Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Rootkit infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 explative removed

explative removed

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 25 May 2013 - 10:17 PM

Friend brought me a his laptop (Win7 Home Premium SP1)  infected with a variant of the FBI/DOJ Ransomware mess (didnt screen shot it but it didnt look like many of the screens I've seen here, but followed this guide). He tends to be one of those oblivious users click and downloads things with out reading and unless its in his face wont go digging. So there's probably more than just the FBI/DOJ and ZA Rootkit.

 

Got the PC operational again with EmisisoftEmergancyKit, noticed many random character directories that were locked with only system level access, IE crashed constantly,  Firewall & Defender were disabled and could not be re-enabled, task manager wouldnt start, Java couldnt update, and windows update was not applying either.

 

Ran MBAM and cleaned up what it found. Ran SuperAntiSpyWare and cleaned up what it found. Installed F-Prot and cleaned up temp files with TFC. Still couldnt remove the random character directories even with take ownership. Found a registry fix for Windows defender in the MS forums but didnt seem to work. Returned the PC to him with the advice that he was still wide open and to back up what he could since it probably needed to be flattened and clean installed.

 

Brought it back to me a week later with ransomware screen again. Once again got it functioning with EEK and preformed checks per this thead (Thanks Boroni!).  DDS got about 75/80% complete and then seemed to hang, let it run for 15 min. Then re-booted in safe mode and re-ran.

 

DDS Log -

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16576
Run by BAndrews at 23:09:37 on 2013-05-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2805 [GMT -4:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mWinlogon: Userinit = userinit.exe,
BHO: ZD Manager IE Plugin: {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BrowserHelper Class: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Shop to Win: {F9E44926-2497-46F3-8A25-928136AC079E} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
BHO: Fast Browser Search Toolbar Helper: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Fast Browser Search Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe"
mRun: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\BAndrews\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:2
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://remote.alexandriava.gov/,DanaInfo=SDOMMAILD1.alexgov.net+dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.alexandriava.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}\1464443547164796F6E6230363 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}\2556C69656660245275736B602620254E67696E65602 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}\2556C69656660254E67696E65602620245275736B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}\35455425C494E4746425 : DHCPNameServer = 4.2.2.3 4.2.2.2
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}\3547164796F6E602230373 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}\E457E697162696A7D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D6B44E0E-2889-4FB0-8385-FEE89C07BE63} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2011-10-6 84136]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-2-13 689464]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-20 70656]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-9-22 34872]
S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\BAndrews\Desktop\Virus Tools\EmsisoftEmergencyKit\Run\a2ddax64.sys [2013-5-16 26176]
S1 FPAV_RTP;FPAV_RTP;C:\Windows\System32\drivers\FPAV_RTP.sys [2013-5-16 842144]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FileOpenManagerSvc;FileOpenManagerSvc;C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [2011-3-9 331648]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-24 701512]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
S2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
S2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
S2 ZDManager Service;ZDManager Service;C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-12 176640]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 228408]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-28 140128]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-2 25928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" --> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-11 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-22 215040]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2013-05-26 02:59:42    --------    d-----w-    C:\8f8a71726fab8cc9a386e92079aa648d
2013-05-25 00:00:55    712264    ----a-w-    C:\Windows\isRS-000.tmp
2013-05-24 23:52:18    --------    d-----w-    C:\Users\BAndrews\AppData\Roaming\Malwarebytes
2013-05-24 10:58:20    --------    d-----w-    C:\1b633a48fdcf6bbc5e3e3ceb
2013-05-24 09:25:41    --------    d-----w-    C:\Users\BAndrews\AppData\Local\Western_Digital
2013-05-19 03:08:32    --------    d-----w-    C:\54cb771c7bb0d8ad4649e0d0c4
2013-05-17 00:40:25    --------    d-----w-    C:\31b6ee1040f921bfd2ef
2013-05-16 10:47:51    --------    d-----w-    C:\1bff931daf52a9879e850f07
2013-05-16 10:40:45    842144    ----a-w-    C:\Windows\System32\drivers\FPAV_RTP.sys
2013-05-16 10:40:44    --------    d-----w-    C:\ProgramData\FRISK Software
2013-05-16 10:40:44    --------    d-----w-    C:\Program Files (x86)\FRISK Software
2013-05-16 04:32:22    --------    d-----w-    C:\Program Files\Bonjour
2013-05-16 04:32:22    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-05-15 23:57:13    --------    d-----w-    C:\Users\BAndrews\AppData\Roaming\SUPERAntiSpyware.com
2013-05-15 23:34:05    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-05-15 23:34:05    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-05-15 22:33:01    278528    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-05-15 22:33:01    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-15 22:33:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-15 22:33:01    217600    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-05-15 22:33:00    701952    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2013-05-15 22:33:00    356352    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2013-05-15 22:33:00    257536    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-05-15 14:06:08    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:06:08    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:06:08    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 14:05:59    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 14:05:58    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 14:05:58    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 14:05:58    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 14:05:49    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:05:49    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 14:05:43    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-11 13:25:37    --------    d-----w-    C:\Program Files\CCleaner
2013-05-11 13:09:20    --------    d-----w-    C:\Users\BAndrews\AppData\Local\VS Revo Group
2013-05-11 13:09:15    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2013-05-11 13:09:15    --------    d-----w-    C:\ProgramData\VS Revo Group
2013-05-11 13:09:13    --------    d-----w-    C:\Program Files\VS Revo Group
2013-05-08 12:17:50    --------    d-----w-    C:\843777034882307d67729b6d11
2013-05-07 19:40:31    --------    d-----w-    C:\6126a293ee2739e94b30
2013-05-06 19:44:24    --------    d-----w-    C:\674851eb4073de41f22a1d2f52eee6b2
2013-05-06 11:06:07    --------    d-----w-    C:\03df0bce581528da0b85609c
2013-05-04 02:37:41    --------    d-----w-    C:\2b4807e49cb42a0c1aee1d4e
2013-05-01 19:06:48    --------    d-----w-    C:\90d53f7f94f628f375
2013-05-01 04:18:59    --------    d-----w-    C:\f3dd533d2364d7806d9d59b9
2013-04-27 15:06:15    --------    d-----w-    C:\dbd04076b2f8c16790e32f4c
2013-04-27 01:36:33    --------    d-----w-    C:\90ef8818528750d6a3
2013-04-26 16:39:33    --------    d-----w-    C:\bd885e45511f4b3db0573d32cdcd
2013-04-26 15:21:47    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 15:18:55    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:18:55    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-29 20:45:23    260    ----a-w-    C:\Windows\SysWow64\cmdVBS.vbs
2013-03-29 20:45:23    256    ----a-w-    C:\Windows\SysWow64\MSIevent.bat
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
.
============= FINISH: 23:11:31.39 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 26 May 2013 - 12:15 PM

Hello, and :welcome: to BleepingComputer! :)

The ZeroAccess infection can be fixed, but please read the following information first.


BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


We need to run a scan with Combofix:
  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    download.png
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. cf-icon.jpg
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    cf-preparing.jpg
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    recovery-console-prompt.jpg

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    cf-log.jpg
More information about downloading and using ComboFix can be found here if needed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 26 May 2013 - 03:10 PM

Thanks for the reply Elsie, based on what the user uses this computer for its going to be best to format and re-install.

 

Thanks for reviewing the logs and information.



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 26 May 2013 - 03:17 PM

That is indeed the safest way. Based a bit on whether or not they have backups of important data, you could opt to clean the machine first to be able to safely backup data.

 

Please let me know if you need any further assistance with this or with a reformat/reinstall.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 26 May 2013 - 03:45 PM

Clean backup is indeed a concnern. While I have gotten data backed up I want to make sure that I dont re-infect once I restore the data. I did notice that he does have a random character locked folder on his backup drive.

 

Will run combo fix per you instructions. Let me know what else I should do for cleanup before erasing it.


Edited by explative removed, 26 May 2013 - 03:45 PM.


