sppsvc - ok
22:59:20.0287 5584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:59:20.0287 5584 sppuinotify - ok
22:59:20.0318 5584 [ 46BE3584FE0F72D3430E669225ACCB40 ] SRS_AE_Service C:\Windows\system32\drivers\SRS_AE_amd64.sys
22:59:20.0334 5584 SRS_AE_Service - ok
22:59:20.0365 5584 [ 83BE26217FD07B3613D151D24AAA9BEB ] SRS_SSCFilter C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
22:59:20.0365 5584 SRS_SSCFilter - ok
22:59:20.0412 5584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:59:20.0412 5584 srv - ok
22:59:20.0427 5584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:59:20.0443 5584 srv2 - ok
22:59:20.0443 5584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:59:20.0443 5584 srvnet - ok
22:59:20.0474 5584 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
22:59:20.0474 5584 sscdbus - ok
22:59:20.0505 5584 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:59:20.0505 5584 sscdmdfl - ok
22:59:20.0521 5584 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
22:59:20.0521 5584 sscdmdm - ok
22:59:20.0552 5584 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
22:59:20.0552 5584 sscdserd - ok
22:59:20.0568 5584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:59:20.0583 5584 SSDPSRV - ok
22:59:20.0583 5584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:59:20.0583 5584 SstpSvc - ok
22:59:20.0614 5584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:59:20.0614 5584 stexstor - ok
22:59:20.0646 5584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:59:20.0646 5584 stisvc - ok
22:59:20.0677 5584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:59:20.0677 5584 swenum - ok
22:59:20.0692 5584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:59:20.0692 5584 swprv - ok
22:59:20.0755 5584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:59:20.0770 5584 SysMain - ok
22:59:20.0802 5584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:59:20.0802 5584 TabletInputService - ok
22:59:20.0817 5584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:59:20.0817 5584 TapiSrv - ok
22:59:20.0833 5584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:59:20.0848 5584 TBS - ok
22:59:20.0880 5584 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:59:20.0911 5584 Tcpip - ok
22:59:20.0942 5584 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:59:20.0958 5584 TCPIP6 - ok
22:59:20.0989 5584 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:59:20.0989 5584 tcpipreg - ok
22:59:21.0020 5584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:59:21.0020 5584 TDPIPE - ok
22:59:21.0036 5584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:59:21.0036 5584 TDTCP - ok
22:59:21.0067 5584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:59:21.0067 5584 tdx - ok
22:59:21.0098 5584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:59:21.0098 5584 TermDD - ok
22:59:21.0114 5584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:59:21.0129 5584 TermService - ok
22:59:21.0129 5584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:59:21.0145 5584 Themes - ok
22:59:21.0160 5584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:59:21.0160 5584 THREADORDER - ok
22:59:21.0176 5584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:59:21.0176 5584 TrkWks - ok
22:59:21.0223 5584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:59:21.0223 5584 TrustedInstaller - ok
22:59:21.0254 5584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:21.0270 5584 tssecsrv - ok
22:59:21.0301 5584 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:59:21.0301 5584 TsUsbFlt - ok
22:59:21.0316 5584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:59:21.0316 5584 tunnel - ok
22:59:21.0332 5584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:59:21.0332 5584 uagp35 - ok
22:59:21.0348 5584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:59:21.0363 5584 udfs - ok
22:59:21.0379 5584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:59:21.0379 5584 UI0Detect - ok
22:59:21.0394 5584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:59:21.0394 5584 uliagpkx - ok
22:59:21.0426 5584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:59:21.0426 5584 umbus - ok
22:59:21.0441 5584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:59:21.0441 5584 UmPass - ok
22:59:21.0457 5584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:59:21.0457 5584 upnphost - ok
22:59:21.0519 5584 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:59:21.0519 5584 USBAAPL64 - ok
22:59:21.0535 5584 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:21.0535 5584 usbccgp - ok
22:59:21.0566 5584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:59:21.0566 5584 usbcir - ok
22:59:21.0582 5584 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:59:21.0582 5584 usbehci - ok
22:59:21.0597 5584 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:59:21.0597 5584 usbhub - ok