#6 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 26 May 2013 - 07:32 PM

ComboFix 13-05-25.02 - BAndrews 05/26/2013  17:32:14.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2341 [GMT -4:00]
Running from: c:\users\BAndrews\Desktop\Virus Tools\ComboFix.exe
AV: F-PROT Antivirus for Windows *Enabled/Outdated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\ShopToWin.exe
c:\program files (x86)\Shop to Win\sqlite3.dll
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files (x86)\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files (x86)\Shop to Win\TestFeeds\MainStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\Shop to Win\unins000.exe
c:\users\BAndrews\Documents\~WRD2952.tmp
c:\users\BAndrews\Documents\~WRL0005.tmp
c:\users\BAndrews\Documents\~WRL0006.tmp
c:\users\BAndrews\Documents\~WRL0007.tmp
c:\users\BAndrews\Documents\~WRL0458.tmp
c:\users\BAndrews\Documents\~WRL1357.tmp
c:\users\BAndrews\Documents\ShopToWin
c:\users\Owner\AppData\Roaming\etrer.dll
c:\users\Owner\AppData\Roaming\hlescl.dll
c:\users\Owner\AppData\Roaming\kuipt.dll
c:\users\Owner\AppData\Roaming\magcb.dll
c:\users\Owner\AppData\Roaming\msrec.dll
c:\users\Owner\AppData\Roaming\pfipl.dll
c:\users\Owner\AppData\Roaming\qonast.dll
c:\users\Owner\AppData\Roaming\rthap.dll
c:\users\Owner\AppData\Roaming\spadsc.dll
c:\users\Owner\AppData\Roaming\usprt.dll
c:\users\Owner\AppData\Roaming\uxama.dll
c:\users\Owner\AppData\Roaming\wmswip.dll
c:\users\Owner\Documents\~WRD2952.tmp
c:\users\Owner\Documents\~WRL0005.tmp
c:\users\Owner\Documents\~WRL0006.tmp
c:\users\Owner\Documents\~WRL0007.tmp
c:\users\Owner\Documents\~WRL0458.tmp
c:\users\Owner\Documents\~WRL1357.tmp
c:\users\Owner\Documents\ShopToWin
c:\users\Public\Documents\~WRL0463.tmp
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\isRS-000.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-26 to 2013-05-26  )))))))))))))))))))))))))))))))
.
.
2013-05-26 21:55 . 2013-05-26 21:55    --------    d-----w-    c:\users\Owner\AppData\Local\temp
2013-05-26 21:55 . 2013-05-26 21:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-26 02:59 . 2013-05-26 02:59    --------    d-----w-    C:\8f8a71726fab8cc9a386e92079aa648d
2013-05-24 23:52 . 2013-05-24 23:52    --------    d-----w-    c:\users\BAndrews\AppData\Roaming\Malwarebytes
2013-05-24 10:58 . 2013-05-24 10:58    --------    d-----w-    C:\1b633a48fdcf6bbc5e3e3ceb
2013-05-24 09:25 . 2013-05-24 09:25    --------    d-----w-    c:\users\BAndrews\AppData\Local\Western_Digital
2013-05-19 03:08 . 2013-05-19 03:08    --------    d-----w-    C:\54cb771c7bb0d8ad4649e0d0c4
2013-05-17 00:40 . 2013-05-17 00:40    --------    d-----w-    C:\31b6ee1040f921bfd2ef
2013-05-16 10:47 . 2013-05-16 10:47    --------    d-----w-    C:\1bff931daf52a9879e850f07
2013-05-16 10:40 . 2011-11-11 14:24    842144    ----a-w-    c:\windows\system32\drivers\FPAV_RTP.sys
2013-05-16 10:40 . 2013-05-16 10:40    --------    d-----w-    c:\programdata\FRISK Software
2013-05-16 10:40 . 2013-05-16 10:40    --------    d-----w-    c:\program files (x86)\FRISK Software
2013-05-16 04:32 . 2013-05-16 04:32    --------    d-----w-    c:\program files\Bonjour
2013-05-16 04:32 . 2013-05-16 04:32    --------    d-----w-    c:\program files (x86)\Bonjour
2013-05-15 23:57 . 2013-05-15 23:57    --------    d-----w-    c:\users\BAndrews\AppData\Roaming\SUPERAntiSpyware.com
2013-05-15 23:34 . 2013-05-15 23:34    --------    d-----w-    c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2013-05-15 23:34 . 2013-05-16 01:15    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-05-15 23:34 . 2013-05-15 23:34    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-05-15 22:33 . 2013-04-05 06:51    278528    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-05-15 22:33 . 2013-04-05 06:50    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-05-15 22:33 . 2013-04-05 05:27    217600    ----a-w-    c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-05-15 22:33 . 2013-04-05 04:43    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-15 22:33 . 2013-04-05 04:29    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-15 22:33 . 2013-04-05 06:52    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-05-15 22:33 . 2013-04-05 06:50    356352    ----a-w-    c:\program files\Internet Explorer\IEShims.dll
2013-05-15 22:33 . 2013-04-05 06:50    701952    ----a-w-    c:\program files\Internet Explorer\ieproxy.dll
2013-05-15 22:33 . 2013-04-05 05:26    257536    ----a-w-    c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-05-15 14:06 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:06 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:06 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 14:06 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 14:05 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 14:05 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 14:05 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 14:05 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 14:05 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 14:05 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 14:05 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 14:05 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-11 13:25 . 2013-05-11 13:25    --------    d-----w-    c:\program files\CCleaner
2013-05-11 13:18 . 2013-05-11 13:18    --------    d-----w-    c:\users\BAndrews\AppData\Roaming\HPAppData
2013-05-11 13:09 . 2013-05-11 13:09    --------    d-----w-    c:\users\BAndrews\AppData\Local\VS Revo Group
2013-05-11 13:09 . 2013-05-11 13:09    --------    d-----w-    c:\programdata\VS Revo Group
2013-05-11 13:09 . 2009-12-30 15:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-05-11 13:09 . 2013-05-11 13:09    --------    d-----w-    c:\program files\VS Revo Group
2013-05-08 12:17 . 2013-05-08 12:17    --------    d-----w-    C:\843777034882307d67729b6d11
2013-05-07 19:40 . 2013-05-07 19:40    --------    d-----w-    C:\6126a293ee2739e94b30
2013-05-06 19:44 . 2013-05-06 19:44    --------    d-----w-    C:\674851eb4073de41f22a1d2f52eee6b2
2013-05-06 11:06 . 2013-05-06 11:06    --------    d-----w-    C:\03df0bce581528da0b85609c
2013-05-04 02:37 . 2013-05-04 02:37    --------    d-----w-    C:\2b4807e49cb42a0c1aee1d4e
2013-05-01 19:06 . 2013-05-01 19:06    --------    d-----w-    C:\90d53f7f94f628f375
2013-05-01 04:18 . 2013-05-01 04:19    --------    d-----w-    C:\f3dd533d2364d7806d9d59b9
2013-04-27 15:06 . 2013-04-27 15:06    --------    d-----w-    C:\dbd04076b2f8c16790e32f4c
2013-04-27 01:36 . 2013-04-27 01:36    --------    d-----w-    C:\90ef8818528750d6a3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:18 . 2012-05-09 03:07    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 15:18 . 2012-02-22 03:16    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-03 20:15 . 2009-11-03 01:21    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-01 18:29 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 14:06    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:06    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:06    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:06    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:06    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:06    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-26 15:21    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-02-02 18:56    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-29 20:45 . 2013-03-29 20:45    260    ----a-w-    c:\windows\SysWow64\cmdVBS.vbs
2013-03-29 20:45 . 2013-03-29 20:45    256    ----a-w-    c:\windows\SysWow64\MSIevent.bat
2013-03-21 14:08 . 2013-03-21 14:08    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-21 14:08 . 2013-03-21 14:08    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-21 14:08 . 2013-03-21 14:08    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-21 14:08 . 2013-03-21 14:08    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-21 14:08 . 2013-03-21 14:08    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-21 14:08 . 2013-03-21 14:08    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-21 14:08 . 2013-03-21 14:08    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-21 14:08 . 2013-03-21 14:08    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-21 14:08 . 2013-03-21 14:08    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-21 14:08 . 2013-03-21 14:08    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-21 14:08 . 2013-03-21 14:08    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-21 14:08 . 2013-03-21 14:08    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-21 14:08 . 2013-03-21 14:08    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-21 14:08 . 2013-03-21 14:08    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-21 14:08 . 2013-03-21 14:08    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-21 14:08 . 2013-03-21 14:08    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-21 14:08 . 2013-03-21 14:08    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-21 14:08 . 2013-03-21 14:08    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-21 14:08 . 2013-03-21 14:08    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-21 14:08 . 2013-03-21 14:08    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-21 14:08 . 2013-03-21 14:08    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-21 14:08 . 2013-03-21 14:08    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-21 14:08 . 2013-03-21 14:08    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-21 14:08 . 2013-03-21 14:08    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-21 14:08 . 2013-03-21 14:08    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-21 14:08 . 2013-03-21 14:08    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-21 14:08 . 2013-03-21 14:08    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-21 14:08 . 2013-03-21 14:08    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-21 14:08 . 2013-03-21 14:08    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-21 14:08 . 2013-03-21 14:08    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-21 14:08 . 2013-03-21 14:08    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-21 14:08 . 2013-03-21 14:08    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-21 14:08 . 2013-03-21 14:08    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-21 14:08 . 2013-03-21 14:08    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-21 14:08 . 2013-03-21 14:08    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-21 14:08 . 2013-03-21 14:08    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-21 14:08 . 2013-03-21 14:08    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-21 14:08 . 2013-03-21 14:08    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-21 14:08 . 2013-03-21 14:08    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-21 14:08 . 2013-03-21 14:08    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-21 14:08 . 2013-03-21 14:08    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-21 14:08 . 2013-03-21 14:08    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-21 14:08 . 2013-03-21 14:08    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-21 14:08 . 2013-03-21 14:08    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-21 14:08 . 2013-03-21 14:08    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-21 14:08 . 2013-03-21 14:08    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-21 14:08 . 2013-03-21 14:08    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-21 14:08 . 2013-03-21 14:08    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-21 14:08 . 2013-03-21 14:08    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 14:49    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:48    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:48    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:48    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:48    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:48    112640    ----a-w-    c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}]
2012-05-07 18:52    1960520    ----a-w-    c:\users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41    120104    ----a-w-    c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44    1400712    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E44926-2497-46F3-8A25-928136AC079E}]
2010-12-29 18:20    14432    ----a-w-    c:\program files (x86)\Shop to Win 20\Shop to Win 20.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-30 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"F-PROT Antivirus Tray application"="c:\program files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\BAndrews\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-9-21 118784]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 4d80b4;syshost.exe;c:\windows\system32\drivers\4d80b4.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-12 176640]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-10-17 22016]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-28 140128]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\BAndrews\Desktop\Virus Tools\EmsisoftEmergencyKit\Run\a2ddax64.sys [2013-05-16 26176]
S1 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FPAV_RTP.sys [2011-11-11 842144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-07 143088]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc64.exe [2011-03-09 331648]
S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2011-10-06 84136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 15:02    1642448    ----a-w-    c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 15:18]
.
2013-05-14 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-03 11:36]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-03 11:36]
.
2013-05-14 c:\windows\Tasks\HPCeeScheduleForBAndrews.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files (x86)\SGPSA\SearchAssistant.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-DisplaySwitch - c:\programdata\DisplaySwitch.exe
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-{AE502938-5BF1-4CEA-961D-0081B992C878}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-05-26  20:23:57 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-27 00:23
.
Pre-Run: 170,160,828,416 bytes free
Post-Run: 169,644,441,600 bytes free
.
- - End Of File - - D0F440CD5443D71851D7230AF8DFF744
 



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 27 May 2013 - 01:54 AM

Hello again, could you give me the name of the folder that has the random characters?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 27 May 2013 - 08:11 AM

Here's the logs. Didnt do anything with the AdwCleaner results yet. Let me know next steps. Thanks again for your assistance.

 

08:14:13.0238 3804  TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
08:14:13.0280 3804  ============================================================
08:14:13.0280 3804  Current date / time: 2013/05/27 08:14:13.0280
08:14:13.0280 3804  SystemInfo:
08:14:13.0280 3804  
08:14:13.0280 3804  OS Version: 6.1.7601 ServicePack: 1.0
08:14:13.0280 3804  Product type: Workstation
08:14:13.0280 3804  ComputerName: OWNER-PC
08:14:13.0280 3804  UserName: BAndrews
08:14:13.0280 3804  Windows directory: C:\Windows
08:14:13.0280 3804  System windows directory: C:\Windows
08:14:13.0280 3804  Running under WOW64
08:14:13.0280 3804  Processor architecture: Intel x64
08:14:13.0280 3804  Number of processors: 2
08:14:13.0280 3804  Page size: 0x1000
08:14:13.0280 3804  Boot type: Normal boot
08:14:13.0280 3804  ============================================================
08:14:17.0090 3804  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:14:17.0098 3804  Drive \Device\Harddisk1\DR2 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:14:17.0101 3804  ============================================================
08:14:17.0101 3804  \Device\Harddisk0\DR0:
08:14:17.0102 3804  MBR partitions:
08:14:17.0102 3804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:14:17.0102 3804  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2393A800
08:14:17.0102 3804  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2399E800, BlocksNum 0x1A5C000
08:14:17.0102 3804  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
08:14:17.0102 3804  \Device\Harddisk1\DR2:
08:14:17.0103 3804  MBR partitions:
08:14:17.0103 3804  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x1, BlocksNum 0x1D3022
08:14:17.0103 3804  ============================================================
08:14:17.0134 3804  C: <-> \Device\Harddisk0\DR0\Partition2
08:14:17.0177 3804  D: <-> \Device\Harddisk0\DR0\Partition3
08:14:17.0177 3804  ============================================================
08:14:17.0177 3804  Initialize success
08:14:17.0177 3804  ============================================================
08:14:21.0354 3436  ============================================================
08:14:21.0354 3436  Scan started
08:14:21.0354 3436  Mode: Manual;
08:14:21.0354 3436  ============================================================
08:18:06.0302 3436  ================ Scan system memory ========================
08:18:06.0302 3436  System memory - ok
08:18:06.0305 3436  ================ Scan services =============================
08:18:06.0644 3436  [ B7603B1B3A188C79DE7E087F11E324FB ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
08:18:06.0675 3436  !SASCORE - ok
08:18:07.0088 3436  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:18:07.0091 3436  1394ohci - ok
08:18:07.0116 3436  4d80b4 - ok
08:18:07.0272 3436  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA           C:\Users\BAndrews\Desktop\Virus Tools\EmsisoftEmergencyKit\Run\a2ddax64.sys
08:18:07.0273 3436  A2DDA - ok
08:18:07.0298 3436  [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
08:18:07.0299 3436  Accelerometer - ok
08:18:07.0381 3436  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:18:07.0383 3436  ACDaemon - ok
08:18:07.0432 3436  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:18:07.0435 3436  ACPI - ok
08:18:07.0612 3436  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:18:07.0613 3436  AcpiPmi - ok
08:18:07.0714 3436  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:18:07.0716 3436  AdobeARMservice - ok
08:18:07.0810 3436  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:18:07.0812 3436  AdobeFlashPlayerUpdateSvc - ok
08:18:07.0847 3436  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:18:07.0861 3436  adp94xx - ok
08:18:07.0895 3436  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:18:07.0900 3436  adpahci - ok
08:18:07.0922 3436  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:18:07.0925 3436  adpu320 - ok
08:18:07.0991 3436  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:18:07.0993 3436  AeLookupSvc - ok
08:18:08.0088 3436  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
08:18:08.0090 3436  AESTFilters - ok
08:18:08.0129 3436  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
08:18:08.0141 3436  AFD - ok
08:18:08.0175 3436  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
08:18:08.0176 3436  AgereModemAudio - ok
08:18:08.0216 3436  [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
08:18:08.0247 3436  AgereSoftModem - ok
08:18:08.0295 3436  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:18:08.0297 3436  agp440 - ok
08:18:08.0323 3436  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:18:08.0325 3436  ALG - ok
08:18:08.0423 3436  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:18:08.0424 3436  aliide - ok
08:18:08.0541 3436  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:18:08.0557 3436  AMD External Events Utility - ok
08:18:08.0589 3436  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:18:08.0590 3436  amdide - ok
08:18:08.0630 3436  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:18:08.0632 3436  AmdK8 - ok
08:18:08.0642 3436  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:18:08.0643 3436  AmdPPM - ok
08:18:08.0722 3436  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:18:08.0723 3436  amdsata - ok
08:18:08.0746 3436  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:18:08.0749 3436  amdsbs - ok
08:18:08.0762 3436  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:18:08.0764 3436  amdxata - ok
08:18:08.0797 3436  [ 05F1A0A81A98CF27E3F028213FB6C36A ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
08:18:08.0801 3436  ApfiltrService - ok
08:18:08.0838 3436  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
08:18:08.0840 3436  AppID - ok
08:18:08.0861 3436  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:18:08.0862 3436  AppIDSvc - ok
08:18:08.0904 3436  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
08:18:08.0906 3436  Appinfo - ok
08:18:08.0949 3436  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:18:08.0951 3436  Apple Mobile Device - ok
08:18:09.0029 3436  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:18:09.0031 3436  arc - ok
08:18:09.0051 3436  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:18:09.0052 3436  arcsas - ok
08:18:09.0075 3436  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:18:09.0076 3436  AsyncMac - ok
08:18:09.0110 3436  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
08:18:09.0111 3436  atapi - ok
08:18:09.0195 3436  [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
08:18:09.0265 3436  athr - ok
08:18:09.0306 3436  [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
08:18:09.0308 3436  AtiHdmiService - ok
08:18:09.0450 3436  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:18:09.0586 3436  atikmdag - ok
08:18:09.0596 3436  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
08:18:09.0597 3436  AtiPcie - ok
08:18:09.0652 3436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:18:09.0665 3436  AudioEndpointBuilder - ok
08:18:09.0683 3436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:18:09.0687 3436  AudioSrv - ok
08:18:09.0723 3436  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:18:09.0725 3436  AxInstSV - ok
08:18:09.0775 3436  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:18:09.0789 3436  b06bdrv - ok
08:18:09.0828 3436  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:18:09.0831 3436  b57nd60a - ok
08:18:09.0898 3436  [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:18:09.0901 3436  BBSvc - ok
08:18:09.0941 3436  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:18:09.0944 3436  BBUpdate - ok
08:18:09.0978 3436  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:18:09.0980 3436  BDESVC - ok
08:18:09.0990 3436  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:18:09.0991 3436  Beep - ok
08:18:10.0057 3436  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
08:18:10.0069 3436  BFE - ok
08:18:10.0138 3436  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
08:18:10.0164 3436  BITS - ok
08:18:10.0191 3436  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:18:10.0192 3436  blbdrive - ok
08:18:10.0270 3436  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:18:10.0275 3436  Bonjour Service - ok
08:18:10.0322 3436  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:18:10.0324 3436  bowser - ok
08:18:10.0347 3436  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:18:10.0348 3436  BrFiltLo - ok
08:18:10.0363 3436  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:18:10.0364 3436  BrFiltUp - ok
08:18:10.0422 3436  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
08:18:10.0424 3436  BridgeMP - ok
08:18:10.0459 3436  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
08:18:10.0461 3436  Browser - ok
08:18:10.0488 3436  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:18:10.0492 3436  Brserid - ok
08:18:10.0514 3436  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:18:10.0515 3436  BrSerWdm - ok
08:18:10.0530 3436  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:18:10.0531 3436  BrUsbMdm - ok
08:18:10.0547 3436  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:18:10.0548 3436  BrUsbSer - ok
08:18:10.0626 3436  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:18:10.0628 3436  BTHMODEM - ok
08:18:10.0655 3436  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:18:10.0656 3436  bthserv - ok
08:18:10.0670 3436  catchme - ok
08:18:10.0702 3436  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:18:10.0704 3436  cdfs - ok
08:18:10.0788 3436  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:18:10.0790 3436  cdrom - ok
08:18:10.0826 3436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:18:10.0828 3436  CertPropSvc - ok
08:18:10.0847 3436  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:18:10.0849 3436  circlass - ok
08:18:10.0897 3436  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:18:10.0902 3436  CLFS - ok
08:18:11.0074 3436  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:18:11.0082 3436  clr_optimization_v2.0.50727_32 - ok
08:18:11.0189 3436  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:18:11.0191 3436  clr_optimization_v2.0.50727_64 - ok
08:18:11.0301 3436  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:18:11.0302 3436  clr_optimization_v4.0.30319_32 - ok
08:18:11.0404 3436  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:18:11.0405 3436  clr_optimization_v4.0.30319_64 - ok
08:18:11.0435 3436  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:18:11.0436 3436  CmBatt - ok
08:18:11.0452 3436  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:18:11.0472 3436  cmdide - ok
08:18:12.0080 3436  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
08:18:12.0108 3436  CNG - ok
08:18:12.0408 3436  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:18:12.0413 3436  Com4QLBEx - ok
08:18:12.0448 3436  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:18:12.0449 3436  Compbatt - ok
08:18:12.0530 3436  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:18:12.0565 3436  CompositeBus - ok
08:18:12.0576 3436  COMSysApp - ok
08:18:12.0695 3436  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:18:12.0739 3436  crcdisk - ok
08:18:12.0778 3436  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:18:12.0781 3436  CryptSvc - ok
08:18:12.0804 3436  [ C3CECF0919BC03A0BAB3A3691F5F43BA ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
08:18:12.0805 3436  dc3d - ok
08:18:12.0849 3436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:18:12.0853 3436  DcomLaunch - ok
08:18:12.0882 3436  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:18:12.0886 3436  defragsvc - ok
08:18:12.0923 3436  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:18:12.0925 3436  DfsC - ok
08:18:12.0955 3436  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:18:12.0959 3436  Dhcp - ok
08:18:12.0980 3436  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:18:12.0982 3436  discache - ok
08:18:12.0988 3436  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:18:12.0989 3436  Disk - ok
08:18:13.0027 3436  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:18:13.0031 3436  Dnscache - ok
08:18:13.0074 3436  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:18:13.0078 3436  dot3svc - ok
08:18:13.0111 3436  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
08:18:13.0113 3436  Dot4 - ok
08:18:13.0147 3436  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:18:13.0148 3436  Dot4Print - ok
08:18:13.0221 3436  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
08:18:13.0236 3436  dot4usb - ok
08:18:13.0288 3436  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
08:18:13.0290 3436  DPS - ok
08:18:13.0303 3436  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:18:13.0304 3436  drmkaud - ok
08:18:13.0356 3436  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:18:13.0375 3436  DXGKrnl - ok
08:18:13.0478 3436  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:18:13.0503 3436  EapHost - ok
08:18:13.0770 3436  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:18:13.0835 3436  ebdrv - ok
08:18:13.0886 3436  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
08:18:13.0888 3436  EFS - ok
08:18:13.0983 3436  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:18:13.0999 3436  ehRecvr - ok
08:18:14.0026 3436  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:18:14.0028 3436  ehSched - ok
08:18:14.0064 3436  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:18:14.0071 3436  elxstor - ok
08:18:14.0097 3436  [ A9EC08727C64D985678F5B64C03823F0 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
08:18:14.0098 3436  enecir - ok
08:18:14.0628 3436  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:18:14.0629 3436  ErrDev - ok
08:18:15.0270 3436  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:18:15.0277 3436  EventSystem - ok
08:18:15.0323 3436  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:18:15.0328 3436  exfat - ok
08:18:15.0347 3436  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:18:15.0350 3436  fastfat - ok
08:18:15.0411 3436  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
08:18:15.0428 3436  Fax - ok
08:18:15.0453 3436  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:18:15.0455 3436  fdc - ok
08:18:15.0473 3436  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:18:15.0474 3436  fdPHost - ok
08:18:15.0487 3436  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:18:15.0489 3436  FDResPub - ok
08:18:15.0531 3436  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:18:15.0533 3436  FileInfo - ok
08:18:15.0627 3436  [ AD9D3401E1B0949DBC3E59871BC4422F ] FileOpenManagerSvc C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
08:18:15.0633 3436  FileOpenManagerSvc - ok
08:18:15.0658 3436  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:18:15.0659 3436  Filetrace - ok
08:18:15.0678 3436  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:18:15.0679 3436  flpydisk - ok