22:59:21.0613 5584 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:59:21.0613 5584 usbohci - ok
22:59:21.0644 5584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:59:21.0644 5584 usbprint - ok
22:59:21.0660 5584 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:59:21.0660 5584 usbscan - ok
22:59:21.0675 5584 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:59:21.0675 5584 USBSTOR - ok
22:59:21.0691 5584 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:59:21.0691 5584 usbuhci - ok
22:59:21.0706 5584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:59:21.0706 5584 UxSms - ok
22:59:21.0706 5584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:59:21.0706 5584 VaultSvc - ok
22:59:21.0738 5584 [ 3A4B01C2BDB07DFEF29B0B369487503A ] VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
22:59:21.0738 5584 VCSVADHWSer - ok
22:59:21.0769 5584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:59:21.0769 5584 vdrvroot - ok
22:59:21.0800 5584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:59:21.0800 5584 vds - ok
22:59:21.0816 5584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:21.0831 5584 vga - ok
22:59:21.0831 5584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:59:21.0831 5584 VgaSave - ok
22:59:21.0847 5584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:59:21.0847 5584 vhdmp - ok
22:59:21.0878 5584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:59:21.0878 5584 viaide - ok
22:59:21.0909 5584 VideoAcceleratorService - ok
22:59:21.0909 5584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:59:21.0909 5584 volmgr - ok
22:59:21.0940 5584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:59:21.0940 5584 volmgrx - ok
22:59:21.0940 5584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:59:21.0956 5584 volsnap - ok
22:59:21.0972 5584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:59:21.0972 5584 vsmraid - ok
22:59:22.0003 5584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:59:22.0050 5584 VSS - ok
22:59:22.0143 5584 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
22:59:22.0159 5584 vToolbarUpdater11.2.0 - ok
22:59:22.0174 5584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:59:22.0174 5584 vwifibus - ok
22:59:22.0206 5584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:59:22.0206 5584 W32Time - ok
22:59:22.0221 5584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:59:22.0221 5584 WacomPen - ok
22:59:22.0252 5584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:59:22.0252 5584 WANARP - ok
22:59:22.0252 5584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:59:22.0268 5584 Wanarpv6 - ok
22:59:22.0315 5584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:59:22.0330 5584 WatAdminSvc - ok
22:59:22.0362 5584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:59:22.0393 5584 wbengine - ok
22:59:22.0408 5584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:59:22.0408 5584 WbioSrvc - ok
22:59:22.0424 5584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:59:22.0424 5584 wcncsvc - ok
22:59:22.0440 5584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:59:22.0440 5584 WcsPlugInService - ok
22:59:22.0455 5584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:59:22.0455 5584 Wd - ok
22:59:22.0471 5584 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:59:22.0486 5584 Wdf01000 - ok
22:59:22.0486 5584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:59:22.0502 5584 WdiServiceHost - ok
22:59:22.0502 5584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:59:22.0502 5584 WdiSystemHost - ok
22:59:22.0549 5584 [ EFB3074BDBABE0A137D89D8E58F02392 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
22:59:22.0549 5584 Web Assistant Updater - ok
22:59:22.0564 5584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:59:22.0580 5584 WebClient - ok
22:59:22.0580 5584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:59:22.0596 5584 Wecsvc - ok
22:59:22.0611 5584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:59:22.0611 5584 wercplsupport - ok
22:59:22.0627 5584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:59:22.0627 5584 WerSvc - ok
22:59:22.0658 5584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:59:22.0658 5584 WfpLwf - ok
22:59:22.0658 5584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:59:22.0658 5584 WIMMount - ok
22:59:22.0674 5584 WinDefend - ok
22:59:22.0689 5584 WinHttpAutoProxySvc - ok
22:59:22.0736 5584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:59:22.0736 5584 Winmgmt - ok
22:59:22.0752 5584 WinRing0_1_2_0 - ok
22:59:22.0798 5584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:59:22.0830 5584 WinRM - ok
22:59:22.0861 5584 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
22:59:22.0861 5584 WinUSB - ok
22:59:22.0923 5584 [ 8516D8CDB2AD19AC19C2D9D16EDAC9DD ] WiseBootAssistant C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
22:59:22.0923 5584 WiseBootAssistant - ok
22:59:22.0939 5584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:59:22.0954 5584 Wlansvc - ok
22:59:23.0064 5584 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:59:23.0079 5584 wlidsvc - ok
22:59:23.0110 5584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:59:23.0110 5584 WmiAcpi - ok
22:59:23.0142 5584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:59:23.0142 5584 wmiApSrv - ok
22:59:23.0173 5584 WMPNetworkSvc - ok
22:59:23.0188 5584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:59:23.0188 5584 WPCSvc - ok
22:59:23.0204 5584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:59:23.0204 5584 WPDBusEnum - ok
22:59:23.0235 5584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:59:23.0235 5584 ws2ifsl - ok
22:59:23.0251 5584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:59:23.0251 5584 wscsvc - ok
22:59:23.0266 5584 WSearch - ok
22:59:23.0329 5584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:59:23.0360 5584 wuauserv - ok
22:59:23.0376 5584 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:59:23.0376 5584 WudfPf - ok
22:59:23.0391 5584 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:59:23.0391 5584 WUDFRd - ok
22:59:23.0422 5584 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:59:23.0422 5584 wudfsvc - ok
22:59:23.0438 5584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:59:23.0438 5584 WwanSvc - ok
22:59:23.0454 5584 ================ Scan global ===============================
22:59:23.0469 5584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:59:23.0500 5584 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:59:23.0500 5584 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:59:23.0516 5584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:59:23.0547 5584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:59:23.0547 5584 [Global] - ok
22:59:23.0547 5584 ================ Scan MBR ==================================
22:59:23.0563 5584 [ F86645598351FFD5320B8B477F4AE44D ] \Device\Harddisk0\DR0
22:59:24.0530 5584 \Device\Harddisk0\DR0 - ok
22:59:24.0530 5584 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:59:26.0714 5584 \Device\Harddisk1\DR1 - ok
22:59:26.0714 5584 ================ Scan VBR ==================================
22:59:26.0714 5584 [ DFDC27139D6D2789DB410CB6A895C0FB ] \Device\Harddisk0\DR0\Partition1
22:59:26.0714 5584 \Device\Harddisk0\DR0\Partition1 - ok
22:59:26.0714 5584 [ 00743E711B16DFF7F69F761829461B8D ] \Device\Harddisk0\DR0\Partition2
22:59:26.0730 5584 \Device\Harddisk0\DR0\Partition2 - ok
22:59:26.0745 5584 [ 32AA8B1FEFCFE04D2BE7A9C475979C0F ] \Device\Harddisk0\DR0\Partition3
22:59:26.0745 5584 \Device\Harddisk0\DR0\Partition3 - ok
22:59:27.0759 5584 [ 2915B44C1A758576FB3B92B35EE87EFF ] \Device\Harddisk1\DR1\Partition1
22:59:27.0759 5584 \Device\Harddisk1\DR1\Partition1 - ok
22:59:27.0759 5584 ============================================================
22:59:27.0759 5584 Scan finished
22:59:27.0759 5584 ============================================================
22:59:27.0759 1656 Detected object count: 0
22:59:27.0759 1656 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 23:01:51
-----------------------------
23:01:51.677 OS Version: Windows x64 6.1.7601 Service Pack 1
23:01:51.677 Number of processors: 2 586 0x602
23:01:51.678 ComputerName: VANDERKAMP-PC UserName: VanderKamp
23:01:52.907 Initialize success
23:04:25.302 AVAST engine defs: 12082501
23:04:33.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
23:04:33.628 Disk 0 Vendor: WDC_WD50 06.0 Size: 476940MB BusType: 8
23:04:33.641 Disk 0 MBR read successfully
23:04:33.643 Disk 0 MBR scan
23:04:33.646 Disk 0 unknown MBR code
23:04:33.648 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:04:33.655 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 466832 MB offset 206911
23:04:33.684 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10005 MB offset 956280832
23:04:33.735 Disk 0 scanning C:\Windows\system32\drivers
23:04:41.196 Service scanning
23:04:58.651 Modules scanning
23:04:58.655 Disk 0 trace - called modules:
23:04:58.665 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
23:04:58.669 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032cd060]
23:04:58.672 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800307c7a0]
23:04:58.675 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa800307c060]
23:04:59.573 AVAST engine scan C:\Windows
23:05:02.100 AVAST engine scan C:\Windows\system32
23:07:41.209 AVAST engine scan C:\Windows\system32\drivers
23:07:52.184 AVAST engine scan C:\Users\VanderKamp
23:09:39.215 Disk 0 MBR has been saved successfully to "C:\Users\VanderKamp\Desktop\MBR.dat"
23:09:39.220 The log file has been saved successfully to "C:\Users\VanderKamp\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 25 August 2012 - 10:32 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 August 2012 - 08:16 AM