08:18:15.0719 3436  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:18:15.0724 3436  FltMgr - ok
08:18:15.0796 3436  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
08:18:15.0842 3436  FontCache - ok
08:18:15.0898 3436  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:18:15.0898 3436  FontCache3.0.0.0 - ok
08:18:15.0979 3436  [ 6F0D5420DF53205C2960E6C1C7FD6BA6 ] FPAVServer      C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
08:18:15.0981 3436  FPAVServer - ok
08:18:16.0056 3436  [ BC5C7C3D4834554491A941781E28495C ] FPAV_RTP        C:\Windows\system32\DRIVERS\FPAV_RTP.sys
08:18:16.0091 3436  FPAV_RTP - ok
08:18:16.0119 3436  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:18:16.0120 3436  FsDepends - ok
08:18:16.0157 3436  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:18:16.0158 3436  Fs_Rec - ok
08:18:16.0201 3436  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:18:16.0204 3436  fvevol - ok
08:18:16.0225 3436  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:18:16.0227 3436  gagp30kx - ok
08:18:16.0272 3436  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
08:18:16.0276 3436  GameConsoleService - ok
08:18:16.0338 3436  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:18:16.0339 3436  GEARAspiWDM - ok
08:18:16.0464 3436  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
08:18:16.0496 3436  gpsvc - ok
08:18:16.0623 3436  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:18:16.0625 3436  gupdate - ok
08:18:16.0663 3436  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:18:16.0665 3436  gupdatem - ok
08:18:16.0724 3436  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:18:16.0726 3436  gusvc - ok
08:18:16.0753 3436  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:18:16.0754 3436  hcw85cir - ok
08:18:16.0798 3436  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:18:16.0813 3436  HdAudAddService - ok
08:18:16.0849 3436  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:18:16.0851 3436  HDAudBus - ok
08:18:16.0866 3436  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:18:16.0867 3436  HidBatt - ok
08:18:16.0895 3436  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:18:16.0897 3436  HidBth - ok
08:18:16.0911 3436  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:18:16.0913 3436  HidIr - ok
08:18:16.0947 3436  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
08:18:16.0949 3436  hidserv - ok
08:18:16.0984 3436  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:18:16.0985 3436  HidUsb - ok
08:18:17.0021 3436  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:18:17.0024 3436  hkmsvc - ok
08:18:17.0064 3436  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:18:17.0067 3436  HomeGroupListener - ok
08:18:17.0099 3436  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:18:17.0101 3436  HomeGroupProvider - ok
08:18:17.0171 3436  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:18:17.0172 3436  HP Support Assistant Service - ok
08:18:17.0192 3436  [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
08:18:17.0193 3436  hpdskflt - ok
08:18:17.0201 3436  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:18:17.0202 3436  HpqKbFiltr - ok
08:18:17.0566 3436  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:18:17.0572 3436  hpqwmiex - ok
08:18:17.0607 3436  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:18:17.0609 3436  HpSAMD - ok
08:18:17.0656 3436  [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv           C:\Windows\system32\Hpservice.exe
08:18:17.0657 3436  hpsrv - ok
08:18:17.0708 3436  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:18:17.0721 3436  HTTP - ok
08:18:17.0770 3436  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:18:17.0771 3436  hwpolicy - ok
08:18:17.0807 3436  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:18:17.0810 3436  i8042prt - ok
08:18:17.0850 3436  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:18:17.0856 3436  iaStorV - ok
08:18:17.0912 3436  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:18:17.0927 3436  idsvc - ok
08:18:18.0357 3436  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:18:18.0519 3436  igfx - ok
08:18:18.0697 3436  [ 23E1BCADABE423C35C19BBDFF10CCE6D ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
08:18:18.0699 3436  IHA_MessageCenter - ok
08:18:18.0717 3436  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:18:18.0718 3436  iirsp - ok
08:18:18.0782 3436  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
08:18:18.0798 3436  IKEEXT - ok
08:18:18.0843 3436  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
08:18:18.0864 3436  intelide - ok
08:18:18.0929 3436  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:18:18.0950 3436  intelppm - ok
08:18:19.0039 3436  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:18:19.0042 3436  IPBusEnum - ok
08:18:19.0091 3436  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:18:19.0120 3436  IpFilterDriver - ok
08:18:19.0271 3436  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:18:19.0286 3436  iphlpsvc - ok
08:18:19.0381 3436  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:18:19.0542 3436  IPMIDRV - ok
08:18:19.0810 3436  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:18:19.0816 3436  IPNAT - ok
08:18:19.0876 3436  [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:18:19.0883 3436  iPod Service - ok
08:18:20.0021 3436  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:18:20.0044 3436  IRENUM - ok
08:18:20.0073 3436  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:18:20.0094 3436  isapnp - ok
08:18:20.0156 3436  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:18:20.0161 3436  iScsiPrt - ok
08:18:20.0227 3436  [ 02BD12C2EE52F0849A5D6F9A2FA67B4E ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
08:18:20.0229 3436  JMCR - ok
08:18:20.0292 3436  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:18:20.0311 3436  kbdclass - ok
08:18:20.0395 3436  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:18:20.0454 3436  kbdhid - ok
08:18:20.0485 3436  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
08:18:20.0486 3436  KeyIso - ok
08:18:20.0563 3436  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:18:20.0565 3436  KSecDD - ok
08:18:20.0614 3436  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:18:20.0617 3436  KSecPkg - ok
08:18:20.0630 3436  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:18:20.0632 3436  ksthunk - ok
08:18:20.0664 3436  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:18:20.0669 3436  KtmRm - ok
08:18:20.0719 3436  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:18:20.0723 3436  LanmanServer - ok
08:18:20.0781 3436  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:18:20.0835 3436  LanmanWorkstation - ok
08:18:21.0169 3436  [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
08:18:21.0339 3436  LeapFrog Connect Device Service - ok
08:18:21.0569 3436  [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:18:21.0572 3436  LightScribeService - ok
08:18:21.0599 3436  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:18:21.0600 3436  lltdio - ok
08:18:21.0632 3436  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:18:21.0637 3436  lltdsvc - ok
08:18:21.0682 3436  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:18:21.0683 3436  lmhosts - ok
08:18:21.0708 3436  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:18:21.0710 3436  LSI_FC - ok
08:18:21.0733 3436  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:18:21.0736 3436  LSI_SAS - ok
08:18:21.0753 3436  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:18:21.0755 3436  LSI_SAS2 - ok
08:18:21.0781 3436  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:18:21.0783 3436  LSI_SCSI - ok
08:18:21.0825 3436  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:18:21.0827 3436  luafv - ok
08:18:21.0836 3436  lxcr_device - ok
08:18:21.0901 3436  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
08:18:21.0902 3436  MBAMProtector - ok
08:18:21.0936 3436  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:18:21.0942 3436  MBAMScheduler - ok
08:18:21.0983 3436  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:18:21.0996 3436  MBAMService - ok
08:18:22.0004 3436  McComponentHostService - ok
08:18:22.0063 3436  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:18:22.0065 3436  Mcx2Svc - ok
08:18:22.0125 3436  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:18:22.0129 3436  MDM - ok
08:18:22.0162 3436  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:18:22.0163 3436  megasas - ok
08:18:22.0178 3436  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:18:22.0181 3436  MegaSR - ok
08:18:22.0221 3436  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:18:22.0223 3436  MMCSS - ok
08:18:22.0244 3436  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:18:22.0245 3436  Modem - ok
08:18:22.0255 3436  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:18:22.0256 3436  monitor - ok
08:18:22.0292 3436  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:18:22.0293 3436  mouclass - ok
08:18:22.0309 3436  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:18:22.0311 3436  mouhid - ok
08:18:22.0361 3436  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:18:22.0363 3436  mountmgr - ok
08:18:22.0410 3436  [ C4D8C3031C7CD5884CA856B15307E997 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
08:18:22.0413 3436  MpFilter - ok
08:18:22.0449 3436  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:18:22.0452 3436  mpio - ok
08:18:22.0471 3436  [ A768F58C55D3F303E686A7646348AEC3 ] MpNWMon         C:\Windows\system32\DRIVERS\MpNWMon.sys
08:18:22.0472 3436  MpNWMon - ok
08:18:22.0537 3436  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:18:22.0582 3436  mpsdrv - ok
08:18:22.0829 3436  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:18:22.0840 3436  MpsSvc - ok
08:18:22.0866 3436  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:18:22.0868 3436  MRxDAV - ok
08:18:22.0903 3436  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:18:22.0905 3436  mrxsmb - ok
08:18:22.0955 3436  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:18:22.0968 3436  mrxsmb10 - ok
08:18:23.0017 3436  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:18:23.0019 3436  mrxsmb20 - ok
08:18:23.0046 3436  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:18:23.0048 3436  msahci - ok
08:18:23.0082 3436  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:18:23.0085 3436  msdsm - ok
08:18:23.0097 3436  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:18:23.0100 3436  MSDTC - ok
08:18:23.0122 3436  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:18:23.0124 3436  Msfs - ok
08:18:23.0139 3436  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:18:23.0140 3436  mshidkmdf - ok
08:18:23.0175 3436  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:18:23.0176 3436  msisadrv - ok
08:18:23.0205 3436  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:18:23.0208 3436  MSiSCSI - ok
08:18:23.0214 3436  msiserver - ok
08:18:23.0240 3436  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:18:23.0241 3436  MSKSSRV - ok
08:18:23.0257 3436  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:18:23.0258 3436  MSPCLOCK - ok
08:18:23.0267 3436  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:18:23.0268 3436  MSPQM - ok
08:18:23.0316 3436  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:18:23.0328 3436  MsRPC - ok
08:18:23.0397 3436  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:18:23.0399 3436  mssmbios - ok
08:18:23.0543 3436  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:18:23.0626 3436  MSTEE - ok
08:18:23.0674 3436  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:18:23.0691 3436  MTConfig - ok
08:18:23.0724 3436  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:18:23.0726 3436  Mup - ok
08:18:23.0780 3436  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
08:18:23.0794 3436  napagent - ok
08:18:23.0824 3436  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:18:23.0829 3436  NativeWifiP - ok
08:18:23.0885 3436  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:18:23.0903 3436  NDIS - ok
08:18:23.0931 3436  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:18:23.0932 3436  NdisCap - ok
08:18:23.0944 3436  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:18:23.0945 3436  NdisTapi - ok
08:18:23.0982 3436  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:18:24.0007 3436  Ndisuio - ok
08:18:24.0070 3436  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:18:24.0073 3436  NdisWan - ok
08:18:24.0113 3436  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:18:24.0115 3436  NDProxy - ok
08:18:24.0137 3436  [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:18:24.0139 3436  Net Driver HPZ12 - ok
08:18:24.0171 3436  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:18:24.0173 3436  NetBIOS - ok
08:18:24.0220 3436  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:18:24.0224 3436  NetBT - ok
08:18:24.0262 3436  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
08:18:24.0263 3436  Netlogon - ok
08:18:24.0348 3436  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:18:24.0354 3436  Netman - ok
08:18:24.0421 3436  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:18:24.0426 3436  netprofm - ok
08:18:24.0457 3436  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:18:24.0459 3436  NetTcpPortSharing - ok
08:18:24.0617 3436  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
08:18:24.0719 3436  netw5v64 - ok
08:18:24.0742 3436  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:18:24.0744 3436  nfrd960 - ok
08:18:24.0757 3436  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:18:24.0762 3436  NlaSvc - ok
08:18:24.0798 3436  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:18:24.0800 3436  Npfs - ok
08:18:24.0834 3436  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:18:24.0836 3436  nsi - ok
08:18:24.0848 3436  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:18:24.0849 3436  nsiproxy - ok
08:18:25.0912 3436  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:18:26.0006 3436  Ntfs - ok
08:18:26.0149 3436  [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
08:18:26.0174 3436  NuidFltr - ok
08:18:26.0200 3436  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:18:26.0219 3436  Null - ok
08:18:26.0317 3436  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:18:26.0321 3436  nvraid - ok
08:18:26.0386 3436  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:18:26.0389 3436  nvstor - ok
08:18:26.0416 3436  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:18:26.0418 3436  nv_agp - ok
08:18:26.0482 3436  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:18:26.0488 3436  odserv - ok
08:18:26.0533 3436  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:18:26.0535 3436  ohci1394 - ok
08:18:26.0579 3436  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:18:26.0582 3436  ose - ok
08:18:26.0624 3436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:18:26.0629 3436  p2pimsvc - ok
08:18:26.0703 3436  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:18:26.0719 3436  p2psvc - ok
08:18:26.0748 3436  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:18:26.0750 3436  Parport - ok
08:18:26.0779 3436  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:18:26.0781 3436  partmgr - ok
08:18:26.0796 3436  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:18:26.0799 3436  PcaSvc - ok
08:18:26.0821 3436  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
08:18:26.0822 3436  pci - ok
08:18:26.0835 3436  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
08:18:26.0836 3436  pciide - ok
08:18:26.0862 3436  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:18:26.0865 3436  pcmcia - ok
08:18:26.0907 3436  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:18:26.0908 3436  pcw - ok
08:18:26.0948 3436  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:18:26.0962 3436  PEAUTH - ok
08:18:27.0064 3436  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:18:27.0066 3436  PerfHost - ok
08:18:27.0169 3436  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
08:18:27.0206 3436  pla - ok
08:18:27.0256 3436  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:18:27.0269 3436  PlugPlay - ok
08:18:27.0282 3436  [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:18:27.0284 3436  Pml Driver HPZ12 - ok
08:18:27.0306 3436  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:18:27.0308 3436  PNRPAutoReg - ok
08:18:27.0349 3436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:18:27.0353 3436  PNRPsvc - ok
08:18:27.0542 3436  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:18:27.0557 3436  PolicyAgent - ok
08:18:27.0594 3436  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:18:27.0598 3436  Power - ok
08:18:27.0635 3436  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:18:27.0638 3436  PptpMiniport - ok
08:18:27.0661 3436  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:18:27.0662 3436  Processor - ok
08:18:27.0701 3436  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:18:27.0705 3436  ProfSvc - ok
08:18:27.0716 3436  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:18:27.0718 3436  ProtectedStorage - ok
08:18:27.0761 3436  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:18:27.0763 3436  Psched - ok
08:18:27.0816 3436  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:18:27.0850 3436  ql2300 - ok
08:18:27.0874 3436  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:18:27.0876 3436  ql40xx - ok
08:18:27.0893 3436  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:18:27.0898 3436  QWAVE - ok
08:18:27.0921 3436  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:18:27.0922 3436  QWAVEdrv - ok
08:18:27.0934 3436  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:18:27.0936 3436  RasAcd - ok
08:18:27.0964 3436  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:18:27.0966 3436  RasAgileVpn - ok
08:18:27.0994 3436  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:18:27.0997 3436  RasAuto - ok
08:18:28.0032 3436  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:18:28.0034 3436  Rasl2tp - ok
08:18:28.0077 3436  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
08:18:28.0083 3436  RasMan - ok
08:18:28.0097 3436  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:18:28.0099 3436  RasPppoe - ok
08:18:28.0110 3436  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:18:28.0112 3436  RasSstp - ok
08:18:28.0153 3436  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:18:28.0157 3436  rdbss - ok
08:18:28.0177 3436  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:18:28.0178 3436  rdpbus - ok
08:18:28.0194 3436  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:18:28.0195 3436  RDPCDD - ok
08:18:28.0213 3436  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:18:28.0214 3436  RDPENCDD - ok
08:18:28.0239 3436  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:18:28.0240 3436  RDPREFMP - ok
08:18:28.0272 3436  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:18:28.0275 3436  RDPWD - ok
08:18:28.0309 3436  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:18:28.0312 3436  rdyboost - ok
08:18:28.0372 3436  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:18:28.0374 3436  RemoteAccess - ok
08:18:28.0389 3436  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:18:28.0393 3436  RemoteRegistry - ok
08:18:28.0451 3436  [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
08:18:28.0452 3436  Revoflt - ok
08:18:28.0506 3436  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
08:18:28.0509 3436  RichVideo - ok
08:18:28.0541 3436  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:18:28.0546 3436  RimUsb - ok
08:18:28.0567 3436  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:18:28.0569 3436  RpcEptMapper - ok
08:18:28.0601 3436  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:18:28.0603 3436  RpcLocator - ok
08:18:28.0650 3436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
08:18:28.0655 3436  RpcSs - ok
08:18:28.0683 3436  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:18:28.0685 3436  rspndr - ok
08:18:28.0713 3436  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:18:28.0717 3436  RTL8167 - ok
08:18:28.0731 3436  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
08:18:28.0732 3436  SamSs - ok
08:18:28.0795 3436  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:18:28.0796 3436  SASDIFSV - ok
08:18:28.0824 3436  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:18:28.0825 3436  SASKUTIL - ok
08:18:28.0861 3436  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:18:28.0863 3436  sbp2port - ok
08:18:28.0889 3436  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:18:28.0893 3436  SCardSvr - ok
08:18:28.0928 3436  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:18:28.0929 3436  scfilter - ok
08:18:28.0982 3436  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
08:18:29.0009 3436  Schedule - ok
08:18:29.0049 3436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:18:29.0050 3436  SCPolicySvc - ok
08:18:29.0090 3436  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
08:18:29.0092 3436  sdbus - ok
08:18:29.0130 3436  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:18:29.0133 3436  SDRSVC - ok
08:18:29.0150 3436  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:18:29.0152 3436  secdrv - ok
08:18:29.0183 3436  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
08:18:29.0185 3436  seclogon - ok
08:18:29.0222 3436  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
08:18:29.0224 3436  SENS - ok
08:18:29.0239 3436  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:18:29.0241 3436  SensrSvc - ok
08:18:29.0262 3436  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:18:29.0263 3436  Serenum - ok
08:18:29.0276 3436  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:18:29.0278 3436  Serial - ok
08:18:29.0296 3436  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:18:29.0297 3436  sermouse - ok
08:18:29.0648 3436  [ B041AAE7A14A0DB47583F9C866B8B2EA ] ServicepointService C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
08:18:29.0661 3436  ServicepointService - ok
08:18:29.0744 3436  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:18:29.0772 3436  SessionEnv - ok
08:18:29.0921 3436  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:18:29.0941 3436  sffdisk - ok
08:18:29.0962 3436  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:18:29.0986 3436  sffp_mmc - ok
08:18:30.0005 3436  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:18:30.0015 3436  sffp_sd - ok
08:18:30.0043 3436  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:18:30.0097 3436  sfloppy - ok
08:18:30.0521 3436  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:18:30.0546 3436  SharedAccess - ok
08:18:30.0638 3436  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:18:30.0651 3436  ShellHWDetection - ok
08:18:30.0674 3436  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:18:30.0694 3436  SiSRaid2 - ok
08:18:30.0760 3436  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:18:30.0779 3436  SiSRaid4 - ok
08:18:33.0706 3436  Skype C2C Service - ok
08:18:47.0835 3436  SkypeUpdate - ok
08:18:50.0815 3436  [ 5E6947EFA793D2D1304F468760FEF40B ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:19:09.0942 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 5E6947EFA793D2D1304F468760FEF40B, Fake md5: 548260A7B8654E024DC30BF8A7C5BAA4
08:19:09.0943 3436  Smb ( ForgedFile.Multi.Generic ) - warning
08:19:09.0943 3436  Smb - detected ForgedFile.Multi.Generic (1)
08:19:12.0440 3436  SNMPTRAP - ok
08:19:15.0086 3436  [ A5CCD9FCEA4837B7821DF4A7A8FA9AC5 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:19:15.0349 3436  Suspicious file (Forged): C:\Windows\system32\drivers\spldr.sys. Real md5: A5CCD9FCEA4837B7821DF4A7A8FA9AC5, Fake md5: B9E31E5CACDFE584F34F730A677803F9
08:19:15.0350 3436  spldr ( ForgedFile.Multi.Generic ) - warning
08:19:15.0350 3436  spldr - detected ForgedFile.Multi.Generic (1)
08:19:17.0989 3436  [ F9F18AB6CD212C1FD2B7CF9049D476A1 ] Spooler         C:\Windows\System32\spoolsv.exe
08:19:18.0153 3436  Suspicious file (Forged): C:\Windows\System32\spoolsv.exe. Real md5: F9F18AB6CD212C1FD2B7CF9049D476A1, Fake md5: 85DAA09A98C9286D4EA2BA8D0E644377
08:19:18.0157 3436  Spooler ( ForgedFile.Multi.Generic ) - warning
08:19:18.0157 3436  Spooler - detected ForgedFile.Multi.Generic (1)
08:19:20.0495 3436  sppsvc - ok
08:19:23.0241 3436  sppuinotify - ok
08:19:26.0253 3436  srv - ok
08:19:29.0116 3436  srv2 - ok
08:19:31.0806 3436  [ 2460124FCDC54EFFB495773D60C16EB6 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:19:32.0061 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\VSTAZL6.SYS. Real md5: 2460124FCDC54EFFB495773D60C16EB6, Fake md5: 0C4540311E11664B245A263E1154CEF8
08:19:32.0063 3436  SrvHsfHDA ( ForgedFile.Multi.Generic ) - warning
08:19:32.0063 3436  SrvHsfHDA - detected ForgedFile.Multi.Generic (1)
08:19:34.0923 3436  SrvHsfV92 - ok
08:19:34.0927 3436  SrvHsfWinac - ok
08:19:37.0729 3436  [ 1E517742239024F78839DAEE35CB395B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:19:43.0732 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\srvnet.sys. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 27E461F0BE5BFF5FC737328F749538C3
08:19:43.0733 3436  srvnet ( ForgedFile.Multi.Generic ) - warning
08:19:43.0734 3436  srvnet - detected ForgedFile.Multi.Generic (1)
08:19:46.0389 3436  SSDPSRV - ok
08:19:49.0418 3436  SstpSvc - ok
08:19:52.0314 3436  STacSV - ok
08:19:54.0994 3436  stexstor - ok
08:19:57.0978 3436  [ 2B126154D4954498C082E2CF128B49EC ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
08:19:58.0296 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\stwrt64.sys. Real md5: 2B126154D4954498C082E2CF128B49EC, Fake md5: DFFBC024DFC7BB05B2129E05CBC7A201
08:19:58.0300 3436  STHDA ( ForgedFile.Multi.Generic ) - warning
08:19:58.0300 3436  STHDA - detected ForgedFile.Multi.Generic (1)
08:20:06.0118 3436  [ 4072783B8EFB99A9E5817067D68F61C6 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
08:20:06.0360 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\serscan.sys. Real md5: 4072783B8EFB99A9E5817067D68F61C6, Fake md5: DECACB6921DED1A38642642685D77DAC
08:20:06.0360 3436  StillCam ( ForgedFile.Multi.Generic ) - warning
08:20:06.0361 3436  StillCam - detected ForgedFile.Multi.Generic (1)
08:20:08.0889 3436  stisvc - ok
08:20:11.0501 3436  [ 2508708A88CBB8186B3DF65A2B971B5C ] swenum          C:\Windows\system32\drivers\swenum.sys
08:20:11.0975 3436  Suspicious file (Forged): C:\Windows\system32\drivers\swenum.sys. Real md5: 2508708A88CBB8186B3DF65A2B971B5C, Fake md5: D01EC09B6711A5F8E7E6564A4D0FBC90
08:20:11.0975 3436  swenum ( ForgedFile.Multi.Generic ) - warning
08:20:11.0975 3436  swenum - detected ForgedFile.Multi.Generic (1)
08:20:14.0814 3436  swprv - ok
08:20:17.0447 3436  [ 411258D8A39220B4817EB2F55C4D8FEE ] SysMain         C:\Windows\system32\sysmain.dll
08:20:17.0665 3436  Suspicious file (Forged): C:\Windows\system32\sysmain.dll. Real md5: 411258D8A39220B4817EB2F55C4D8FEE, Fake md5: BF9CCC0BF39B418C8D0AE8B05CF95B7D
08:20:17.0671 3436  SysMain ( ForgedFile.Multi.Generic ) - warning
08:20:17.0671 3436  SysMain - detected ForgedFile.Multi.Generic (1)
08:20:20.0156 3436  TabletInputService - ok
08:20:22.0705 3436  [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:20:22.0995 3436  Suspicious file (Forged): C:\Windows\System32\tapisrv.dll. Real md5: 3A05225B4172D0FA20107BD503A84681, Fake md5: 40F0849F65D13EE87B9A9AE3C1DD6823
08:20:25.0825 3436  TapiSrv ( ForgedFile.Multi.Generic ) - warning
08:20:25.0825 3436  TapiSrv - detected ForgedFile.Multi.Generic (1)
08:20:28.0360 3436  TBS - ok
08:20:31.0279 3436  [ C7CE09C1A058F0654866D19049232316 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:20:31.0630 3436  Suspicious file (Forged): C:\Windows\system32\drivers\tcpip.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764A29C34A22899
08:20:31.0642 3436  Tcpip ( ForgedFile.Multi.Generic ) - warning
08:20:31.0643 3436  Tcpip - detected ForgedFile.Multi.Generic (1)
08:20:34.0175 3436  [ C7CE09C1A058F0654866D19049232316 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:20:34.0197 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764A29C34A22899
08:20:34.0202 3436  TCPIP6 ( ForgedFile.Multi.Generic ) - warning
08:20:34.0202 3436  TCPIP6 - detected ForgedFile.Multi.Generic (1)
08:20:36.0990 3436  [ 38DB21372EE1BFD22B95E3AFBA496147 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:20:37.0319 3436  Suspicious file (Forged): C:\Windows\system32\drivers\tcpipreg.sys. Real md5: 38DB21372EE1BFD22B95E3AFBA496147, Fake md5: 1B16D0BD9841794A6E0CDE0CEF744ABC
08:20:40.0205 3436  tcpipreg ( ForgedFile.Multi.Generic ) - warning
08:20:40.0205 3436  tcpipreg - detected ForgedFile.Multi.Generic (1)
08:20:42.0539 3436  TDPIPE - ok
08:20:45.0393 3436  [ 6FF3E30F82B9D7840369598FB3DDDE5E ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:20:45.0697 3436  Suspicious file (Forged): C:\Windows\system32\drivers\tdtcp.sys. Real md5: 6FF3E30F82B9D7840369598FB3DDDE5E, Fake md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
08:20:45.0698 3436  TDTCP ( ForgedFile.Multi.Generic ) - warning
08:20:45.0698 3436  TDTCP - detected ForgedFile.Multi.Generic (1)
08:20:48.0057 3436  [ 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:20:51.0343 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A, Fake md5: DDAD5A7AB24D8B65F8D724F5C20FD806
08:20:51.0344 3436  tdx ( ForgedFile.Multi.Generic ) - warning
08:20:51.0344 3436  tdx - detected ForgedFile.Multi.Generic (1)
08:20:54.0064 3436  TermDD - ok
08:20:59.0540 3436  [ 6EC25B77CCC50CFA1F762C0EF9285635 ] TermService     C:\Windows\System32\termsrv.dll
08:20:59.0816 3436  Suspicious file (Forged): C:\Windows\System32\termsrv.dll. Real md5: 6EC25B77CCC50CFA1F762C0EF9285635, Fake md5: 2E648163254233755035B46DD7B89123
08:20:59.0821 3436  TermService ( ForgedFile.Multi.Generic ) - warning
08:20:59.0822 3436  TermService - detected ForgedFile.Multi.Generic (1)