OTL logfile created on: 8/26/2012 9:10:45 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\VanderKamp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 51.29% Memory free
3.38 Gb Paging File | 1.61 Gb Available in Paging File | 47.57% Paging File free
Paging file location(s): c:\pagefile.sys 650 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.89 Gb Total Space | 369.85 Gb Free Space | 81.13% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 1.49 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive G: | 7.33 Gb Total Space | 2.98 Gb Free Space | 40.72% Space Free | Partition Type: FAT32

Computer Name: VANDERKAMP-PC | User Name: VanderKamp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\VanderKamp\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Users\VanderKamp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe (WiseCleaner.com)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (ftusbsrvc) -- C:\Windows\SysNative\ftusbsrvc.exe (FabulaTech)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (WiseBootAssistant) -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Scan2PC) -- C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (ft2usbhub) -- C:\Windows\SysNative\drivers\ftusbbus2.sys (FabulaTech)
DRV:64bit: - (MxEFUF) -- C:\Windows\SysNative\drivers\MxEFUF64.sys (Matrox Graphics Inc.)
DRV:64bit: - (SRS_AE_Service) -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (SRS_SSCFilter) -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys ()
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A453EB2A-F3CA-40FA-9447-6C50B3C1E5B2}
IE:64bit: - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
IE:64bit: - HKLM\..\SearchScopes\Zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = Zbani
IE - HKLM\..\SearchScopes,DefaultScope = Zbani
IE - HKLM\..\SearchScopes\{1E72803C-1887-FA99-1EFC-41E7D13A6682}: "URL" = http://home.zbani.com/en/get/{searchTerms}
IE - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{A453EB2A-F3CA-40FA-9447-6C50B3C1E5B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3244149
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,Backup.Old.DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{1E72803C-1887-FA99-1EFC-41E7D13A6682}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{532325A6-6950-4BAF-A431-7E2FD1742A41}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{AB01C93A-01D3-4619-A823-20EC1DEA5876}: "URL" = http://search.avg.com/?d=4daf0407&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2204444078-866163389-772774753-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/CQDSK/1
IE - HKU\S-1-5-21-2204444078-866163389-772774753-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