08:21:02.0368 3436  Themes - ok
08:21:05.0373 3436  [ 3DDA737308BEBF0409652D1B94C7CAC5 ] THREADORDER     C:\Windows\system32\mmcss.dll
08:21:05.0539 3436  Suspicious file (Forged): C:\Windows\system32\mmcss.dll. Real md5: 3DDA737308BEBF0409652D1B94C7CAC5, Fake md5: E40E80D0304A73E8D269F7141D77250B
08:21:08.0143 3436  THREADORDER ( ForgedFile.Multi.Generic ) - warning
08:21:08.0143 3436  THREADORDER - detected ForgedFile.Multi.Generic (1)
08:21:10.0689 3436  TrkWks - ok
08:21:13.0402 3436  TrustedInstaller - ok
08:21:21.0991 3436  [ 7C284EF430FF7B1CA33B7FE16EF525FA ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:21:22.0363 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\tssecsrv.sys. Real md5: 7C284EF430FF7B1CA33B7FE16EF525FA, Fake md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
08:21:22.0364 3436  tssecsrv ( ForgedFile.Multi.Generic ) - warning
08:21:22.0364 3436  tssecsrv - detected ForgedFile.Multi.Generic (1)
08:21:27.0449 3436  [ 3D41AEB931541ACC9BEB8F4DF8BF79ED ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:21:30.0320 3436  Suspicious file (Forged): C:\Windows\system32\drivers\tsusbflt.sys. Real md5: 3D41AEB931541ACC9BEB8F4DF8BF79ED, Fake md5: D11C783E3EF9A3C52C0EBE83CC5000E9
08:21:30.0321 3436  TsUsbFlt ( ForgedFile.Multi.Generic ) - warning
08:21:30.0321 3436  TsUsbFlt - detected ForgedFile.Multi.Generic (1)
08:21:32.0831 3436  tunnel - ok
08:21:35.0951 3436  uagp35 - ok
08:21:39.0055 3436  udfs - ok
08:21:41.0993 3436  UI0Detect - ok
08:21:42.0332 3436  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:21:45.0311 3436  uliagpkx - ok
08:21:47.0667 3436  umbus - ok
08:21:50.0363 3436  UmPass - ok
08:21:53.0213 3436  [ 015FD40C79EACFEA2A26BF80C3280749 ] upnphost        C:\Windows\System32\upnphost.dll
08:21:53.0220 3436  Suspicious file (Forged): C:\Windows\System32\upnphost.dll. Real md5: 015FD40C79EACFEA2A26BF80C3280749, Fake md5: D47EC6A8E81633DD18D2436B19BAF6DE
08:21:53.0223 3436  upnphost ( ForgedFile.Multi.Generic ) - warning
08:21:53.0223 3436  upnphost - detected ForgedFile.Multi.Generic (1)
08:21:56.0047 3436  [ E78E42A6624CC066F8F88BDD42C9F89F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:21:59.0124 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbccgp.sys. Real md5: E78E42A6624CC066F8F88BDD42C9F89F, Fake md5: 6F1A3157A1C89435352CEB543CDB359C
08:21:59.0125 3436  usbccgp ( ForgedFile.Multi.Generic ) - warning
08:21:59.0125 3436  usbccgp - detected ForgedFile.Multi.Generic (1)
08:22:01.0506 3436  usbcir - ok
08:22:04.0301 3436  usbehci - ok
08:22:07.0122 3436  [ 69565856EF0E177C23745A55B166785B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
08:22:13.0097 3436  Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbfilter.sys. Real md5: 69565856EF0E177C23745A55B166785B, Fake md5: 6648C6D7323A2CE0C4776C36CEFBCB14
08:22:13.0098 3436  usbfilter ( ForgedFile.Multi.Generic ) - warning
08:22:13.0098 3436  usbfilter - detected ForgedFile.Multi.Generic (1)
08:22:15.0610 3436  usbhub - ok
08:22:18.0230 3436  usbohci - ok
08:22:18.0533 3436  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:22:18.0535 3436  usbprint - ok
08:22:18.0986 3436  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:22:19.0020 3436  usbscan - ok
08:22:19.0036 3436  USBSTOR - ok
08:22:19.0056 3436  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:22:19.0073 3436  usbuhci - ok
08:22:19.0125 3436  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
08:22:19.0128 3436  usbvideo - ok
08:22:19.0196 3436  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:22:19.0198 3436  UxSms - ok
08:22:19.0213 3436  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
08:22:19.0214 3436  VaultSvc - ok
08:22:19.0223 3436  vdrvroot - ok
08:22:19.0269 3436  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
08:22:19.0281 3436  vds - ok
08:22:19.0320 3436  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:22:19.0321 3436  vga - ok
08:22:19.0332 3436  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:22:19.0334 3436  VgaSave - ok
08:22:19.0351 3436  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:22:19.0354 3436  vhdmp - ok
08:22:19.0382 3436  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:22:19.0384 3436  viaide - ok
08:22:19.0402 3436  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:22:19.0404 3436  volmgr - ok
08:22:19.0443 3436  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:22:19.0449 3436  volmgrx - ok
08:22:19.0473 3436  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:22:19.0477 3436  volsnap - ok
08:22:19.0505 3436  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:22:19.0508 3436  vsmraid - ok
08:22:19.0574 3436  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
08:22:19.0609 3436  VSS - ok
08:22:19.0626 3436  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:22:19.0628 3436  vwifibus - ok
08:22:19.0648 3436  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:22:19.0650 3436  vwififlt - ok
08:22:19.0667 3436  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:22:19.0669 3436  vwifimp - ok
08:22:19.0700 3436  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:22:19.0706 3436  W32Time - ok
08:22:19.0744 3436  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:22:19.0745 3436  WacomPen - ok
08:22:19.0762 3436  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:22:19.0764 3436  WANARP - ok
08:22:19.0769 3436  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:22:19.0770 3436  Wanarpv6 - ok
08:22:19.0840 3436  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:22:19.0869 3436  WatAdminSvc - ok
08:22:19.0936 3436  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
08:22:19.0968 3436  wbengine - ok
08:22:19.0985 3436  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:22:19.0989 3436  WbioSrvc - ok
08:22:20.0026 3436  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:22:20.0031 3436  wcncsvc - ok
08:22:20.0043 3436  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:22:20.0045 3436  WcsPlugInService - ok
08:22:20.0074 3436  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:22:20.0075 3436  Wd - ok
08:22:20.0106 3436  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
08:22:20.0107 3436  WDC_SAM - ok
08:22:20.0166 3436  [ E6050FE6B60FA91188B8ABDB5B1E339F ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
08:22:20.0169 3436  WDDMService - ok
08:22:20.0234 3436  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:22:20.0251 3436  Wdf01000 - ok
08:22:20.0347 3436  [ B83D5071B32A70BEBDB3330BFA7ACB80 ] WDFME           C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
08:22:20.0362 3436  WDFME - ok
08:22:20.0420 3436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:22:20.0423 3436  WdiServiceHost - ok
08:22:20.0428 3436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:22:20.0430 3436  WdiSystemHost - ok
08:22:20.0470 3436  [ 517DE2C5568CBA6B2A24A557AC60C30B ] WDSC            C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
08:22:20.0476 3436  WDSC - ok
08:22:20.0523 3436  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
08:22:20.0528 3436  WebClient - ok
08:22:20.0568 3436  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:22:20.0573 3436  Wecsvc - ok
08:22:20.0589 3436  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:22:20.0592 3436  wercplsupport - ok
08:22:20.0603 3436  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:22:20.0605 3436  WerSvc - ok
08:22:20.0625 3436  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:22:20.0627 3436  WfpLwf - ok
08:22:20.0664 3436  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:22:20.0665 3436  WIMMount - ok
08:22:20.0729 3436  WinDefend - ok
08:22:20.0752 3436  WinHttpAutoProxySvc - ok
08:22:20.0835 3436  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:22:20.0839 3436  Winmgmt - ok
08:22:20.0907 3436  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
08:22:20.0969 3436  WinRM - ok
08:22:21.0021 3436  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:22:21.0023 3436  WinUsb - ok
08:22:21.0086 3436  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:22:21.0112 3436  Wlansvc - ok
08:22:21.0294 3436  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:22:21.0338 3436  wlidsvc - ok
08:22:21.0382 3436  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:22:21.0382 3436  WmiAcpi - ok
08:22:21.0421 3436  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:22:21.0424 3436  wmiApSrv - ok
08:22:21.0444 3436  WMPNetworkSvc - ok
08:22:21.0476 3436  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:22:21.0478 3436  WPCSvc - ok
08:22:21.0515 3436  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:22:21.0518 3436  WPDBusEnum - ok
08:22:21.0550 3436  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:22:21.0551 3436  ws2ifsl - ok
08:22:21.0601 3436  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
08:22:21.0604 3436  wscsvc - ok
08:22:21.0629 3436  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
08:22:21.0630 3436  WSDPrintDevice - ok
08:22:21.0636 3436  WSearch - ok
08:22:21.0739 3436  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:22:21.0791 3436  wuauserv - ok
08:22:21.0833 3436  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:22:21.0835 3436  WudfPf - ok
08:22:21.0854 3436  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:22:21.0857 3436  WUDFRd - ok
08:22:21.0898 3436  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:22:21.0901 3436  wudfsvc - ok
08:22:21.0945 3436  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:22:21.0950 3436  WwanSvc - ok
08:22:21.0982 3436  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
08:22:21.0988 3436  yukonw7 - ok
08:22:22.0081 3436  [ 0D3E8197AA491BBB302A308452D4624A ] ZDManager Service C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
08:22:22.0084 3436  ZDManager Service - ok
08:22:22.0095 3436  ================ Scan global ===============================
08:22:22.0200 3436  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:22:22.0270 3436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:22:22.0287 3436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:22:22.0321 3436  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:22:22.0359 3436  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:22:22.0370 3436  [Global] - ok
08:22:22.0373 3436  ================ Scan MBR ==================================
08:22:22.0384 3436  [ 6487DB94871E90719426EF580AF6FED2 ] \Device\Harddisk0\DR0
08:22:22.0661 3436  \Device\Harddisk0\DR0 - ok
08:22:22.0667 3436  [ AE7B29958992A3F10962EB3EB9E7899E ] \Device\Harddisk1\DR2
08:22:22.0917 3436  \Device\Harddisk1\DR2 - ok
08:22:22.0918 3436  ================ Scan VBR ==================================
08:22:22.0961 3436  [ 5AF36B5C2D47200CDB905DB849766259 ] \Device\Harddisk0\DR0\Partition1
08:22:22.0963 3436  \Device\Harddisk0\DR0\Partition1 - ok
08:22:22.0973 3436  [ 3E0356A76997DB61F25108824CB805DD ] \Device\Harddisk0\DR0\Partition2
08:22:22.0975 3436  \Device\Harddisk0\DR0\Partition2 - ok
08:22:23.0000 3436  [ 94BC580719FB8AF72844EEDF9C610A30 ] \Device\Harddisk0\DR0\Partition3
08:22:23.0002 3436  \Device\Harddisk0\DR0\Partition3 - ok
08:22:23.0019 3436  [ 82F728B2E29C8AF48D449CA8D3A6E794 ] \Device\Harddisk0\DR0\Partition4
08:22:23.0020 3436  \Device\Harddisk0\DR0\Partition4 - ok
08:22:23.0025 3436  [ E06055F036FBEA66CA0FD84BD8AE66CC ] \Device\Harddisk1\DR2\Partition1
08:22:23.0027 3436  \Device\Harddisk1\DR2\Partition1 - ok
08:22:23.0028 3436  ============================================================
08:22:23.0028 3436  Scan finished
08:22:23.0028 3436  ============================================================
08:22:23.0043 4776  Detected object count: 22
08:22:23.0043 4776  Actual detected object count: 22
09:03:13.0418 4776  C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
09:03:13.0419 4776  Smb ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0434 4776  C:\Windows\system32\drivers\spldr.sys - copied to quarantine
09:03:13.0434 4776  spldr ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0476 4776  C:\Windows\System32\spoolsv.exe - copied to quarantine
09:03:13.0476 4776  Spooler ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0504 4776  C:\Windows\system32\DRIVERS\VSTAZL6.SYS - copied to quarantine
09:03:13.0505 4776  SrvHsfHDA ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0525 4776  C:\Windows\system32\DRIVERS\srvnet.sys - copied to quarantine
09:03:13.0526 4776  srvnet ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0560 4776  C:\Windows\system32\DRIVERS\stwrt64.sys - copied to quarantine
09:03:13.0560 4776  STHDA ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0579 4776  C:\Windows\system32\DRIVERS\serscan.sys - copied to quarantine
09:03:13.0579 4776  StillCam ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0593 4776  C:\Windows\system32\drivers\swenum.sys - copied to quarantine
09:03:13.0593 4776  swenum ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0704 4776  C:\Windows\system32\sysmain.dll - copied to quarantine
09:03:13.0705 4776  SysMain ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0731 4776  C:\Windows\System32\tapisrv.dll - copied to quarantine
09:03:13.0732 4776  TapiSrv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0831 4776  C:\Windows\system32\drivers\tcpip.sys - copied to quarantine
09:03:13.0832 4776  Tcpip ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0887 4776  C:\Windows\system32\DRIVERS\tcpip.sys - copied to quarantine
09:03:13.0888 4776  TCPIP6 ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0917 4776  C:\Windows\system32\drivers\tcpipreg.sys - copied to quarantine
09:03:13.0917 4776  tcpipreg ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0949 4776  C:\Windows\system32\drivers\tdtcp.sys - copied to quarantine
09:03:13.0949 4776  TDTCP ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:13.0962 4776  C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
09:03:13.0962 4776  tdx ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0019 4776  C:\Windows\System32\termsrv.dll - copied to quarantine
09:03:14.0019 4776  TermService ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0035 4776  C:\Windows\system32\mmcss.dll - copied to quarantine
09:03:14.0035 4776  THREADORDER ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0061 4776  C:\Windows\system32\DRIVERS\tssecsrv.sys - copied to quarantine
09:03:14.0061 4776  tssecsrv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0088 4776  C:\Windows\system32\drivers\tsusbflt.sys - copied to quarantine
09:03:14.0088 4776  TsUsbFlt ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0117 4776  C:\Windows\System32\upnphost.dll - copied to quarantine
09:03:14.0117 4776  upnphost ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0135 4776  C:\Windows\system32\DRIVERS\usbccgp.sys - copied to quarantine
09:03:14.0135 4776  usbccgp ( ForgedFile.Multi.Generic ) - User select action: Quarantine
09:03:14.0142 4776  C:\Windows\system32\DRIVERS\usbfilter.sys - copied to quarantine
09:03:14.0142 4776  usbfilter ( ForgedFile.Multi.Generic ) - User select action: Quarantine
 