========== FireFox ==========

FF - prefs.js..CT3244149.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\VanderKamp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\VanderKamp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\VanderKamp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\VanderKamp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\VanderKamp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\VanderKamp\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/07/02 15:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/01/11 09:41:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 08:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 19:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/02 15:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/20 17:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 09:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/21 07:32:51 | 000,000,000 | ---D | M]

[2011/12/12 03:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Extensions
[2012/08/25 22:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions
[2012/08/23 06:59:13 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
[2012/08/01 11:31:09 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\support@lastpass.com
[2012/08/23 10:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\64jb193x.New User\extensions
[2012/08/23 06:59:19 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\64jb193x.New User\extensions\crossriderapp3491@crossrider.com
[2012/08/23 10:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\64jb193x.New User\extensions\staged
[2012/07/25 09:37:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\64jb193x.New User\extensions\support@lastpass.com
[2012/08/24 09:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\6mg29mpp.default\extensions
[2012/08/23 06:59:19 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\6mg29mpp.default\extensions\crossriderapp3491@crossrider.com
[2012/08/23 10:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\6mg29mpp.default\extensions\staged
[2012/07/18 20:39:15 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\6mg29mpp.default\extensions\support@lastpass.com
[2012/08/23 06:59:52 | 000,000,927 | ---- | M] () -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\searchplugins\conduit.xml
[2012/07/28 09:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 10:04:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/09 19:46:13 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Default Profile (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Michael Graves = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeajpdomellldbbkbeccocedicnehfhe\3_0\
CHR - Extension: YouTube = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: LastPass = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: AVG Safe Search = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Codecv = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajnfknjohjpcnogkjakalehloanpeb\1.0_0\
CHR - Extension: Gmail = C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/25 11:27:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] c:\program files\canon\myprinter\bjmyprt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1006..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VanderKamp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2204444078-866163389-772774753-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O15 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://connect.urmc.rochester.edu/+CSCOL+/csvrloader64.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://connect.urmc.rochester.edu/+CSCOL+/csvrloader32.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B92CBC6-0367-43C4-9CB7-8322119DF3EC}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B92CBC6-0367-43C4-9CB7-8322119DF3EC}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 22:58:43 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\VanderKamp\Desktop\tdsskiller.exe
[2012/08/25 22:55:00 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Local\{82D8429A-C6C6-45E2-8822-05B23D8891EF}
[2012/08/25 16:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/25 16:09:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/25 09:57:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/25 09:57:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/25 09:57:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/25 09:54:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/25 09:53:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/25 09:51:57 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\VanderKamp\Desktop\ComboFix.exe
[2012/08/25 08:39:55 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Local\{7EA5F0A9-8E62-46E9-B3B8-1CC83ECA9ADA}
[2012/08/24 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\avidemux
[2012/08/24 09:41:49 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Local\Macromedia
[2012/08/24 09:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/20 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uRexsoft
[2012/08/20 21:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\uRexsoft
[2012/08/20 17:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/15 20:43:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 20:43:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 20:43:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 20:43:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 20:43:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 20:43:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 20:43:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 20:43:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 20:43:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 20:43:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 20:43:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 20:43:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 20:43:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 18:12:12 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 18:11:36 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 18:11:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 18:11:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 18:06:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 18:06:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 18:06:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 18:06:07 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/13 07:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2012/08/13 07:51:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/08/12 10:50:34 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\Desktop\Judi's Grad Party (1)