# AdwCleaner v2.301 - Logfile created 05/27/2013 at 09:07:26
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : BAndrews - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\BAndrews\Desktop\Virus Tools\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Qwiklinx
Folder Found : C:\Program Files (x86)\Shop to Win 20
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\BAndrews\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\BAndrews\AppData\LocalLow\FCSB000063941
Folder Found : C:\Users\BAndrews\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 20
Folder Found : C:\Users\Owner\AppData\Roaming\Qwiklinx
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\FCSB000063941.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCSB000063941.JSOptionsImpl.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B1BCB34F-5DC6-43B4-94B5-DFF4F02E2AF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE502938-5BF1-4CEA-961D-0081B992C878}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKU\S-1-5-21-3553462148-278437658-4203659352-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [10956 octets] - [27/05/2013 09:07:26]

########## EOF - C:\AdwCleaner[R1].txt - [11017 octets] ##########
 



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 27 May 2013 - 08:34 AM

Please let me know if you rebooted the computer yet. If not, please don't do so, just post back here.

If you did, let me know if you could reboot normally; a fair amount of files were detected and quarantined and although, based on the md5 they weren't outright malicious, the fact that they were quarantined could cause potential issues.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 27 May 2013 - 09:42 AM

Unfortunately, it seems to have powered off when I closed the lid after the last scan.

 

Seems to be able to boot no problem.


Edited by explative removed, 27 May 2013 - 09:46 AM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 27 May 2013 - 10:06 AM

Okay, thats good news at least. :) Please rerun Adwcleaner and now select the delete option. After you do this, please run the following scan:


Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 27 May 2013 - 10:43 AM

OTL Run, leaving laptop open this time :wink:

 

OTL logfile created on: 5/27/2013 11:17:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 59.27% Memory free
7.49 Gb Paging File | 5.66 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 158.10 Gb Free Space | 55.55% Space Free | Partition Type: NTFS
Drive D: | 13.18 Gb Total Space | 2.16 Gb Free Space | 16.38% Space Free | Partition Type: NTFS
Drive G: | 932.18 Mb Total Space | 536.59 Mb Free Space | 57.56% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: BAndrews | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/27 11:09:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 23:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 10:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/12/12 12:09:12 | 000,176,640 | ---- | M] () -- C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/10/06 12:24:52 | 000,084,136 | ---- | M] (FRISK Software International) -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/09 12:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/03 16:40:36 | 001,674,016 | ---- | M] (FRISK Software International) -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 10:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 14:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/26 17:37:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/05/26 17:37:25 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013/05/26 17:37:24 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/26 17:37:10 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/26 17:36:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/26 17:36:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/05/26 17:35:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/05/26 17:34:57 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/05/26 17:34:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/26 17:34:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/05/26 17:34:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/05/26 17:34:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/26 17:34:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/05/26 17:34:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/29 05:46:09 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Verizon\VSP\Windows7Features.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/23 17:15:56 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/02/23 17:15:56 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/02/23 17:15:56 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/02/23 17:15:56 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/02/23 17:15:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/02/23 17:15:55 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/02/23 17:15:55 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/02/23 17:15:55 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/02/23 17:15:55 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/02/23 17:15:55 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/02/23 17:15:54 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/02/23 17:15:54 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/02/23 17:15:53 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/02/23 17:15:53 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/02/23 17:15:52 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/02/23 17:15:52 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/02/23 17:15:52 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/02/23 17:15:52 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/02/23 17:15:52 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/02/23 17:15:51 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/02/23 17:15:51 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/02/23 17:15:51 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/02/23 17:15:50 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/02/23 17:15:50 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/02/23 17:15:50 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/02/23 17:15:50 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/02/23 17:15:50 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/02/23 17:15:50 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/02/23 17:15:50 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/02/23 17:15:50 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/02/23 17:15:50 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/02/23 17:15:49 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/02/23 17:15:49 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/02/23 17:15:49 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/07/23 14:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2005/07/30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll
MOD - [2004/06/21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/07 18:37:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/03/09 12:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/07/16 16:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2006/02/02 23:51:56 | 000,465,408 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2013/05/15 11:18:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/12 12:09:12 | 000,176,640 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe -- (ZDManager Service)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/10/06 12:24:52 | 000,084,136 | ---- | M] (FRISK Software International) [Auto | Running] -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -- (FPAVServer)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/09 18:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV - [2011/03/09 12:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 12:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/11 10:24:56 | 000,842,144 | ---- | M] (FRISK Software International) [File_System | System | Running] -- C:\Windows\SysNative\drivers\FPAV_RTP.sys -- (FPAV_RTP)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 13:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/16 16:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 16:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/03/23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/28 02:34:25 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/10/17 08:25:54 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/07/28 17:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/05/16 02:36:00 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Users\BAndrews\Desktop\Virus Tools\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{26D0B1F1-F5C7-4908-94A4-6C9F2C247C45}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{26D0B1F1-F5C7-4908-94A4-6C9F2C247C45}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..\SearchScopes\{83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF
IE - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\BAndrews\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/16 11:31:40 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013/05/26 19:46:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O2 - BHO: (ZD Manager IE Plugin) - {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll (ZD Systems)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - Startup: C:\Users\BAndrews\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..Trusted Domains: verizon.net ([activate] https in Trusted sites)
O15 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..Trusted Domains: verizon.net ([activatemydsl] https in Trusted sites)
O15 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..Trusted Domains: verizon.net ([activatemyfios] https in Trusted sites)
O15 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..Trusted Domains: verizon.net ([activatemyhsi] https in Trusted sites)
O15 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..Trusted Domains: verizon.net ([activatemywifi] https in Trusted sites)
O15 - HKU\S-1-5-21-3553462148-278437658-4203659352-1004\..Trusted Domains: verizon.net ([wbadownload] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://remote.alexandriava.gov/,DanaInfo=SDOMMAILD1.alexgov.net+dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.alexandriava.gov/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04A9E55A-33F9-4B79-BC5C-C2FC4BECEDBA}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6B44E0E-2889-4FB0-8385-FEE89C07BE63}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/27 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/05/27 09:03:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/26 19:46:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/26 17:24:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/26 17:24:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/26 17:24:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/26 17:11:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/26 16:54:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/25 22:59:42 | 000,000,000 | ---D | C] -- C:\8f8a71726fab8cc9a386e92079aa648d
[2013/05/24 19:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/24 19:52:18 | 000,000,000 | ---D | C] -- C:\Users\BAndrews\AppData\Roaming\Malwarebytes
[2013/05/24 06:58:20 | 000,000,000 | ---D | C] -- C:\1b633a48fdcf6bbc5e3e3ceb
[2013/05/24 05:25:41 | 000,000,000 | ---D | C] -- C:\Users\BAndrews\AppData\Local\Western_Digital
[2013/05/18 23:08:32 | 000,000,000 | ---D | C] -- C:\54cb771c7bb0d8ad4649e0d0c4
[2013/05/16 20:40:25 | 000,000,000 | ---D | C] -- C:\31b6ee1040f921bfd2ef
[2013/05/16 06:47:51 | 000,000,000 | ---D | C] -- C:\1bff931daf52a9879e850f07
[2013/05/16 06:40:45 | 000,842,144 | ---- | C] (FRISK Software International) -- C:\Windows\SysNative\drivers\FPAV_RTP.sys
[2013/05/16 06:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FRISK Software
[2013/05/16 06:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRISK Software
[2013/05/16 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/05/16 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/05/15 20:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/05/15 19:57:13 | 000,000,000 | ---D | C] -- C:\Users\BAndrews\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/15 19:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/05/15 19:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/05/15 19:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/15 18:33:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/15 18:33:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 18:33:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/15 18:32:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/15 18:32:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/15 18:32:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 18:32:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/15 18:32:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 18:32:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/15 18:32:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 18:32:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/15 18:32:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 18:32:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/15 18:32:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 18:32:56 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/15 10:06:08 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 10:06:08 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 10:05:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 10:05:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 10:05:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 10:05:58 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 10:05:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/11 09:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/11 09:18:36 | 000,000,000 | ---D | C] -- C:\Users\BAndrews\AppData\Roaming\HPAppData
[2013/05/11 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\BAndrews\AppData\Local\VS Revo Group
[2013/05/11 09:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/05/11 09:09:15 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/05/11 09:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/05/11 09:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/05/08 08:17:50 | 000,000,000 | ---D | C] -- C:\843777034882307d67729b6d11
[2013/05/07 15:40:31 | 000,000,000 | ---D | C] -- C:\6126a293ee2739e94b30
[2013/05/06 15:44:24 | 000,000,000 | ---D | C] -- C:\674851eb4073de41f22a1d2f52eee6b2
[2013/05/06 07:06:07 | 000,000,000 | ---D | C] -- C:\03df0bce581528da0b85609c
[2013/05/03 22:37:41 | 000,000,000 | ---D | C] -- C:\2b4807e49cb42a0c1aee1d4e
[2013/05/01 15:06:48 | 000,000,000 | ---D | C] -- C:\90d53f7f94f628f375
[2013/05/01 00:18:59 | 000,000,000 | ---D | C] -- C:\f3dd533d2364d7806d9d59b9
[2013/01/23 19:00:24 | 011,568,608 | ---- | C] (ImageTrend) -- C:\Users\BAndrews\FieldBridgeUpdateApp.exe
[2013/01/23 19:00:24 | 000,277,816 | ---- | C] (Autodesk, Inc.) -- C:\Users\BAndrews\AutodeskDesignRevSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/27 11:19:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 11:19:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 11:18:23 | 004,168,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 11:18:23 | 001,342,380 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/27 11:18:23 | 000,005,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 11:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/27 11:12:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/27 11:11:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 11:11:00 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/27 11:07:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 19:46:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/24 06:41:46 | 000,000,105 | ---- | M] () -- C:\Users\BAndrews\AppData\Local\ZDManager.ini
[2013/05/24 06:37:50 | 000,002,093 | ---- | M] () -- C:\Users\BAndrews\Desktop\HijackThis.lnk
[2013/05/16 06:40:46 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\F-PROT Antivirus for Windows.lnk
[2013/05/16 00:33:02 | 000,002,515 | ---- | M] () -- C:\Users\BAndrews\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/05/16 00:33:02 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/05/15 21:18:23 | 530,803,835 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/15 19:31:18 | 000,443,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 11:18:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 11:18:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 16:02:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2013/05/14 07:23:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBAndrews.job
[2013/05/11 09:07:41 | 000,641,528 | ---- | M] () -- C:\Windows\hpoins52.dat.temp
[2013/05/03 22:04:44 | 000,595,353 | ---- | M] () -- C:\Users\BAndrews\Desktop\MCSU_Field_Operating_Guide.pdf
[2013/05/03 21:44:52 | 003,178,087 | ---- | M] () -- C:\Users\BAndrews\Desktop\20130503_124434.jpg
[2013/05/01 14:36:56 | 001,353,818 | ---- | M] () -- C:\Users\BAndrews\Desktop\Directions to assembly area.pdf
 
========== Files Created - No Company Name ==========
 
[2013/05/26 17:24:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/26 17:24:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/26 17:24:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/26 17:24:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/26 17:24:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/24 06:37:50 | 000,002,093 | ---- | C] () -- C:\Users\BAndrews\Desktop\HijackThis.lnk
[2013/05/16 06:40:46 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-PROT Antivirus for Windows.lnk
[2013/05/16 06:40:46 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\F-PROT Antivirus for Windows.lnk
[2013/05/16 00:33:02 | 000,002,515 | ---- | C] () -- C:\Users\BAndrews\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/05/16 00:33:02 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/05/15 13:57:25 | 530,803,835 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/12 22:04:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBAndrews.job
[2013/05/03 22:04:57 | 000,595,353 | ---- | C] () -- C:\Users\BAndrews\Desktop\MCSU_Field_Operating_Guide.pdf
[2013/05/03 21:44:51 | 003,178,087 | ---- | C] () -- C:\Users\BAndrews\Desktop\20130503_124434.jpg
[2013/05/01 14:36:56 | 001,353,818 | ---- | C] () -- C:\Users\BAndrews\Desktop\Directions to assembly area.pdf
[2013/04/20 11:41:15 | 000,000,036 | ---- | C] () -- C:\Users\BAndrews\AppData\Local\housecall.guid.cache
[2013/02/03 01:06:32 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/03 01:06:10 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/01/26 15:51:39 | 000,000,105 | ---- | C] () -- C:\Users\BAndrews\AppData\Local\ZDManager.ini
[2012/12/23 22:38:42 | 000,003,788 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/08/25 16:38:04 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/08/23 20:42:13 | 000,005,184 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/27 09:25:46 | 000,641,528 | ---- | C] () -- C:\Windows\hpoins52.dat.temp
[2011/06/27 09:25:46 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2010/02/16 15:08:20 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
========== ZeroAccess Check ==========
 
[2011/11/17 02:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2013/01/18 18:49:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2012/08/22 19:33:07 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{4b7d9d11-178e-94e5-ba3a-439a1dabea76}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

OTL Extras logfile created on: 5/27/2013 11:17:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 59.27% Memory free
7.49 Gb Paging File | 5.66 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 158.10 Gb Free Space | 55.55% Space Free | Partition Type: NTFS
Drive D: | 13.18 Gb Total Space | 2.16 Gb Free Space | 16.38% Space Free | Partition Type: NTFS
Drive G: | 932.18 Mb Total Space | 536.59 Mb Free Space | 57.56% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: BAndrews | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0B7FB37E-8EF9-4AF3-8009-1ED580D2DB19}," = lport=3389 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{724FEF7A-C04F-4658-A3CC-80DA9BC71767}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{5C9A7A31-28A6-328A-755D-20C20CFCF19E}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6344718C-AE30-4C86-B5CD-459077A83623}" = Microsoft SQL Server Native Client
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}" = FileOpen Client (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E1BCA059-1F06-65C0-3229-58337BE5E373}" = ATI Catalyst Install Manager
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Lexmark 2400 Series" = Lexmark 2400 Series
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F818B2F-71D2-4BBA-C600-6228F8A21712}" = CCC Help Czech
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24A71701-4BFD-4228-97B3-7D739195EC67}" = Walmart Digital Photo Manager
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 30
"{26A68CA9-8ADD-3E53-5973-1C23FC0936C3}" = CCC Help Thai
"{2CF8CFD2-DA5F-468C-2043-16C3B1170DA9}" = CCC Help Danish
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D28B738-83D4-9894-D619-19EDC1F080C5}" = CCC Help Korean
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{30B9B6B6-C0D9-D74E-44CF-D47A96C04CCF}" = Catalyst Control Center InstallProxy
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{39240F03-83C8-A541-C457-D1DBE6BB3858}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45E5D641-3C82-4F95-92FB-AE5459DF2988}" = HP User Guides 0146
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3A1757-F8B2-4557-3E7A-67563101C38E}" = Catalyst Control Center Graphics Light
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{597D97B0-8AFE-7905-7C86-54DF80C82B26}" = CCC Help Greek
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62372BA1-A471-40A4-17E0-A479124D0EA1}" = CCC Help Polish
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64F1803E-02DF-4A28-86E9-1FC1FA55E140}" = CGAP
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6774822B-8634-8FED-0E80-DFB78BE1EE3F}" = CCC Help Italian
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C383C07-B2B4-3FC7-CEB3-635A84939913}" = Catalyst Control Center Graphics Full Existing
"{6C5531D6-6A70-768F-8703-3CBB0211067C}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E2E71-A477-9B57-4802-B43B3F09B67F}" = CCC Help Portuguese
"{72A2B930-FF3D-34C2-ABFF-F5CBB4707884}" = Catalyst Control Center Core Implementation
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A59E55-279B-1B34-3A15-D28DAD5F07B0}" = CCC Help Chinese Standard
"{816CF5ED-BC9C-1229-87D9-D094A26A0C86}" = ccc-core-static
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{828F560B-AE76-F597-F585-6E7D7A4C865B}" = CCC Help Turkish
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{83E48510-72B5-87F9-1AB9-5D097C82DB78}" = CCC Help French
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877E9CD5-6979-69FA-CB7D-289170D55A55}" = Catalyst Control Center Graphics Previews Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90898EBA-17D8-B5CD-C023-D3A112F08F9F}" = CCC Help Russian
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{97295AED-5821-803E-A511-F0B7FE07474C}" = Catalyst Control Center Graphics Previews Vista
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B74E03F-D9B5-4BF5-9AE5-D85D21F86EE4}" = ImageTrend EMS Field Bridge 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2B086E-EE0F-9E3D-2222-B1C084542CB9}" = CCC Help Hungarian
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A70BB436-137E-5119-8216-978E88E06770}" = CCC Help Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF9E02B-CAA3-359C-33F3-6855392F3EC1}" = CCC Help Spanish
"{AC76BA86-1033-0000-BA7E-000000000005}" = Adobe Acrobat X Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B124E3EA-59C5-462B-98EF-374099EA7A61}" = LeapFrog LeapPad Explorer Plugin
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B603ABBC-8340-3752-CBFF-05A571D0B5A8}" = CCC Help Finnish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B944FF67-C006-3BCD-2DFC-74F096B0EBBA}" = CCC Help English
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6129910-0223-6C6C-AE2E-668F780EE0D3}" = Catalyst Control Center Graphics Full New
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C81F4CBC-7E13-B903-0361-F1C842A1C521}" = CCC Help Chinese Traditional
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{D0C17D81-D40D-4C23-B8FA-95E817D0B7BE}" = F-PROT Antivirus for Windows x64
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FA386107-815F-6BFB-4587-FF8F0A543788}" = CCC Help Japanese
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD0282E9-06E0-754F-7A10-78423BD748B3}" = Catalyst Control Center Localization All
"{FF1D836C-0E43-2CF4-2350-4B37A72BC4E5}" = CCC Help German
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"blekkotb_soc" = Blekko search bar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Homepage Protection" = Homepage Protection
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TestGen" = TestGen
"UPCShell" = LeapFrog Connect
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZDManager" = ZD Manager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3553462148-278437658-4203659352-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"GoToMeeting" = GoToMeeting 5.4.0.1082
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/27/2013 8:22:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 5/27/2013 8:22:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
 the error code.
 
Error - 5/27/2013 8:22:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 5/27/2013 8:22:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
 the error code.
 
Error - 5/27/2013 8:26:23 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 5/27/2013 10:51:47 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 5/27/2013 10:51:47 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 5/27/2013 11:15:58 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 5/27/2013 11:15:58 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 5/27/2013 11:18:20 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 5/27/2013 11:18:20 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
[ Hewlett-Packard Events ]
Error - 3/11/2013 12:15:47 AM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 3/17/2013 11:49:01 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization:   TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 4/1/2013 9:13:47 AM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 4/8/2013 7:58:40 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 4/15/2013 8:39:49 AM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 4/15/2013 9:41:15 AM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 4/15/2013 11:41:05 AM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization:   TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 4/28/2013 7:35:45 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 5/5/2013 11:32:33 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 5/5/2013 11:50:50 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 3836  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
[ Media Center Events ]
Error - 2/4/2013 7:16:58 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:16:57 PM - Failed to retrieve ScheduleSupplement.cab (Error: BITS
 0x80070424)  6:16:57 PM - Failed to retrieve SportsTemplate.cab (Error: BITS 0x80070424)
6:16:57
 PM - Failed to retrieve SportsTemplateCore.cab (Error: BITS 0x80070424)  
 
Error - 2/4/2013 7:16:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:16:59 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

 
Error - 2/5/2013 6:08:07 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 5:08:02 PM - Error connecting to the internet.  5:08:02 PM -     Unable
 to contact server..  
 
Error - 2/15/2013 8:50:29 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 7:50:25 AM - Error connecting to the internet.  7:50:29 AM -     Unable
 to contact server..  
 
Error - 2/16/2013 10:05:25 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:05:25 AM - Error connecting to the internet.  9:05:25 AM -     Unable
 to contact server..  
 
Error - 2/16/2013 10:05:38 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:05:30 AM - Error connecting to the internet.  9:05:30 AM -     Unable
 to contact server..  
 
Error - 2/16/2013 11:05:44 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:05:44 AM - Error connecting to the internet.  10:05:44 AM -     Unable
 to contact server..  
 
Error - 2/16/2013 11:05:51 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:05:49 AM - Error connecting to the internet.  10:05:49 AM -     Unable
 to contact server..  
 
Error - 2/16/2013 12:05:56 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:05:56 AM - Error connecting to the internet.  11:05:56 AM -     Unable
 to contact server..  
 
Error - 2/16/2013 12:06:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:06:01 AM - Error connecting to the internet.  11:06:01 AM -     Unable
 to contact server..  
 
[ OSession Events ]
Error - 11/2/2011 8:17:41 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 446 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11/2/2011 8:24:04 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/30/2011 10:14:47 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 407
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 1/1/2012 9:42:03 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 1/27/2012 11:31:54 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 289
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 7/8/2012 9:38:04 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 120
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 3/14/2013 5:39:08 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 215
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 4/28/2013 5:11:16 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 990
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 5/6/2013 8:08:16 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 151
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 5/27/2013 10:53:57 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 10:53:57 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 10:53:57 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 10:53:57 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 10:53:57 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 11:13:07 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 5/27/2013 11:18:44 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 11:18:44 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 11:18:44 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/27/2013 11:18:44 AM | Computer Name = Owner-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
 
< End of report >
 



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 27 May 2013 - 01:20 PM

The active malware at this point is gone, however I'm a bit worried about the disk controller errors I see in the event viewer log. I recommend you to run chkdsk /r from an elevated command prompt to check the volume for errors.

To do this: click Start > Programs > Accessories, right click on Command Prompt and select Run As Administrator.
Type chkdsk /r and press enter.
When asked to schedule the scan for next reboot, please type Y and press enter.

Restart the computer and let the disk check run unhindered.

When done, open MS Security Essentials and let me know if it runs correctly. If so you can scan the backup with it to check for any infected files.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 explative removed

explative removed
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 AM

Posted 27 May 2013 - 05:01 PM

Scan fininshed (Took a while). Security Essentails cant start. Error message says 'The specified service does not exist as in installed service' Error code is 0x80070424



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:20 PM

Posted 28 May 2013 - 02:03 AM

Hi again,

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users