[2012/08/08 11:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec
[2012/08/08 07:18:39 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdFender
[2012/08/08 07:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AdFender
[2012/08/06 23:15:59 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\Documents\My Digital Editions
[2012/08/06 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/08/01 10:14:11 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Local\CrashDumps
[2012/08/01 09:52:42 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\SystemSpeedBooster
[2012/08/01 09:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemSpeedBooster
[2012/08/01 09:36:42 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\Wise Care 365
[2012/08/01 09:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2012/08/01 09:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/01 08:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/01 08:54:25 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/01 08:54:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/01 08:54:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/01 08:07:18 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/31 20:38:00 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\Blueberry
[2012/07/29 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\AppData\Roaming\vlc
[2012/07/28 18:29:36 | 000,000,000 | ---D | C] -- C:\Users\VanderKamp\Desktop\Mt. Hope Cemetery 7-12
[2012/07/27 15:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[2012/07/18 20:39:06 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 09:03:53 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 09:03:53 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 08:56:31 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2012/08/26 08:56:20 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 23:11:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000UA.job
[2012/08/25 23:09:39 | 000,000,512 | ---- | M] () -- C:\Users\VanderKamp\Desktop\MBR.dat
[2012/08/25 22:58:47 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\VanderKamp\Desktop\tdsskiller.exe
[2012/08/25 18:36:38 | 104,889,247 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/25 11:27:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/25 11:26:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2012/08/25 09:51:57 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\VanderKamp\Desktop\ComboFix.exe
[2012/08/25 08:46:31 | 000,881,581 | ---- | M] () -- C:\Users\VanderKamp\Desktop\SecurityCheck.exe
[2012/08/25 08:40:57 | 000,783,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/25 08:40:57 | 000,663,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/25 08:40:57 | 000,122,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/24 10:04:47 | 000,294,216 | ---- | M] () -- C:\Users\VanderKamp\Desktop\gmer.zip
[2012/08/24 10:01:23 | 000,000,000 | ---- | M] () -- C:\Users\VanderKamp\defogger_reenable
[2012/08/24 08:11:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000Core.job
[2012/08/24 07:33:44 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVanderKamp.job
[2012/08/23 10:29:17 | 000,384,844 | ---- | M] () -- C:\Users\VanderKamp\AppData\Local\funmoods-speeddial.crx
[2012/08/23 06:59:20 | 000,000,009 | ---- | M] () -- C:\END
[2012/08/22 09:54:57 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/08/21 07:27:57 | 000,801,222 | ---- | M] () -- C:\Users\VanderKamp\Desktop\Back_To_School_Coupon.pdf
[2012/08/20 21:43:33 | 000,682,490 | ---- | M] () -- C:\Users\VanderKamp\Desktop\The Guardian of Bastet.epub
[2012/08/16 17:49:45 | 000,463,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/12 10:52:27 | 000,013,778 | ---- | M] () -- C:\Users\VanderKamp\AppData\Roaming\wklnhst.dat
[2012/08/08 07:18:39 | 000,001,031 | ---- | M] () -- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2012/08/08 07:10:12 | 000,083,034 | ---- | M] () -- C:\Users\VanderKamp\Desktop\advancementform.pdf
[2012/08/07 10:06:23 | 000,000,043 | ---- | M] () -- C:\Users\VanderKamp\Desktop\Belt loop certificate.gif
[2012/08/06 23:15:52 | 000,002,168 | ---- | M] () -- C:\Users\VanderKamp\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/06 23:15:52 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Edtions.lnk
[2012/08/03 17:28:23 | 000,408,075 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/01 10:02:38 | 000,004,950 | ---- | M] () -- C:\ProgramData\hiytdygl.ihf
[2012/08/01 08:54:13 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/01 08:54:13 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/31 20:52:50 | 001,078,847 | ---- | M] () -- C:\Users\VanderKamp\Desktop\Crane room use form
[2012/07/31 20:37:20 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 23:09:39 | 000,000,512 | ---- | C] () -- C:\Users\VanderKamp\Desktop\MBR.dat
[2012/08/25 16:36:35 | 000,001,067 | ---- | C] () -- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/25 16:36:35 | 000,001,031 | ---- | C] () -- C:\Users\VanderKamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2012/08/25 16:36:35 | 000,000,744 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scan2PC.lnk
[2012/08/25 09:57:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/25 09:57:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/25 09:57:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/25 09:57:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/25 09:57:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/25 08:46:29 | 000,881,581 | ---- | C] () -- C:\Users\VanderKamp\Desktop\SecurityCheck.exe
[2012/08/24 10:04:46 | 000,294,216 | ---- | C] () -- C:\Users\VanderKamp\Desktop\gmer.zip
[2012/08/24 10:01:23 | 000,000,000 | ---- | C] () -- C:\Users\VanderKamp\defogger_reenable
[2012/08/23 10:29:32 | 000,384,844 | ---- | C] () -- C:\Users\VanderKamp\AppData\Local\funmoods-speeddial.crx
[2012/08/23 06:59:20 | 000,000,009 | ---- | C] () -- C:\END
[2012/08/21 07:27:57 | 000,801,222 | ---- | C] () -- C:\Users\VanderKamp\Desktop\Back_To_School_Coupon.pdf
[2012/08/20 21:43:33 | 000,682,490 | ---- | C] () -- C:\Users\VanderKamp\Desktop\The Guardian of Bastet.epub
[2012/08/08 07:10:12 | 000,083,034 | ---- | C] () -- C:\Users\VanderKamp\Desktop\advancementform.pdf
[2012/08/07 10:10:43 | 000,000,043 | ---- | C] () -- C:\Users\VanderKamp\Desktop\Belt loop certificate.gif
[2012/08/06 23:15:52 | 000,002,168 | ---- | C] () -- C:\Users\VanderKamp\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/06 23:15:52 | 000,002,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/08/06 23:15:52 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Edtions.lnk
[2012/08/01 10:24:17 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2012/08/01 10:02:38 | 000,004,950 | ---- | C] () -- C:\ProgramData\hiytdygl.ihf
[2012/08/01 09:38:16 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2012/08/01 08:06:59 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000UA.job
[2012/08/01 08:06:58 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204444078-866163389-772774753-1000Core.job
[2012/07/31 20:52:49 | 001,078,847 | ---- | C] () -- C:\Users\VanderKamp\Desktop\Crane room use form
[2012/07/28 08:36:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/22 09:36:38 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2012/07/22 09:36:38 | 000,090,784 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/07/16 08:37:14 | 000,000,632 | RHS- | C] () -- C:\Users\VanderKamp\ntuser.pol
[2012/07/02 15:58:45 | 000,002,418 | ---- | C] () -- C:\Users\VanderKamp\wxDownloadFast.ini
[2012/06/25 11:17:33 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/06/21 22:44:00 | 000,033,758 | ---- | C] () -- C:\Users\VanderKamp\AppData\Local\dt.dat
[2012/03/19 18:28:31 | 000,211,944 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/03/15 12:28:35 | 000,000,125 | ---- | C] () -- C:\Windows\SysWow64\mp3codec32win.dll
[2012/02/15 12:35:26 | 000,000,935 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/13 08:37:04 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/02 19:11:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/02 18:31:32 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/17 11:36:57 | 000,003,584 | ---- | C] () -- C:\Users\VanderKamp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 14:30:22 | 000,003,146 | ---- | C] () -- C:\Windows\SysWow64\vsort.com
[2011/10/04 16:28:46 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/09/25 20:19:37 | 000,000,662 | ---- | C] () -- C:\Users\VanderKamp\AppData\Local\cookies.ini
[2011/05/10 21:12:45 | 000,776,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/25 10:30:04 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/04/22 08:55:13 | 000,007,593 | ---- | C] () -- C:\Users\VanderKamp\AppData\Local\Resmon.ResmonCfg
[2011/04/21 08:45:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/20 09:39:14 | 000,013,778 | ---- | C] () -- C:\Users\VanderKamp\AppData\Roaming\wklnhst.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0E1DD4C5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:587EB586
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 August 2012 - 03:09 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" File not found
    O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1006..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
    O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O16:64bit: - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://connect.urmc.rochester.edu/+CSCOL+/csvrloader64.cab (Reg Error: Key error.)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)
    O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://connect.urmc.rochester.edu/+CSCOL+/csvrloader32.cab (Reg Error: Key error.)
    O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (Reg Error: Key error.)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (Reg Error: Key error.)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0E1DD4C5
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:587EB586
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56E2E879
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:553CA6CA  
    PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
    SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE:64bit: - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE:64bit: - HKLM\..\SearchScopes\Zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = Zbani
    IE - HKLM\..\SearchScopes,DefaultScope = Zbani
    IE - HKLM\..\SearchScopes\{1E72803C-1887-FA99-1EFC-41E7D13A6682}: "URL" = http://home.zbani.com/en/get/{searchTerms}
    IE - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKLM\..\SearchScopes\zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3244149
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,Backup.Old.DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{532325A6-6950-4BAF-A431-7E2FD1742A41}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    FF - prefs.js..CT3244149.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="
    [2012/08/23 06:59:13 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
    [2012/08/23 06:59:52 | 000,000,927 | ---- | M] () -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\searchplugins\conduit.xml
    [2012/08/23 10:29:17 | 000,384,844 | ---- | M] () -- C:\Users\VanderKamp\AppData\Local\funmoods-speeddial.crx
    :Files
    C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajnfknjohjpcnogkjakalehloanpeb
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 August 2012 - 04:13 PM

.

Edited by bear4569, 26 August 2012 - 04:14 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 August 2012 - 04:29 PM

?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 August 2012 - 05:04 PM

sorry, I tried to run the fix, but it starts and not even a second later OTL become unresponsive.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 August 2012 - 05:37 PM

Hello bear

I have removed about half of the script so lets see if it will run now

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
    SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE:64bit: - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE:64bit: - HKLM\..\SearchScopes\Zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = Zbani
    IE - HKLM\..\SearchScopes,DefaultScope = Zbani
    IE - HKLM\..\SearchScopes\{1E72803C-1887-FA99-1EFC-41E7D13A6682}: "URL" = http://home.zbani.com/en/get/{searchTerms}
    IE - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKLM\..\SearchScopes\zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3244149
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,Backup.Old.DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{532325A6-6950-4BAF-A431-7E2FD1742A41}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959
    FF - prefs.js..CT3244149.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="
    [2012/08/23 06:59:13 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
    [2012/08/23 06:59:52 | 000,000,927 | ---- | M] () -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\searchplugins\conduit.xml
    [2012/08/23 10:29:17 | 000,384,844 | ---- | M] () -- C:\Users\VanderKamp\AppData\Local\funmoods-speeddial.crx
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 August 2012 - 06:12 PM

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1006..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2204444078-866163389-772774753-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: LastPass - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\VanderKamp\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://connect.urmc.rochester.edu/+CSCOL+/csvrloader64.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://connect.urmc.rochester.edu/+CSCOL+/csvrloader32.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\belarc - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0E1DD4C5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:587EB586> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56E2E879> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:553CA6CA > in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()> in the current context!
Error: Unable to interpret <SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\Zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = Zbani> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = Zbani> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{1E72803C-1887-FA99-1EFC-41E7D13A6682}: "URL" = http://home.zbani.com/en/get/{searchTerms}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{86015C17-E6DB-4DAD-814E-9A8CC682FD9E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\zbani: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3244149> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,Backup.Old.DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes,DefaultScope = {BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{532325A6-6950-4BAF-A431-7E2FD1742A41}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2204444078-866163389-772774753-1000\..\SearchScopes\{BC2CBE20-ED81-46C1-BF21-E5ED3C37E10F}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtCtDyCyB0C0CyC0BtCtAtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1167093959> in the current context!
Error: Unable to interpret <FF - prefs.js..CT3244149.browser.search.defaultthis.engineName: true> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="> in the current context!
Error: Unable to interpret <[2012/08/23 06:59:13 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}> in the current context!
Error: Unable to interpret <[2012/08/23 06:59:52 | 000,000,927 | ---- | M] () -- C:\Users\VanderKamp\AppData\Roaming\Mozilla\Firefox\Profiles\00i06upn.default-1343823523117\searchplugins\conduit.xml> in the current context!
Error: Unable to interpret <[2012/08/23 10:29:17 | 000,384,844 | ---- | M] () -- C:\Users\VanderKamp\AppData\Local\funmoods-speeddial.crx> in the current context!
========== FILES ==========
C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajnfknjohjpcnogkjakalehloanpeb\1.0_0 folder moved successfully.
C:\Users\VanderKamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajnfknjohjpcnogkjakalehloanpeb folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\VanderKamp\Desktop\cmd.bat deleted successfully.
C:\Users\VanderKamp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Caleb

User: Default

User: Default User

User: Public

User: Shawn

User: UpdatusUser

User: VanderKamp
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Caleb
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Shawn

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: VanderKamp
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08262012_191207

my computer didn't need to reboot or anything like that

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 August 2012 - 06:21 PM

Greetings

It looks like you may have left out :OTL when you went to run the script


I would like you to rerun it and make sure it starts with :OTL


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bear4569

bear4569
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 August 2012 - 08:06 AM

when trying to run the shortened script OTL still becomes unresponsive within 1 sec of hitting run fix. I have attached a word document that contains a screenshot of OTL when it becomes unresponsive.

Attached Files

  • Attached File  Doc1.doc   230.5KB   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users